AW: Silent Deatz/PC 2./Verdacht auf Rootkit

[Silent Deatz]

Hallo,

leider bin ich an meinem Rechner noch nicht weitergekommen. Ich würde aber gerne jetzt mal die Logfiles vom Laptop meiner Freundin posten.

Malwarebyte

Code:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Janine :: JANINE-LAPTOP [Administrator]

22.07.2012 21:30:06
mbam-log-2012-07-22 (21-30-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 291658
Laufzeit: 1 Stunde(n), 4 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL

Code:

OTL logfile created on: 23.07.2012 19:07:59 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Janine\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 57,64% Memory free
4,16 Gb Paging File | 3,31 Gb Available in Paging File | 79,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 211,89 Gb Total Space | 150,97 Gb Free Space | 71,25% Space Free | Partition Type: NTFS
Drive Q: | 19,53 Gb Total Space | 14,80 Gb Free Space | 75,78% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,85 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
 
Computer Name: JANINE-LAPTOP | User Name: Janine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Janine\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Janine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Windows\System32\lpksetup.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SessionLauncher) -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe File not found
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe File not found
SRV - (LFKAS) -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe File not found
SRV - (ATKGFNEXSrv) -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe File not found
SRV - (ASLDRService) -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- system32\DRIVERS\snp2uvc.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mdmxsdk) -- system32\DRIVERS\mdmxsdk.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (ASMMAP) -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (MTsensor) -- C:\Windows\System32\drivers\A0101V32.sys (ATK0100)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.zhaw.ch;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://pac.zhaw.ch/proxy.pac
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Janine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46ED2A95-F086-4F4E-97BC-6ECB43C2B106}: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2f2f612a-60a2-11e1-9e21-00248cb3ba0e}\Shell - "" = AutoRun
O33 - MountPoints2\{2f2f612a-60a2-11e1-9e21-00248cb3ba0e}\Shell\AutoRun\command - "" = D:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{2f2f612a-60a2-11e1-9e21-00248cb3ba0e}\Shell\configure\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{2f2f612a-60a2-11e1-9e21-00248cb3ba0e}\Shell\install\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.23 19:06:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Janine\Desktop\OTL.exe
[2012.07.17 18:48:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Janine\Desktop\aswMBR.exe
[2012.07.17 18:13:39 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Janine\Desktop\tdsskiller.exe
[2012.07.16 19:10:25 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Roaming\Malwarebytes
[2012.07.16 19:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.16 19:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.16 19:10:16 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.16 19:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.15 22:08:44 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.15 22:06:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.15 22:06:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.15 22:06:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.15 22:06:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.15 22:06:25 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.15 22:06:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.15 22:06:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.15 17:29:27 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.04 09:24:36 | 000,000,000 | ---D | C] -- C:\Users\Janine\Documents\2.Semester
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.23 19:06:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Janine\Desktop\OTL.exe
[2012.07.23 19:04:57 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.23 19:04:57 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.23 19:04:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.23 19:04:47 | 2111,102,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.22 22:30:01 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.07.18 12:23:45 | 000,002,637 | ---- | M] () -- C:\Users\Janine\Desktop\Word 2003.lnk
[2012.07.17 18:48:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Janine\Desktop\aswMBR.exe
[2012.07.17 18:34:56 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.07.17 18:30:25 | 000,302,592 | ---- | M] () -- C:\Users\Janine\Desktop\nn1w8sfy.exe
[2012.07.17 18:13:40 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Janine\Desktop\tdsskiller.exe
[2012.07.16 19:10:18 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 09:21:04 | 000,248,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.29 21:49:07 | 000,122,572 | ---- | M] () -- C:\Users\Janine\Documents\Forschungspraktikum_Zentrum_fuer_Gerontologie_Uni_ZH.pdf
[2012.06.24 10:52:00 | 000,000,458 | RHS- | M] () -- C:\ProgramData\ntuser.pol
 
========== Files Created - No Company Name ==========
 
[2012.07.17 18:34:56 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.07.17 18:30:25 | 000,302,592 | ---- | C] () -- C:\Users\Janine\Desktop\nn1w8sfy.exe
[2012.07.16 19:10:18 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.29 21:49:07 | 000,122,572 | ---- | C] () -- C:\Users\Janine\Documents\Forschungspraktikum_Zentrum_fuer_Gerontologie_Uni_ZH.pdf
[2012.03.30 19:38:59 | 000,001,371 | ---- | C] () -- C:\Users\Janine\AppData\Roaming\MobileToolAnyConnectV3.ini
[2012.02.28 20:42:00 | 000,179,161 | ---- | C] () -- C:\Windows\hpoins29.dat
[2012.02.28 20:42:00 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2012.02.26 20:30:05 | 000,000,458 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.02.26 20:28:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.02.26 20:28:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.02.26 20:26:50 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.02.26 20:15:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.20 22:11:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.02.20 05:50:21 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.02.20 05:50:21 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.02.20 05:50:21 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.02.20 05:50:21 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.02.20 05:43:25 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2012.02.19 21:24:39 | 000,000,256 | ---- | C] () -- C:\Windows\wininit.ini
[2012.02.19 21:13:22 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2012.02.19 21:13:21 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2012.02.19 21:13:20 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2011.02.11 20:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.02.11 20:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.02.11 20:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.02.11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.02.11 19:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
 
========== LOP Check ==========
 
[2012.02.26 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\DAEMON Tools Lite
[2012.07.23 19:05:21 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Dropbox
[2012.02.20 19:35:07 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Leadertech
[2012.02.19 22:28:09 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Lenovo
[2012.04.03 19:52:00 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Opera
[2012.07.22 22:30:01 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.07.22 22:35:58 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

OTL Extra.txt

Code:

OTL Extras logfile created on: 23.07.2012 19:07:59 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Janine\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 57,64% Memory free
4,16 Gb Paging File | 3,31 Gb Available in Paging File | 79,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 211,89 Gb Total Space | 150,97 Gb Free Space | 71,25% Space Free | Partition Type: NTFS
Drive Q: | 19,53 Gb Total Space | 14,80 Gb Free Space | 75,78% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,85 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
 
Computer Name: JANINE-LAPTOP | User Name: Janine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B1D6A4C-1691-4297-873D-C46496AE6E7B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1BC96FBE-B0AA-4D52-B4D2-6B9259293995}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3AAA6480-2024-440C-8304-9019BD8AF2F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3C834069-E258-4475-960F-C754D3F0B10D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4F2207BC-F042-40B3-AC20-FC79072ABA6F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{60BF3D79-5071-4681-B4FC-A22735D5BB71}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A555083B-EEB1-4698-BB41-D5DF9624FD29}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B0C879C2-ACA3-4591-BDBD-8560EA72958A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C544472A-9029-47FC-A0C2-62F16945557D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F6D51A5B-A6F2-4CB7-B7A5-6F6219A6A85A}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039DC214-F929-4436-AA71-0D3B21AA8106}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{03B5C77D-D177-486C-BAFB-EC97B16B1FD0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{086C5AD0-406A-4C2B-AB92-827FFC5176EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0A7E3B8C-EAAE-4AC2-B3AC-3A4B6151AA26}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{166246EF-E06A-4594-9C42-5A6102FA9D1C}" = protocol=6 | dir=in | app=c:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe | 
"{23B0EDAF-A72D-42C4-8D01-49594DED70A8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{44AE73BF-E422-483F-8089-A1899A8858F2}" = protocol=6 | dir=in | app=c:\program files\operazhaw\opera.exe | 
"{69BB3C77-6090-4A68-A606-1AFD13693547}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{74865A30-C538-4ADA-917C-A9A4F38BEA06}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{74D4B591-88CA-44D7-A987-084CA3651226}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{7D8AD097-E972-410F-A998-7AD095B3718E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{818370FB-D05F-43AA-9BC8-2C08D2C44C18}" = protocol=17 | dir=in | app=c:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A1A10785-CCC0-4C01-92C4-CC9189B59385}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{D4F6D037-FBC8-4C01-91CE-2D1BED853C02}" = protocol=17 | dir=in | app=c:\program files\operazhaw\opera.exe | 
"{DE1BAF06-6055-4873-AD8B-D8583FE0E6E2}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{ECC73D6D-C839-4C6B-BA95-E4B6CD6B1517}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{21BC075E-93BC-434C-989A-95A0D7A2915E}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{4B2E7415-DE69-419F-B406-C31EC31A3ED6}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"TCP Query User{674DC6B7-3AEE-42A5-90EF-94AB7BAFB394}C:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{6B2BF69E-7D55-4108-8A6A-40238CCF151A}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{A395F2FF-BD92-492B-A4B1-9C3613548358}C:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FF3AEA1D-1F56-4923-B4CE-CE760D54CDBB}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{852AFD2D-07CC-46FD-A159-671102782771}" = Intel(R) PROSet/Wireless WiFi-Software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.2
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"414DA9DB2E84AAFAD2D2715FD9BABFAB2D209FFD" = Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista 
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Opera 11.62.1347_1" = Opera 11.62
"Opera 12.00.1467" = Opera 12.00
"ProInst" = Intel PROSet Wireless
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.07.2012 03:21:35 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.07.2012 13:07:08 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.07.2012 13:23:52 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.07.2012 12:12:38 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.07.2012 12:33:44 | Computer Name = Janine-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nn1w8sfy.exe, Version 1.0.15.15641, Zeitstempel
 0x4e21f2b1, fehlerhaftes Modul nn1w8sfy.exe, Version 1.0.15.15641, Zeitstempel 
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676,  Prozess-ID 0xd38, Anwendungsstartzeit
 01cd6439ab8e7ced.
 
Error - 17.07.2012 12:59:46 | Computer Name = Janine-Laptop | Source = Perflib | ID = 1010
Description = 
 
Error - 18.07.2012 05:47:40 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.07.2012 13:22:21 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2012 15:27:54 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.07.2012 13:05:40 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 19.07.2012 13:23:52 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 19.07.2012 13:25:52 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 19.07.2012 13:25:52 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 19.07.2012 13:25:52 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 19.07.2012 13:25:52 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4287
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 19.07.2012 13:25:52 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 19.07.2012 13:25:52 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 22.07.2012 15:29:31 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.07.2012 16:35:52 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 23.07.2012 13:07:11 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ System Events ]
Error - 18.03.2012 06:32:23 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 18.03.2012 06:35:49 | Computer Name = Janine-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 19.03.2012 03:05:25 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.03.2012 03:05:25 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.03.2012 03:05:25 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.03.2012 03:05:25 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.03.2012 03:05:25 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 19.03.2012 03:05:25 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.03.2012 03:06:54 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 19.03.2012 03:07:48 | Computer Name = Janine-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

CCleaner

Code:

Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	22.06.2012		11.3.300.262
Adobe Flash Player 9 ActiveX	Adobe Systems, Inc.	18.02.2012	3,04MB	9.0.124.0
Adobe Reader 8.1.2 - Deutsch	Adobe Systems Incorporated	18.02.2012	99,6MB	8.1.2
Apple Application Support	Apple Inc.	18.06.2012	61,2MB	2.1.6
Apple Mobile Device Support	Apple Inc.	18.06.2012	24,3MB	4.0.0.97
Apple Software Update	Apple Inc.	18.06.2012	2,38MB	2.1.3.127
Avira Free Antivirus	Avira	09.05.2012	171MB	12.0.0.1125
Bonjour	Apple Inc.	18.06.2012	1,04MB	3.0.0.10
CCleaner	Piriform	22.06.2012	4,76MB	3.20
Cisco AnyConnect VPN Client	Cisco Systems, Inc.	16.03.2012	4,80MB	2.5.3054
Compatibility Pack für 2007 Office System	Microsoft Corporation	16.05.2012	194MB	12.0.6612.1000
Conexant HD Audio	Conexant	18.02.2012	1,28MB	4.47.0.50
DAEMON Tools Lite	DT Soft Ltd	25.02.2012	24,7MB	4.45.3.0297
Dropbox	Dropbox, Inc.	25.05.2012	27,7MB	1.4.7
FlashFXP v4.2	OpenSight Software, LLC	18.06.2012	7,62MB	4.2.4.1784
HP Imaging Device Functions 10.0	HP	27.02.2012	2,29MB	10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3	HP	27.02.2012	16,9MB	10.0
HP Smart Web Printing	HP	27.02.2012	7,36MB	3.5
HP Solution Center 10.0	HP	27.02.2012	2,28MB	10.0
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	18.02.2012		
Intel(R) PROSet/Wireless WiFi-Software	Intel(R) Corporation	18.02.2012	59,2MB	12.00.1000
iTunes	Apple Inc.	18.06.2012	171MB	10.5.3.3
Java(TM) 6 Update 31	Oracle	19.02.2012	95,1MB	6.0.310
Java(TM) 6 Update 7	Sun Microsystems, Inc.	18.02.2012	171MB	1.6.0.70
Lenovo System Interface Driver		18.02.2012	4,00KB	1.01
Malwarebytes Anti-Malware Version 1.62.0.1300	Malwarebytes Corporation	16.07.2012	11,8MB	1.62.0.1300
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	26.02.2012	36,9MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	19.02.2012	36,9MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	22.02.2012	120MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	22.02.2012	24,5MB	4.0.30319
Microsoft Office File Validation Add-In	Microsoft Corporation	04.03.2012	11,2MB	14.0.5130.5003
Microsoft Office Professional Edition 2003	Microsoft Corporation	15.07.2012	601MB	11.0.8173.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	19.02.2012	294KB	8.0.61001
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	13.03.2012	16,5MB	10.0.40219
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	19.02.2012	35,0KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	19.02.2012	1,33MB	4.20.9876.0
Opera 11.62	Opera Software ASA	03.04.2012	34,8MB	11.62.1347
Opera 12.00	Opera Software ASA	15.06.2012	40,5MB	12.00.1467
Realtek 8169 8168 8101E 8102E Ethernet Driver	Realtek	18.02.2012	1,50MB	1.00.0000
Registry patch for Windows Vista USB S3 PM Enablement		18.02.2012	4,00KB	1.00
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista		18.02.2012		1.01
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista		18.02.2012	4,00KB	1.01
Registry patch to improve USB device detection on resume from sleep for Windows Vista	Lenovo Group Limited	18.02.2012	797KB	1.01.0000
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01		18.02.2012	2,10MB	3.55.01
Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44)	Lenovo	18.02.2012		05/14/2008 1.44
Windows Live Toolbar	Microsoft Corporation	18.02.2012	4,62MB	03.01.0130
WinRAR 4.11 (32-Bit)	win.rar GmbH	18.06.2012	4,19MB	4.11.0

Highjackthis

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:57:11, on 23.07.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Janine\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.zhaw.ch/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.zhaw.ch;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -update plugin
O4 - Startup: Dropbox.lnk = C:\Users\Janine\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe (file missing)
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe (file missing)
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 6322 bytes

aswMBR

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-25 19:53:10
-----------------------------
19:53:10.666    OS Version: Windows 6.0.6002 Service Pack 2
19:53:10.666    Number of processors: 2 586 0x170A
19:53:10.666    ComputerName: JANINE-LAPTOP  UserName: Janine
19:53:35.143    Initialize success
19:53:38.580    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:53:38.595    Disk 0 Vendor: HITACHI_HTS543225L9SA00 FBEZC43C Size: 238475MB BusType: 3
19:53:38.611    Disk 0 MBR read successfully
19:53:38.611    Disk 0 MBR scan
19:53:38.611    Disk 0 unknown MBR code
19:53:38.626    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1500 MB offset 2048
19:53:38.642    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       216973 MB offset 3074048
19:53:38.689    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        20000 MB offset 447434752
19:53:38.689    Disk 0 scanning sectors +488395120
19:53:38.814    Disk 0 scanning C:\Windows\system32\drivers
19:53:51.949    Service scanning
19:54:14.116    Modules scanning
19:54:35.644    Disk 0 trace - called modules:
19:54:35.676    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
19:54:35.676    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f992d8]
19:54:35.691    3 CLASSPNP.SYS[87b9d8b3] -> nt!IofCallDriver -> [0x8481d4b8]
19:54:35.691    5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x847f9528]
19:54:35.707    Scan finished successfully
19:54:48.665    Disk 0 MBR has been saved successfully to "C:\Users\Janine\Desktop\MBR.dat"
19:54:48.680    The log file has been saved successfully to "C:\Users\Janine\Desktop\aswMBR.txt"

Danke, auch im Namen meiner Freundin

[kira]

Systemreinigung und Prüfung:

1.
Verwendst Du Proxy? wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus:
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.

Code:

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.zhaw.ch;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://pac.zhaw.ch/proxy.pac

2.
Windows Defender:
neben 1 AV-Scanner und 1 Firewall garnix erst nötig. Belastung für das System nur und kann auch unerwünschte Reaktionen auslösen (da sich die Programme in die Quere kommen können), daher ist es ratsam ihn abzustellen. Microsoft meinte, Vista und Win 7 sind nicht so angreifbar wie XP und deshalb kommen ohne AV-Programm, also die Win eigene FW + Windefender gut zu Recht...Will nicht sagen, so dass die Virenprogrammierer intelligenter sind, als der Microsoft-Gründer Bill Gates, aber er hat sich geirrt
Bitte dich ihn so zu deaktivieren: -> http://windows.microsoft.com/de-AT/w...nder-on-or-off
Windows Defender komplett deaktivieren

Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

Start => services.msc ins Suchfeld eingeben.
Es öffnet sich das Fenster der Dienste
Doppelklick auf den Dienst "Windows Defender"
Starttyp auf "Manuell" umstellen.
Dienststatus beenden, falls der Dienst noch gestartet ist.
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

3.

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

• Starte die OTL.exe.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript (unverändert inkl. :OTL):

Code:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2f2f612a-60a2-11e1-9e21-00248cb3ba0e}\Shell - "" = AutoRun
O33 - MountPoints2\{2f2f612a-60a2-11e1-9e21-00248cb3ba0e}\Shell\AutoRun\command - "" = D:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{2f2f612a-60a2-11e1-9e21-00248cb3ba0e}\Shell\configure\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{2f2f612a-60a2-11e1-9e21-00248cb3ba0e}\Shell\install\command - "" = D:\SETUP.EXE

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]

• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
• OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
  Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

4.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Adobe Reader aktualisieren :
Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen!
Adobe Reader
oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

5.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 5 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

6.
Öffne CCleaner - Anleitung CCleaner

• "Cleaner"->"Analysieren"->Klick auf den Button "Start CCleaner"
• "Registry""Fehler suchen"-> "Fehler beheben"->"Alle beheben"
• Starte dein System neu auf

7.
Tipps (unabhängig davon ob man ihn benutzt oder nicht, muss gepfegt werden!):
->Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

8.
♦ Schon seit langem gehört "Worm.Win32.Autorun" zu den beliebtesten Verbreitungswegen von Viren, sollte man daher, die auf dem Speichermedium gesicherten Daten (wie USB-Stick/Festplatte und andere) zeitweise prüfen lassen
-> Ext anschließbare Geräte (um die gesicherten Daten zu prüfen) miteinbeziehen:
♦ Also schließe jetzt alle externe Datenträgeran Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

9.
ESET Online Scanner
Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von Eset:

Achtung!:
Keinen andere Virenscanner auf Deinem PC installieren, sondern dein PC NUR online scannen!!!
♦ Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von:

► Eset/Nod32 bitte auswählen!!!-> Link und Anleitung zum ESET/NOD32 online Scanner-> Kostenlose Online Scanner

♦ Protokoll speichern und posten

10.
erneut einen Scan mit OTL: - ältere Logdateien löschen!

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme stoppen und nachfragen

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

[Silent Deatz]

Nabend

Habe alles erledigt. Ja der Proxy ist Absicht, da meine Freundin den für ihr Studium benötigt.

Hier jetzt die gewünschten logs.

ESET

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4aea31887db48c4295ece925524235c3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-30 07:05:10
# local_time=2012-07-30 09:05:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 13909477 13909477 0 0
# compatibility_mode=5892 16776574 100 100 11608597 181204011 0 0
# compatibility_mode=8192 67108863 100 0 157 157 0 0
# scanned=111644
# found=0
# cleaned=0
# scan_time=3800

OTL

Code:

OTL logfile created on: 30.07.2012 21:22:07 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Janine\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,64% Memory free
4,17 Gb Paging File | 3,08 Gb Available in Paging File | 73,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 211,89 Gb Total Space | 148,39 Gb Free Space | 70,03% Space Free | Partition Type: NTFS
Drive Q: | 19,53 Gb Total Space | 14,80 Gb Free Space | 75,78% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,85 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
 
Computer Name: JANINE-LAPTOP | User Name: Janine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Janine\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Users\Janine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SessionLauncher) -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe File not found
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- system32\DRIVERS\snp2uvc.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mdmxsdk) -- system32\DRIVERS\mdmxsdk.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (ASMMAP) -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (MTsensor) -- C:\Windows\System32\drivers\A0101V32.sys (ATK0100)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.zhaw.ch;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://pac.zhaw.ch/proxy.pac
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Janine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46ED2A95-F086-4F4E-97BC-6ECB43C2B106}: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.30 19:58:59 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Janine\Desktop\esetsmartinstaller_enu.exe
[2012.07.29 17:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.29 17:53:08 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.29 17:53:08 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.29 17:52:50 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.29 17:52:50 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.29 17:51:20 | 000,894,448 | ---- | C] (Oracle Corporation) -- C:\Users\Janine\Desktop\jre-7u5-windows-i586-iftw.exe
[2012.07.29 17:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.07.29 17:31:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.23 19:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.07.23 19:52:48 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.07.23 19:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.23 19:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.23 19:49:58 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\Janine\Desktop\ccsetup320.exe
[2012.07.23 19:06:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Janine\Desktop\OTL.exe
[2012.07.17 18:48:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Janine\Desktop\aswMBR.exe
[2012.07.17 18:13:39 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Janine\Desktop\tdsskiller.exe
[2012.07.16 19:10:25 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Roaming\Malwarebytes
[2012.07.16 19:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.16 19:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.16 19:10:16 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.16 19:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.15 22:08:44 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.15 22:06:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.15 22:06:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.15 22:06:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.15 22:06:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.15 22:06:25 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.15 22:06:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.15 22:06:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.15 17:29:27 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.04 09:24:36 | 000,000,000 | ---D | C] -- C:\Users\Janine\Documents\2.Semester
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.30 20:30:08 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.07.30 19:59:00 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Janine\Desktop\esetsmartinstaller_enu.exe
[2012.07.30 19:49:28 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 19:49:28 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 19:49:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.30 19:49:17 | 2111,102,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.29 18:00:11 | 000,066,174 | ---- | M] () -- C:\Users\Janine\Desktop\cc_20120729_180000.reg
[2012.07.29 17:52:19 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.29 17:52:19 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.29 17:51:20 | 000,894,448 | ---- | M] (Oracle Corporation) -- C:\Users\Janine\Desktop\jre-7u5-windows-i586-iftw.exe
[2012.07.25 19:54:48 | 000,000,512 | ---- | M] () -- C:\Users\Janine\Desktop\MBR.dat
[2012.07.25 19:46:36 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.25 19:46:36 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.23 19:56:33 | 000,002,525 | ---- | M] () -- C:\Users\Janine\Desktop\HiJackThis.lnk
[2012.07.23 19:50:20 | 001,402,880 | ---- | M] () -- C:\Users\Janine\Desktop\HiJackThis.msi
[2012.07.23 19:49:58 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\Janine\Desktop\ccsetup320.exe
[2012.07.23 19:06:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Janine\Desktop\OTL.exe
[2012.07.18 12:23:45 | 000,002,637 | ---- | M] () -- C:\Users\Janine\Desktop\Word 2003.lnk
[2012.07.17 18:48:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Janine\Desktop\aswMBR.exe
[2012.07.17 18:34:56 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.07.17 18:30:25 | 000,302,592 | ---- | M] () -- C:\Users\Janine\Desktop\nn1w8sfy.exe
[2012.07.17 18:13:40 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Janine\Desktop\tdsskiller.exe
[2012.07.16 19:10:18 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 09:21:04 | 000,248,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.29 18:00:09 | 000,066,174 | ---- | C] () -- C:\Users\Janine\Desktop\cc_20120729_180000.reg
[2012.07.29 17:49:14 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.07.25 19:54:48 | 000,000,512 | ---- | C] () -- C:\Users\Janine\Desktop\MBR.dat
[2012.07.23 19:52:48 | 000,002,525 | ---- | C] () -- C:\Users\Janine\Desktop\HiJackThis.lnk
[2012.07.23 19:50:20 | 001,402,880 | ---- | C] () -- C:\Users\Janine\Desktop\HiJackThis.msi
[2012.07.17 18:34:56 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.07.17 18:30:25 | 000,302,592 | ---- | C] () -- C:\Users\Janine\Desktop\nn1w8sfy.exe
[2012.07.16 19:10:18 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.30 19:38:59 | 000,001,371 | ---- | C] () -- C:\Users\Janine\AppData\Roaming\MobileToolAnyConnectV3.ini
[2012.02.28 20:42:00 | 000,179,161 | ---- | C] () -- C:\Windows\hpoins29.dat
[2012.02.28 20:42:00 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2012.02.26 20:30:05 | 000,000,458 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.02.26 20:28:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.02.26 20:28:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.02.26 20:26:50 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.02.26 20:15:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.20 22:11:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.02.20 05:50:21 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.02.20 05:50:21 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.02.20 05:50:21 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.02.20 05:50:21 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.02.20 05:43:25 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2012.02.19 21:24:39 | 000,000,256 | ---- | C] () -- C:\Windows\wininit.ini
[2012.02.19 21:13:22 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2012.02.19 21:13:21 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2012.02.19 21:13:20 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2011.02.11 20:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.02.11 20:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.02.11 20:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.02.11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.02.11 19:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
 
========== LOP Check ==========
 
[2012.07.29 17:55:08 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\DAEMON Tools Lite
[2012.07.30 19:53:09 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Dropbox
[2012.02.20 19:35:07 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Leadertech
[2012.02.19 22:28:09 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Lenovo
[2012.04.03 19:52:00 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Opera
[2012.07.30 20:30:08 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.07.30 09:36:21 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

OTL Extras

Code:

OTL Extras logfile created on: 30.07.2012 21:22:07 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Janine\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,64% Memory free
4,17 Gb Paging File | 3,08 Gb Available in Paging File | 73,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 211,89 Gb Total Space | 148,39 Gb Free Space | 70,03% Space Free | Partition Type: NTFS
Drive Q: | 19,53 Gb Total Space | 14,80 Gb Free Space | 75,78% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,85 Gb Free Space | 58,14% Space Free | Partition Type: NTFS
 
Computer Name: JANINE-LAPTOP | User Name: Janine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B1D6A4C-1691-4297-873D-C46496AE6E7B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1BC96FBE-B0AA-4D52-B4D2-6B9259293995}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3AAA6480-2024-440C-8304-9019BD8AF2F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3C834069-E258-4475-960F-C754D3F0B10D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4F2207BC-F042-40B3-AC20-FC79072ABA6F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{60BF3D79-5071-4681-B4FC-A22735D5BB71}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A555083B-EEB1-4698-BB41-D5DF9624FD29}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B0C879C2-ACA3-4591-BDBD-8560EA72958A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C544472A-9029-47FC-A0C2-62F16945557D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F6D51A5B-A6F2-4CB7-B7A5-6F6219A6A85A}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039DC214-F929-4436-AA71-0D3B21AA8106}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{03B5C77D-D177-486C-BAFB-EC97B16B1FD0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{086C5AD0-406A-4C2B-AB92-827FFC5176EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0A7E3B8C-EAAE-4AC2-B3AC-3A4B6151AA26}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{166246EF-E06A-4594-9C42-5A6102FA9D1C}" = protocol=6 | dir=in | app=c:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe | 
"{23B0EDAF-A72D-42C4-8D01-49594DED70A8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{44AE73BF-E422-483F-8089-A1899A8858F2}" = protocol=6 | dir=in | app=c:\program files\operazhaw\opera.exe | 
"{69BB3C77-6090-4A68-A606-1AFD13693547}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{74865A30-C538-4ADA-917C-A9A4F38BEA06}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{74D4B591-88CA-44D7-A987-084CA3651226}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{7D8AD097-E972-410F-A998-7AD095B3718E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{818370FB-D05F-43AA-9BC8-2C08D2C44C18}" = protocol=17 | dir=in | app=c:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A1A10785-CCC0-4C01-92C4-CC9189B59385}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{D4F6D037-FBC8-4C01-91CE-2D1BED853C02}" = protocol=17 | dir=in | app=c:\program files\operazhaw\opera.exe | 
"{DE1BAF06-6055-4873-AD8B-D8583FE0E6E2}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{ECC73D6D-C839-4C6B-BA95-E4B6CD6B1517}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{21BC075E-93BC-434C-989A-95A0D7A2915E}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{4B2E7415-DE69-419F-B406-C31EC31A3ED6}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"TCP Query User{674DC6B7-3AEE-42A5-90EF-94AB7BAFB394}C:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{6B2BF69E-7D55-4108-8A6A-40238CCF151A}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{A395F2FF-BD92-492B-A4B1-9C3613548358}C:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FF3AEA1D-1F56-4923-B4CE-CE760D54CDBB}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{852AFD2D-07CC-46FD-A159-671102782771}" = Intel(R) PROSet/Wireless WiFi-Software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.2
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"414DA9DB2E84AAFAD2D2715FD9BABFAB2D209FFD" = Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista 
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Opera 11.62.1347_1" = Opera 11.62
"Opera 12.00.1467" = Opera 12.00
"ProInst" = Intel PROSet Wireless
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.07.2012 13:22:21 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2012 15:27:54 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.07.2012 13:05:40 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.07.2012 13:44:51 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.07.2012 05:16:57 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.07.2012 11:38:44 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.07.2012 12:02:51 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.07.2012 02:32:44 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.07.2012 03:32:48 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.07.2012 13:50:11 | Computer Name = Janine-Laptop | Source = WinMgmt | ID = 10
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 29.07.2012 11:36:36 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 29.07.2012 11:40:14 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 29.07.2012 12:04:20 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 29.07.2012 12:54:31 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 30.07.2012 02:34:14 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 30.07.2012 03:01:58 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 30.07.2012 03:34:18 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 30.07.2012 03:36:21 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 30.07.2012 03:36:21 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 30.07.2012 13:51:40 | Computer Name = Janine-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ System Events ]
Error - 18.03.2012 06:32:23 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 18.03.2012 06:35:49 | Computer Name = Janine-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 19.03.2012 03:05:25 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.03.2012 03:05:25 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.03.2012 03:05:25 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.03.2012 03:05:25 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.03.2012 03:05:25 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 19.03.2012 03:05:25 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.03.2012 03:06:54 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 19.03.2012 03:07:48 | Computer Name = Janine-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

Danke und schönen Abend

[kira]

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

[Silent Deatz]

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Gibt keine

[kira]

** Lass dein System in der nächste Zeit noch unter Beobachtung! wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes:
1.
Kannst Du die Programme die wir verwendet haben und nicht brauchst entfernen, bis auf

Code:

CCleaner - Zeitweise laufen lassen:-> Anleitung

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

• Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
• Speichere es auf Deinem Desktop.
• Doppelklick auf OTL.exe um das Programm auszuführen.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Klicke auf den Button "Bereinigung"
• OTL fragt eventuell nach einem Neustart.
  Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

2.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:

• *Systemwiederherstellung deaktivieren: Windows 7 und Vista*
• PC runterfahren
• wieder einschalten
• Systemwiederherstellung aktivieren

also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

3.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

4.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!

► Somit kann ich Dein Problem als erledigt ansehen und diesen Thread schließen?