Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner ad.adserverplus.com bremst Rechner aus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.10.2012, 15:28   #1
ankeheike
 
Trojaner ad.adserverplus.com bremst Rechner aus - Standard

Trojaner ad.adserverplus.com bremst Rechner aus



Hallo. ich brauche dringend Hilfe. Seit ein paar Tagen macht mein Computer Zicken. Internet-verbindungen brauchen ewig, bis sie sich aufbauen, ebenso das Abrufen von Emails. Zudem bekomme ich immer wieder WOT-Meldungen, die vor der Seite ad.adserver.com warnen. Meine Antivirensoftware Norton Internet Security Online hat keine Bedrohung gefunden. Nachdem ich die Seite ad.adserver.com gegoogelt habe, bin ich auf Eure Seite gestossen und erste Schritte nach Anweisung getan. Der erste Scan mit dem Malwarebytes hat 41 infizierte Dateien angezeigt. Das Fenster habe ich dann leider geschlossen, ohne das Ergebnis zu speichern. Wenn das Ergebnis nötig ist für die Analyse, führe ich ihn noch einmal durch.

Der Scan mit OTL hat folgendes ergeben:

OTL logfile created on: 15.10.2012 14:47:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anke Kyburg\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 44,98% Memory free
6,20 Gb Paging File | 4,02 Gb Available in Paging File | 64,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 285,93 Gb Free Space | 64,14% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 11,44 Gb Free Space | 57,24% Space Free | Partition Type: FAT32

Computer Name: ANKEKYBURG-PC | User Name: Anke Kyburg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.15 14:42:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anke Kyburg\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Anke Kyburg\AppData\Roaming\BrowserCompanion\tbhcn.exe
PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012.01.17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2010.06.10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\Brother\BrStMonW.exe
PRC - [2010.01.25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\BrYNSvc.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.05 18:14:39 | 000,054,784 | ---- | M] (Macrovision) -- C:\Windows\System32\drivers\CDAC11BA.EXE
PRC - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2008.06.03 18:36:42 | 000,095,232 | ---- | M] (CyberLink) -- C:\Windows\System32\CLWatson.exe
PRC - [2008.06.03 18:36:24 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\TV Enhance\TVEService.exe
PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.11 15:55:48 | 000,937,984 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.04.17 20:45:54 | 000,368,640 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006.12.22 08:31:50 | 000,108,712 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006.12.22 08:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006.01.20 13:06:22 | 000,061,440 | ---- | M] (Sigmatel) -- C:\Windows\system\w98eject.exe
PRC - [2005.07.03 22:52:18 | 000,071,080 | ---- | M] () -- C:\Programme\PDFDrucker\PDFPrintBackend.exe
PRC - [2003.06.17 17:14:40 | 000,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Programme\Common Files\microsoft shared\Works Shared\WkUFind.exe
PRC - [2003.03.05 06:30:10 | 000,155,648 | ---- | M] () -- C:\Programme\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [1999.01.31 11:54:06 | 001,007,616 | ---- | M] (Siegfried Weckmann) -- C:\Programme\hardcopy\hardcopy.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Anke Kyburg\AppData\Roaming\BrowserCompanion\tbhcn.exe
MOD - [2010.06.30 19:19:17 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008.06.03 18:37:02 | 000,118,873 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
MOD - [2008.06.03 18:37:00 | 000,274,527 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
MOD - [2008.06.03 18:37:00 | 000,032,768 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
MOD - [2008.06.03 18:36:52 | 000,339,968 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
MOD - [2005.07.03 22:52:18 | 000,071,080 | ---- | M] () -- C:\Programme\PDFDrucker\PDFPrintBackend.exe
MOD - [1998.11.14 06:35:06 | 000,032,768 | ---- | M] () -- C:\Programme\hardcopy\hardcopy.dll
MOD - [1998.09.22 07:00:00 | 000,033,792 | ---- | M] () -- C:\Programme\Winzip\WZSHLEXT.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - [2012.10.12 16:43:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 14:44:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.01.25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.10.05 18:14:39 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\Windows\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2008.06.03 18:36:58 | 000,131,160 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2008.06.03 18:36:56 | 000,360,538 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2006.12.22 08:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2003.03.05 06:30:10 | 000,155,648 | ---- | M] () [Auto | Running] -- C:\Programme\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe -- (SuperProServer)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.09.13 09:26:40 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121014.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.09.13 09:26:39 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121014.006\NAVENG.SYS -- (NAVENG)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.01 02:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121012.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.09.01 00:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.08.09 09:16:27 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 09:16:27 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.05.22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symefa.sys -- (SymEFA)
DRV - [2012.04.18 04:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symtdiv.sys -- (SYMTDIv)
DRV - [2012.04.18 03:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ironx86.sys -- (SymIRON)
DRV - [2012.03.26 22:13:38 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.08.16 00:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symds.sys -- (SymDS)
DRV - [2009.07.16 16:07:58 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2008.10.05 18:14:40 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2008.09.12 16:00:50 | 000,041,680 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2008.09.12 16:00:46 | 000,095,888 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2008.09.12 16:00:46 | 000,031,824 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2008.05.02 22:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.02.05 01:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008.01.08 08:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.11.21 11:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2002.12.17 05:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [1999.09.10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=vit4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7MEDA_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=j-kQ0RUj4ByVvGUmyP3ghIEgY1w?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchplusnetwork.com/?sp=vit4"
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.11.3.100013
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.3
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.6.20110307083656
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://www.searchplusnetwork.com/?sp=vit4&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.03.22 09:11:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.10.15 09:16:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.12 16:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.12 16:43:28 | 000,000,000 | ---D | M]

[2008.08.04 14:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\Extensions
[2012.10.15 11:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\Firefox\Profiles\63lfq02y.default\extensions
[2010.04.29 08:49:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\Firefox\Profiles\63lfq02y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.15 11:55:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\Firefox\Profiles\63lfq02y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.10.03 17:00:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\Firefox\Profiles\63lfq02y.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.07.24 19:51:43 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\Firefox\Profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com
[2012.05.25 08:51:52 | 000,000,000 | ---D | M] ("MP3 Rocket Toolbar") -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\Firefox\Profiles\63lfq02y.default\extensions\toolbar@ask.com
[2011.05.18 08:44:46 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
[2012.07.25 09:36:48 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.23 09:16:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591 b_expire
[2012.09.03 13:43:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a 6_expire
[2012.09.10 13:49:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df33 6_expire
[2012.10.15 14:34:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d07965 8_expire
[2012.10.15 14:34:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a0983927 5_expire
[2012.08.12 14:30:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77 e_expire
[2012.08.22 08:55:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f70 8_expire
[2012.10.15 14:34:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e 9_expire
[2012.08.28 14:40:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ad053d40dfa5cab7948e9251df6e3d 9_expire
[2012.10.11 11:53:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41 f_expire
[2012.10.15 14:34:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e 5_expire
[2012.09.05 09:34:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e29 9_expire
[2012.10.15 14:34:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528c d_expire
[2012.07.25 08:12:08 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7acafe2d3e4c14a116bde4e028813ba 7_expire
[2012.09.05 09:34:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022 b_expire
[2012.10.15 14:34:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db 7_expire
[2012.08.20 08:17:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9803c283e94e743374151c4bbe60a5d f_expire
[2012.10.15 14:34:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a 6_expire
[2012.10.15 14:34:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14d c_expire
[2012.09.20 15:30:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc1 1_expire
[2012.08.27 15:03:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b5bc7084382de95cb69790e5d10db33 8_expire
[2012.10.15 14:34:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba388057 9_expire
[2012.07.25 08:12:08 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c1c44ca1d695da7ece0f59471a8950a 1_expire
[2012.08.20 08:17:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52 b_expire
[2012.08.13 09:30:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d2458fd784f4eb7cff549c598cd1465 1_expire
[2012.08.27 08:56:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d83bb387de1d7c4401815e133de06c6 b_expire
[2012.08.22 10:23:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f 6_expire
[2012.09.20 15:30:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0 a_expire
[2012.08.26 09:44:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf095227462 4_expire
[2012.10.15 14:34:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e426427 1_expire
[2012.10.15 14:34:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb 2_expire
[2012.10.15 14:34:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300 d_expire
[2012.10.11 11:53:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6 b_expire
[2012.10.11 11:53:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6 f_expire
[2012.07.23 13:27:10 | 000,002,306 | ---- | M] () -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\searchplugins\askcomsearch.xml
[2011.05.18 08:44:55 | 000,005,212 | ---- | M] () -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\searchplugins\ecosia.xml
[2012.07.24 19:51:44 | 000,002,792 | ---- | M] () -- C:\Users\Anke Kyburg\AppData\Roaming\mozilla\firefox\profiles\63lfq02y.default\searchplugins\Plusnetwork.xml
[2012.10.12 16:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.12 16:43:32 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Common Files\microsoft shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDFDrucker\PDFPrintBackend.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Anke Kyburg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Programme\hardcopy\hardcopy.exe (Siegfried Weckmann)
O4 - Startup: C:\Users\Anke Kyburg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk = C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Anke Kyburg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Anke Kyburg\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F55320F2-2BEA-4933-BBB3-CDE7BDA8DDCA}: NameServer = 192.168.2.1
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anke Kyburg\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anke Kyburg\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.15 14:42:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Anke Kyburg\Desktop\OTL.exe
[2012.10.15 11:11:51 | 000,000,000 | ---D | C] -- C:\Users\Anke Kyburg\AppData\Roaming\Malwarebytes
[2012.10.15 11:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.15 11:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.15 11:11:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.15 11:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.12 16:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.02 15:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.07.28 14:57:40 | 005,943,245 | ---- | C] (Marcus Hebel ) -- C:\Program Files\ShiftN_Setup.exe
[2012.07.24 19:07:14 | 000,352,960 | ---- | C] (Softonic) -- C:\Program Files\SoftonicDownloader_fuer_photoscape.exe
[2012.07.23 12:37:21 | 000,893,936 | ---- | C] (Oracle Corporation) -- C:\Program Files\jxpiinstall.exe
[2012.07.16 14:47:16 | 005,066,856 | ---- | C] (Canneverbe Limited ) -- C:\Program Files\cdbxp_setup_4.4.1.3243_minimal.exe
[2012.07.16 14:45:53 | 023,510,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx2.exe
[2012.07.10 09:23:55 | 008,274,507 | ---- | C] (Steganos GmbH) -- C:\Program Files\spm2009freeint.exe
[2012.05.17 20:40:27 | 017,531,186 | ---- | C] (Free Software Foundation) -- C:\Program Files\LameXP.2012-04-26.Release-Static.Build-988.exe
[2011.12.22 22:46:48 | 063,363,736 | ---- | C] (Microsoft Corporation) -- C:\Program Files\PowerPointViewer2010.exe
[2011.04.04 08:52:32 | 012,854,832 | ---- | C] (Mozilla) -- C:\Program Files\yahoo_firefox_4.0-rc2_setup_us.exe
[2010.10.21 19:58:33 | 096,157,504 | ---- | C] (Symantec Corporation) -- C:\Program Files\Install_NortonInternetSecurity2011.exe
[2008.12.13 10:43:23 | 005,412,240 | ---- | C] (T-Online ) -- C:\Program Files\Install_Dialerschutz_Software.exe
[2008.12.13 10:41:42 | 061,626,824 | ---- | C] (Symantec Corporation) -- C:\Program Files\Install_NortonInternetSecurity2009.exe
[2008.10.07 19:10:32 | 008,782,267 | ---- | C] (Deutsche Business Services GmbH ) -- C:\Program Files\pdfdrucker.exe

========== Files - Modified Within 30 Days ==========

[2012.10.15 14:44:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.15 14:42:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anke Kyburg\Desktop\OTL.exe
[2012.10.15 14:40:29 | 000,000,000 | ---- | M] () -- C:\Users\Anke Kyburg\defogger_reenable
[2012.10.15 14:37:29 | 000,050,477 | ---- | M] () -- C:\Users\Anke Kyburg\Desktop\Defogger.exe
[2012.10.15 14:35:24 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.15 13:13:15 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 13:13:15 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 12:55:36 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.10.15 11:11:47 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.15 09:35:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.15 09:19:08 | 000,676,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.15 09:19:08 | 000,634,876 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.15 09:19:08 | 000,146,744 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.15 09:19:08 | 000,120,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.15 09:13:07 | 000,007,592 | ---- | M] () -- C:\Users\Anke Kyburg\AppData\Local\d3d9caps.dat
[2012.10.15 09:13:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.15 09:12:56 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.13 18:59:05 | 000,045,766 | ---- | M] () -- C:\Users\Anke Kyburg\AppData\Roaming\wklnhst.dat
[2012.10.11 09:59:02 | 002,409,928 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\Cat.DB
[2012.10.03 09:18:11 | 000,009,103 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\VT20121002.018
[2012.10.02 15:31:53 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.26 12:34:14 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1309000.009\isolate.ini

========== Files Created - No Company Name ==========

[2012.10.15 14:40:29 | 000,000,000 | ---- | C] () -- C:\Users\Anke Kyburg\defogger_reenable
[2012.10.15 14:37:08 | 000,050,477 | ---- | C] () -- C:\Users\Anke Kyburg\Desktop\Defogger.exe
[2012.10.15 11:11:47 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 15:31:53 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.02 15:31:53 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.28 15:04:06 | 000,001,158 | ---- | C] () -- C:\Users\Anke Kyburg\AppData\Roaming\ShiftN.ini
[2012.07.23 13:33:00 | 196,148,768 | ---- | C] () -- C:\Program Files\Rossmann-Fotosoftware-Setup.exe
[2012.07.16 13:53:46 | 001,008,736 | ---- | C] () -- C:\Program Files\AmazonMP3DownloaderInstall.exe
[2012.02.22 10:58:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012.02.22 10:58:35 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012.02.22 10:58:33 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2011.11.09 12:22:11 | 000,004,079 | ---- | C] () -- C:\Users\Anke Kyburg\.recently-used.xbel
[2011.04.29 14:19:30 | 000,811,520 | ---- | C] () -- C:\Users\Anke Kyburg\Computerfachleute.pps
[2011.04.10 10:38:07 | 011,799,730 | ---- | C] ( ) -- C:\Program Files\bubbles_premium_de.exe
[2010.12.29 16:23:12 | 001,008,736 | ---- | C] () -- C:\Program Files\AmazonMP3Installer-de_DE.exe
[2010.11.15 13:00:48 | 000,000,000 | ---- | C] () -- C:\Windows\CorelDrw110.INI
[2010.11.04 14:57:28 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.10.27 11:12:29 | 000,001,940 | ---- | C] () -- C:\Users\Anke Kyburg\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.04.15 18:22:19 | 001,421,341 | ---- | C] ( ) -- C:\Program Files\ABCsetup.exe
[2009.11.08 18:17:24 | 001,514,159 | ---- | C] () -- C:\Program Files\Orion_Duesseldorf.pdf
[2009.11.04 19:48:45 | 047,518,307 | ---- | C] () -- C:\Program Files\FishdomSpookySplashSetup.exe
[2009.10.30 15:41:59 | 000,060,939 | ---- | C] () -- C:\Users\Anke Kyburg\AppData\Roaming\mdbu.bin
[2009.10.30 15:26:42 | 046,306,792 | ---- | C] ( ) -- C:\Program Files\Rossmann_Fotoservice.exe
[2009.10.22 09:19:42 | 000,158,208 | ---- | C] () -- C:\Users\Anke Kyburg\Karriereleiter.pps
[2009.05.30 08:47:30 | 016,070,968 | ---- | C] ( ) -- C:\Program Files\gimp-2.6.6-i686-setup.exe
[2008.12.27 10:04:36 | 000,000,000 | ---- | C] () -- C:\Users\Anke Kyburg\AppData\Roaming\Default.PLS
[2008.12.13 11:06:39 | 000,009,003 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008.10.07 19:13:43 | 016,039,098 | ---- | C] () -- C:\Program Files\PDFXVwer.zip
[2008.09.16 14:49:08 | 001,021,648 | ---- | C] () -- C:\Program Files\Google Updater.exe
[2008.08.19 11:06:37 | 000,045,568 | ---- | C] () -- C:\Users\Anke Kyburg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.17 10:16:24 | 000,045,766 | ---- | C] () -- C:\Users\Anke Kyburg\AppData\Roaming\wklnhst.dat
[2008.08.15 08:13:37 | 000,007,592 | ---- | C] () -- C:\Users\Anke Kyburg\AppData\Local\d3d9caps.dat
[2008.08.04 11:55:09 | 000,000,099 | ---- | C] () -- C:\Users\Anke Kyburg\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2011.03.11 11:00:54 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-804660689-2675494545-1679411180-1003\$IMPCAX5.N
[2011.03.11 11:00:20 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-804660689-2675494545-1679411180-1003\$RMPCAX5.N
[2010.09.01 19:57:50 | 000,003,068 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-804660689-2675494545-1679411180-1003\$R9M914X._msige52\program files\Google\Google Earth\client\res\paddle\l.png
[2010.09.01 19:57:50 | 000,003,210 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-804660689-2675494545-1679411180-1003\$R9M914X._msige52\program files\Google\Google Earth\client\res\paddle\n.png
[2010.09.01 19:57:51 | 000,003,206 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-804660689-2675494545-1679411180-1003\$R9M914X._msige52\program files\Google\Google Earth\client\res\paddle\u.png
[2010.09.01 19:57:50 | 000,003,068 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-804660689-2675494545-1679411180-1003\$R9M914X._msige52\program files\Google\Google Earth\plugin\res\paddle\l.png
[2010.09.01 19:57:50 | 000,003,210 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-804660689-2675494545-1679411180-1003\$R9M914X._msige52\program files\Google\Google Earth\plugin\res\paddle\n.png
[2010.09.01 19:57:51 | 000,003,206 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-804660689-2675494545-1679411180-1003\$R9M914X._msige52\program files\Google\Google Earth\plugin\res\paddle\u.png
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.12.30 12:00:00 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\Amazon
[2008.08.27 11:29:58 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\Autodesk
[2012.10.15 15:03:07 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\BrowserCompanion
[2008.09.10 15:08:00 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\Buhl Data Service GmbH
[2012.07.16 14:49:08 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\Canneverbe Limited
[2011.11.23 14:33:50 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\Freeze Tag
[2011.11.09 12:22:11 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\gtk-2.0
[2011.11.09 11:58:32 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\MAGIX
[2011.04.02 10:48:49 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\MP3Rocket
[2011.11.09 12:38:59 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\PhotoScape
[2010.11.05 13:18:56 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\PIE
[2009.08.19 14:38:53 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\Playrix Entertainment
[2008.08.16 12:03:12 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\SoftMaker
[2012.07.10 09:49:12 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\Steganos
[2008.11.13 22:54:05 | 000,000,000 | ---D | M] -- C:\Users\Anke Kyburg\AppData\Roaming\Template

========== Purity Check ==========



< End of report >

und:

OTL Extras logfile created on: 15.10.2012 14:47:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anke Kyburg\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 44,98% Memory free
6,20 Gb Paging File | 4,02 Gb Available in Paging File | 64,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 285,93 Gb Free Space | 64,14% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 11,44 Gb Free Space | 57,24% Space Free | Partition Type: FAT32

Computer Name: ANKEKYBURG-PC | User Name: Anke Kyburg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DA0D10D-A729-49A7-9CFC-51F147D61FC5}" = rport=138 | protocol=17 | dir=out | app=system |
"{20467DC1-1826-4380-BD36-CE052516911A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{326525A5-B54A-4FD9-8B73-982D08B0D117}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4F1DBF27-83A7-4672-80C2-766933A14637}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B70B241-0BEF-42EA-B8A2-87EF0514C029}" = lport=139 | protocol=6 | dir=in | app=system |
"{707C05B7-C04C-4818-8A20-C71F58CE4066}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FD042C2-727A-4B0E-9EB8-07C8A65AFB75}" = rport=139 | protocol=6 | dir=out | app=system |
"{AF865125-7A55-47CB-A45A-0A9A99D3635B}" = lport=138 | protocol=17 | dir=in | app=system |
"{E99BD53A-78DC-4F10-8B2A-D84037BA8D8A}" = lport=137 | protocol=17 | dir=in | app=system |
"{EFA3BDB2-EDD6-4FC5-9A51-ECF4CC9417B8}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A972E19-4102-4028-8E9D-989761DE841D}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{1723E30B-EE1F-4E2C-A850-F5E3C8689235}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5EBF3F45-9D4F-4692-8F8C-2C07CEB0CF65}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{63D67823-C2FB-4F0B-BA98-31CEF50CB5EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{714F11E8-DD01-4C3B-B26E-34751DCBF7BE}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{774B8335-E2C0-4E52-BF5C-33288E7C7B4F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BB297C6B-2984-4D63-915D-664B6EE3F0AD}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{C8F4645C-C31D-4A1A-ADD0-3BFAB47B6D06}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{EA04C97A-CCC1-4ED0-9E2E-E73855866323}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{12DE1F4B-E23F-4C97-A9CF-98F6F3D058E5}" = ProSteel 3D V17.2 Deutsch
"{18420E45-B723-49A5-ACF9-7C132B1CBE53}" = SigmaTel MSCNMMC Audio Player
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30A01FF6-D5DD-4DEE-AA57-253AF79A57B9}" = Sun xVM VirtualBox
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-0201-0407-0002-0060B0CE6BBA}" = AutoCAD 2004
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63C5DD30-4C46-4968-B96A-A3E2992769FE}" = MAGIX Screenshare
"{6502EEC3-F368-3742-9985-C0BCDA394B44}" = Audio-CD-Archiv 5.0
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6C9FCAE4-E4D5-4465-AAD5-8E1245485E63}" = Steganos Password Manager Free
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F704BC1-A1F3-4EBA-B563-9C39866FDC27}" = SuperProNet Combo Installer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service
"{A68575CE-050E-4E1F-A053-58BE8D9DE7AB}" = ArcSoft MediaImpression 2
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB348F9E-8E1D-4F4E-B1CA-B4A4D8BD23FF}" = CyberView CS 1.3D (Build 20100930)
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B252FEC0-C63B-4AF6-8459-D105B3E3FC70}" = MAGIX Foto Manager 10
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D322A73E-A792-45E8-B7C0-477E94F44F26}" = CyberView CS - CS500IR 1.1e
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2130
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB60A586-FC0D-4B60-881C-1E14AC66D75A}" = CyberView CS 1.3D (Build 20100930)
"{FBD7A67D-D700-4043-B54F-DD106D00F308}" = LameXP
"{FE2F2589-96A6-4F38-98F5-DDAC34BD41B9}" = Autodesk Network License Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Music Studio 2007" = Ashampoo Music Studio 2007
"Autodesk Express Viewer" = Autodesk Express Viewer
"BrowserCompanion" = BrowserCompanion
"CdaC13Ba" = SafeCast Shared Components
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"DSGPlayer" = SAT1 GAME CENTER
"Fishdom_is1" = Fishdom 1.0
"Flower Power_is1" = Flower Power 2.00.0403
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"InstallShield_{12DE1F4B-E23F-4C97-A9CF-98F6F3D058E5}" = ProSteel 3D V17.2 Deutsch
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LetsTrade" = LetsTrade Komponenten
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"PDFDrucker_is1" = PDFDrucker sponsored by ebuero
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"Quick Zip_is1" = Quick Zip 3.06.3
"Rossmann Fotoservice_is1" = Rossmann Fotoservice 2.6
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"ShiftN_is1" = ShiftN 3.6.1
"sm-un1.u32" = Ashampoo Office 2006 (C:\Program Files\Ashampoo\Ashampoo Office 2006)
"Snow3_is1" = Snow3 1.5.0
"Spider Solitaire_is1" = Spider Solitaire 1.1.0
"Weihnachtsexpress3D" = Weihnachtsexpress 3D
"WinGimp-2.0_is1" = GIMP 2.6.11
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"X10Hardware" = X10 Hardware(TM)
"YTdetect" = Yahoo! Detect

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.10.2012 02:47:27 | Computer Name = AnkeKyburg-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.10.2012 04:00:45 | Computer Name = AnkeKyburg-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.10.2012 04:19:19 | Computer Name = AnkeKyburg-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.10.2012 15:40:38 | Computer Name = AnkeKyburg-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.10.2012 02:37:11 | Computer Name = AnkeKyburg-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.10.2012 06:13:06 | Computer Name = AnkeKyburg-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 1748 Anfangszeit: 01cda84518376de0 Zeitpunkt der
Beendigung: 40

Error - 12.10.2012 10:49:21 | Computer Name = AnkeKyburg-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 328 Anfangszeit: 01cda8622ec73140 Zeitpunkt der
Beendigung: 36

Error - 13.10.2012 03:30:33 | Computer Name = AnkeKyburg-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.10.2012 03:16:02 | Computer Name = AnkeKyburg-PC | Source = WinMgmt | ID = 10
Description =

Error - 15.10.2012 03:14:27 | Computer Name = AnkeKyburg-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 13.09.2008 14:26:09 | Computer Name = AnkeKyburg-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide


Error - 24.12.2010 04:26:57 | Computer Name = AnkeKyburg-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 07.04.2011 08:05:55 | Computer Name = AnkeKyburg-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


[ System Events ]
Error - 09.10.2012 02:28:32 | Computer Name = AnkeKyburg-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10.10.2012 02:46:04 | Computer Name = AnkeKyburg-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker HP LaserJet 6L nicht unter dem
Namen HP LaserJet 6L freigeben. Fehler: 2114. Der Drucker kann nicht von anderen
Benutzern im Netzwerk verwendet werden.

Error - 10.10.2012 02:47:28 | Computer Name = AnkeKyburg-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11.10.2012 04:00:45 | Computer Name = AnkeKyburg-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11.10.2012 04:19:20 | Computer Name = AnkeKyburg-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11.10.2012 15:40:38 | Computer Name = AnkeKyburg-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12.10.2012 02:37:11 | Computer Name = AnkeKyburg-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 13.10.2012 03:30:33 | Computer Name = AnkeKyburg-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 14.10.2012 03:16:02 | Computer Name = AnkeKyburg-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 15.10.2012 03:14:28 | Computer Name = AnkeKyburg-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


Ich bin bin nicht besonders talentiert, was Computerdinge betrifft. Insbesondere wenn englische Begriffe in der Problembekämpfung auftauchen, bin ich aufgeschmissen. Ich benötige also Tips auf deutsch, wenn möglich. Es wäre schön, wenn mir jemand bei der Problemlösung helfen könnte.

Ich danke herzlich für die Mühe.

Alt 16.10.2012, 12:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner ad.adserverplus.com bremst Rechner aus - Standard

Trojaner ad.adserverplus.com bremst Rechner aus



Zitat:
Der erste Scan mit dem Malwarebytes hat 41 infizierte Dateien angezeigt. Das Fenster habe ich dann leider geschlossen, ohne das Ergebnis zu speichern.
Malwarebytes speichert alle Logs im Reiter Logdateien. Bitte nachsehen und alle Logs posten

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu Trojaner ad.adserverplus.com bremst Rechner aus
80-100, bho, computer, downloader, dringend, error, failed, firefox, flash player, geld, google, helper, home, infizierte dateien, intranet, logfile, mozilla, mp3, object, realtek, recycle.bin, registry, scan, security, software, symantec, trojaner, trojaner ad.adserverplus.com, vista, wiso



Ähnliche Themen: Trojaner ad.adserverplus.com bremst Rechner aus


  1. svchost.exe nutzt über 1 GB RAM - blockiert / bremst Rechner zur Unbrauchbarkeit
    Alles rund um Windows - 08.06.2015 (7)
  2. mp4 Datei bremst mein Computer
    Log-Analyse und Auswertung - 25.11.2014 (11)
  3. Trojaner Adserverplus - Win7 64bit
    Log-Analyse und Auswertung - 28.11.2013 (11)
  4. Adserverplus-Trojaner
    Log-Analyse und Auswertung - 04.11.2013 (19)
  5. Windows 7, Trojaner adserverplus.com legt system lahm
    Log-Analyse und Auswertung - 22.09.2013 (13)
  6. Adserverplus-Trojaner entfernen
    Log-Analyse und Auswertung - 06.07.2013 (8)
  7. was bremst meinen pc so
    Log-Analyse und Auswertung - 15.04.2013 (13)
  8. ad.adserverplus.com Trojaner..Ständig öffnet sich Fenster mit diesem Link
    Log-Analyse und Auswertung - 23.09.2012 (1)
  9. Internet dsl 6000 bremst komplett
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (9)
  10. Internet dsl 6000 bremst komplett
    Alles rund um Windows - 26.08.2012 (3)
  11. PLFSetL.exe - Virus/Trojaner/Maleware bremst System
    Log-Analyse und Auswertung - 06.01.2012 (1)
  12. Syre32 bremst System aus
    Plagegeister aller Art und deren Bekämpfung - 15.05.2010 (2)
  13. IE bremst system komplett aus
    Log-Analyse und Auswertung - 29.09.2006 (2)
  14. IE bremst system komplett aus
    Mülltonne - 29.09.2006 (1)
  15. svchost bremst System aus
    Log-Analyse und Auswertung - 09.05.2006 (2)
  16. Irgendwas bremst meinen PC aus
    Log-Analyse und Auswertung - 14.12.2004 (21)
  17. KAV 4.5 bremst Firefox aus
    Antiviren-, Firewall- und andere Schutzprogramme - 29.08.2004 (13)

Zum Thema Trojaner ad.adserverplus.com bremst Rechner aus - Hallo. ich brauche dringend Hilfe. Seit ein paar Tagen macht mein Computer Zicken. Internet-verbindungen brauchen ewig, bis sie sich aufbauen, ebenso das Abrufen von Emails. Zudem bekomme ich immer wieder - Trojaner ad.adserverplus.com bremst Rechner aus...
Archiv
Du betrachtest: Trojaner ad.adserverplus.com bremst Rechner aus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.