Incredibar lässt sich nicht entfernen!

maxi03 · 28.11.2012, 11:32

Guten Tag,
Ich habe mir durch den download von einem pdf Creator incredibar eingefangen.
Diese Startseite öffnet sich beim Öffnen des Browsers Crome.
Firefox habe ich neu aufgesetzt.Hier habe ich das Problem gelöst.

In Crome habe ich alle add ins deinstalliert, es ist dort nicht mehr zu finden.
ADW Cleaner habe ich auch darüberlaufen lassen, er hat auch etwas gefunden und hat es gelöscht.

Ich arbeite mit Windows Vista, Norton 360 ist installiert.
Norton bietet keine Lösungsvorschläge an.

Hier die Log Files:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:29:57, on 28.11.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\MultiScreen\MultiScreen.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\WePrint\WePrint Server.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\conime.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\Explorer.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_124.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_124.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://otanywhere.opentable.de/login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MultiScreen] C:\Program Files\MultiScreen\MultiScreen.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\svenja\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Run: [Google Update] "C:\Users\svenja\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1101760962-3014260797-1857789441-1003\..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1101760962-3014260797-1857789441-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-21-1101760962-3014260797-1857789441-1004\..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: WePrint Server.lnk = C:\Program Files\WePrint\WePrint Server.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {A378EEF8-4E41-4BC4-8CBC-1ACB8686CC1D} (OTSysInfo Object) - https://otanywhere.opentable.de/download/PlugIn/OTSI.CAB
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cyberJack PC/SC COM Service (cjpcsc) - REINER SCT - C:\Windows\system32\cjpcsc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Mediencenter Service (MCSWASVR) - Deutsche Telekom AG - C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 14173 bytes

Freu mich auf Hilfe!
Viele grüße aus der Hauptstadt.
Marcus

cosinus · 28.11.2012, 17:34

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Zitat:

ADW Cleaner habe ich auch darüberlaufen lassen, er hat auch etwas gefunden und hat es gelöscht.

Und warum lässt du das Log weg?

Die adwCleaner-Logs wären wesentlicher sinnvoller als ein Hijackthis-Log gewesen

Bitte keine Hijackthis-Logfiles posten!!!

Zitat:

Zitat von Larusso

Uns ist klar, dass HijackThis wahrscheinlich eines der bekanntesten Analysetools ist.

Jedoch scannt es nur noch sehr oberflächlich und gibt uns für eine genaue Analyse eures Systems zu wenig Informationen.

Darum, bitte keine HijackThis Logfiles posten, sondern folgendes lesen und abarbeiten.

http://www.trojaner-board.de/69886-a...-beachten.html

Nur mit diesen Informationen können wir euch helfen.

Danke

maxi03 · 29.11.2012, 13:27

Hallo Cosinos,
vielen Dank für deine Antwort und Tips.
Ich warte dann auf Info für die nächsten Steps.

lg Marcus

cosinus · 29.11.2012, 13:45

Zitat:

Ich warte dann auf Info für die nächsten Steps.

Kann s sein, dass du eine wichtige Frage von mir überlesen hast?

Zitat:

Zitat von cosinus

Und warum lässt du das Log weg?

Die adwCleaner-Logs wären wesentlicher sinnvoller als ein Hijackthis-Log gewesen

maxi03 · 29.11.2012, 14:11

upps, sorry!
hier der Log vor der Säuberung:
# AdwCleaner v2.007 - Datei am 15/11/2012 um 08:30:23 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : svenja - MARCUS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\svenja\Downloads\AdwCleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\svenja\AppData\Local\medbarri.dat
Datei Gefunden : C:\Users\svenja\AppData\Local\medbarri.dat
Datei Gefunden : C:\Users\svenja\AppData\Local\medbarri_nav.dat
Datei Gefunden : C:\Users\svenja\AppData\Local\medbarri_nav.dat
Datei Gefunden : C:\Users\svenja\AppData\Local\medbarri_navps.dat
Datei Gefunden : C:\Users\svenja\AppData\Local\medbarri_navps.dat
Datei Gefunden : C:\Users\svenja\AppData\Roaming\Mozilla\Firefox\Profiles\ty77o4ho.default\searchplugins\MyStart Search.xml
Ordner Gefunden : C:\Program Files\RelevantKnowledge
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\marcus\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\marcus\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\svenja\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\svenja\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\svenja\AppData\Roaming\loadtbs
Ordner Gefunden : C:\Users\svenja\AppData\Roaming\Mozilla\Firefox\Profiles\ty77o4ho.default\extensions\ffxtlbr@incredibar.com
Ordner Gefunden : C:\Users\svenja\AppData\Roaming\Mozilla\Firefox\Profiles\ty77o4ho.default\extensions\software@loadtubes.com
Ordner Gefunden : C:\Users\svenja\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\Software\IB Updater
Schlüssel Gefunden : HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16443

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Profilname : default
Datei : C:\Users\svenja\AppData\Roaming\Mozilla\Firefox\Profiles\ty77o4ho.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb201?a=6OyTESYRQQ&i=26");
Gefunden : user_pref("browser.search.defaultenginename", "MyStart Search");
Gefunden : user_pref("browser.search.selectedEngine", "MyStart Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb201?a=6OyTESYRQQ&i=26");
Gefunden : user_pref("extensions.enabledAddons", "battlefieldheroespatcher@ea.com:5.0.127.0,de-DE@dictionaries.[...]
Gefunden : user_pref("extensions.incredibar.admin", false);
Gefunden : user_pref("extensions.incredibar.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar.dfltLng", "");
Gefunden : user_pref("extensions.incredibar.dfltSrch", false);
Gefunden : user_pref("extensions.incredibar.did", "10643");
Gefunden : user_pref("extensions.incredibar.excTlbr", false);
Gefunden : user_pref("extensions.incredibar.hmpg", false);
Gefunden : user_pref("extensions.incredibar.id", "ac2cc66500000000000000064f6562db");
Gefunden : user_pref("extensions.incredibar.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar.instlDay", "15653");
Gefunden : user_pref("extensions.incredibar.instlRef", "");
Gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1410:01:40");
Gefunden : user_pref("extensions.incredibar.newTab", false);
Gefunden : user_pref("extensions.incredibar.noFFXTlbr", false);
Gefunden : user_pref("extensions.incredibar.ppd", "77777166");
Gefunden : user_pref("extensions.incredibar.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar.productid", "26");
Gefunden : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyTESYRQQ&loc=IB_T[...]
Gefunden : user_pref("extensions.incredibar.upn2", "6OyTESYRQQ");
Gefunden : user_pref("extensions.incredibar.upn2n", "92262420924136416");
Gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1410:01:40");
Gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Gefunden : user_pref("extensions.incredibar_i.did", "10643");
Gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Gefunden : user_pref("extensions.incredibar_i.id", "ac2cc66500000000000000064f6562db");
Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar_i.instlDay", "15653");
Gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Gefunden : user_pref("extensions.incredibar_i.newTab", false);
Gefunden : user_pref("extensions.incredibar_i.ppd", "77777166");
Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar_i.productid", "26");
Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyTESYRQQ&loc=IB[...]
Gefunden : user_pref("extensions.incredibar_i.upn2", "6OyTESYRQQ");
Gefunden : user_pref("extensions.incredibar_i.upn2n", "92262420924136416");
Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1410:01:40");
Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gefunden : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6OyTESYRQQ&&i=26&search="[...]

Profilname : default
Datei : C:\Users\marcus\AppData\Roaming\Mozilla\Firefox\Profiles\ox69q1ek.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.64

Datei : C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.16] : urls_to_restore_on_startup = [ "hxxp://www.google.de/", "hxxp://www.google.de/", "hxxp://mystart.incredibar.com/mb201?a=6OyTESYRQQ&i=26" ]
Gefunden [l.2442] : urls_to_restore_on_startup = [ "hxxp://www.google.de/", "hxxp://www.google.de/", "hxxp://mystart.incredibar.com/mb201?a=6OyTESYRQQ&i=26" ]

*************************

AdwCleaner[R1].txt - [7549 octets] - [15/11/2012 08:30:23]

########## EOF - C:\AdwCleaner[R1].txt - [7609 octets] ##########

und nach der Säuberung:
# AdwCleaner v2.007 - Datei am 15/11/2012 um 08:49:46 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : svenja - MARCUS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\svenja\Desktop\AdwCleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\svenja\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16443

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Profilname : default
Datei : C:\Users\svenja\AppData\Roaming\Mozilla\Firefox\Profiles\ty77o4ho.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default
Datei : C:\Users\marcus\AppData\Roaming\Mozilla\Firefox\Profiles\ox69q1ek.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.64

Datei : C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [7678 octets] - [15/11/2012 08:30:23]
AdwCleaner[R2].txt - [1203 octets] - [15/11/2012 08:49:46]
AdwCleaner[S1].txt - [7491 octets] - [15/11/2012 08:31:21]

########## EOF - C:\AdwCleaner[R2].txt - [1323 octets] ##########

cosinus · 29.11.2012, 14:49

Die Logs bitte in CODE-Tags!

Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

maxi03 · 29.11.2012, 15:53

Hallo Cosinus,
vielen Dank für die Informationen. Ich habe deinen Anweisungen exakt gefolgt. Hier der CustomScan:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.11.2012 15:24:54 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\svenja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,63 Gb Available Physical Memory | 31,66% Memory free
4,38 Gb Paging File | 1,58 Gb Available in Paging File | 36,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145,29 Gb Total Space | 4,70 Gb Free Space | 3,23% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 778,58 Gb Free Space | 83,58% Space Free | Partition Type: NTFS
Drive E: | 27,95 Gb Total Space | 5,33 Gb Free Space | 19,08% Space Free | Partition Type: NTFS
Drive G: | 144,99 Gb Total Space | 140,83 Gb Free Space | 97,13% Space Free | Partition Type: NTFS
Drive M: | 2,92 Gb Total Space | 2,52 Gb Free Space | 86,43% Space Free | Partition Type: FAT32
Drive Z: | 25,03 Gb Total Space | 14,32 Gb Free Space | 57,22% Space Free | Partition Type: NTFS
 
Computer Name: MARCUS-PC | User Name: svenja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.29 15:18:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\svenja\Desktop\OTL (1).exe
PRC - [2012.11.07 09:47:34 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012.10.11 21:56:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.10 16:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.06.18 11:22:51 | 002,550,392 | ---- | M] (EuroSmartz Ltd) -- C:\Programme\WePrint\WePrint Server.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.0.9\ccsvchst.exe
PRC - [2012.01.17 10:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) -- C:\Windows\System32\cjpcsc.exe
PRC - [2011.07.13 13:45:08 | 000,012,800 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
PRC - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011.01.24 19:36:28 | 000,085,272 | ---- | M] (Memeo Inc.) -- C:\Programme\Memeo\AutoBackup\MemeoUpdater.exe
PRC - [2011.01.24 19:35:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.22 16:54:05 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2009.06.23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.02.22 02:54:02 | 000,114,688 | ---- | M] () -- C:\Programme\MultiScreen\MultiScreen.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.12.07 14:28:22 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2007.10.11 19:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.09.07 17:23:54 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
MOD - [2012.10.31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012.10.31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012.10.31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012.10.31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012.10.31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012.10.31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012.10.31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012.08.31 12:02:46 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.08.31 12:01:10 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012.06.18 11:22:51 | 000,059,904 | ---- | M] () -- C:\Programme\WePrint\zlib1.dll
MOD - [2012.04.23 12:01:12 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.03.22 12:02:38 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.03.30 05:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009.03.30 05:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009.03.30 05:42:13 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 05:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2008.02.22 02:54:02 | 000,114,688 | ---- | M] () -- C:\Programme\MultiScreen\MultiScreen.exe
MOD - [2008.02.22 02:53:34 | 000,045,056 | ---- | M] () -- C:\Programme\MultiScreen\MGResGer.dll
MOD - [2008.02.22 02:53:20 | 000,028,672 | ---- | M] () -- C:\Programme\MultiScreen\MultiMon.dll
MOD - [2008.02.22 02:53:18 | 000,036,864 | ---- | M] () -- C:\Programme\MultiScreen\ServiceHook.dll
MOD - [2007.09.07 17:23:54 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.28 20:55:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.28 10:34:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.07 09:47:52 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012.11.07 09:47:34 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\System32\cjpcsc.exe -- (cjpcsc)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.13 13:45:08 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011.01.24 19:35:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.01.11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.22 16:54:05 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2009.06.23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.11.29 13:28:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.11.07 09:47:35 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012.10.24 00:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121106.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.09.13 02:18:37 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121128.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.09.13 02:18:37 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121128.021\NAVENG.SYS -- (NAVENG)
DRV - [2012.09.06 03:54:30 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121128.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.09 05:39:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 05:39:56 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.03 11:08:47 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys -- (SymEFA)
DRV - [2011.11.23 19:23:20 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011.11.16 20:38:00 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symtdiv.sys -- (SYMTDIv)
DRV - [2011.11.16 20:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON)
DRV - [2011.08.15 23:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys -- (SymDS)
DRV - [2011.03.29 11:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb)
DRV - [2011.01.11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011.01.11 18:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Programme\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010.03.23 02:17:06 | 001,170,464 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2009.07.22 16:54:05 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009.01.08 22:11:36 | 000,103,488 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.01.09 10:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.08 08:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.12.08 08:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.11.18 03:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.11.06 09:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007.11.06 09:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007.07.16 10:38:06 | 000,030,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007.07.07 14:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.07.03 03:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007.05.31 07:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2007.04.03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.01.18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004.01.19 16:27:31 | 000,050,396 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2004.01.19 16:27:26 | 000,006,828 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftlund.sys -- (FTLUND)
DRV - [2003.02.21 08:00:00 | 000,019,153 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://otanywhere.opentable.de/login.aspx
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://otanywhere.opentable.de/login.asp?dc=1&otaver=9828
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes,DefaultScope = {194C6A87-273C-4675-AFEC-CEED5412A375}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_131.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.08.05 15:48:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.11.15 10:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.07 13:04:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.07 13:04:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.28 10:34:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.19 11:26:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.19 11:26:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]
 
[2008.06.23 20:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Extensions
[2012.11.28 21:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions
[2010.06.12 19:38:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.15 08:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2012.11.15 11:08:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.11.28 11:32:51 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\firefox\profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.15 08:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.28 10:34:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.08 19:59:03 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: DivX HiQ = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk = C:\Programme\WePrint\WePrint Server.exe (EuroSmartz Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {A378EEF8-4E41-4BC4-8CBC-1ACB8686CC1D} https://otanywhere.opentable.de/download/PlugIn/OTSI.CAB (OTSysInfo Object)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5523D953-78C1-4DDA-BFD1-B4DE82E9D1F9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989AD318-57BC-47A0-961F-6C696470C3D7}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.02.15 05:53:50 | 000,000,027 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2002.08.14 12:42:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a43d5708-9b6b-11dd-815e-001d92a603f0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe BÜRO_1.vbs
O33 - MountPoints2\{ccf0b438-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe
O33 - MountPoints2\{ccf0b43f-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe
O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun
O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun
O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: PCMMediaSharing - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.29 15:18:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\svenja\Desktop\OTL (1).exe
[2012.11.29 13:28:23 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.28 11:16:54 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.11.28 11:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.11.28 10:56:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Malwarebytes
[2012.11.28 10:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.28 10:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.28 10:56:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.28 10:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.28 10:44:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\Macromedia
[2012.11.22 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1
[2012.11.22 11:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\SignageStudio
[2012.11.22 11:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.11.22 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\TeamViewer
[2012.11.22 08:30:53 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org
[2012.11.21 20:45:39 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.11.21 20:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.11.21 20:38:01 | 000,000,000 | ---D | C] -- C:\Users\svenja\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2012.11.19 11:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.19 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012.11.19 11:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.19 11:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.19 11:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.11.19 11:09:43 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012.11.19 11:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.11.17 16:56:51 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\HPAppData
[2012.11.15 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\join.me
[2012.11.15 08:43:22 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\pdfforge
[2012.11.09 10:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.11.09 10:13:31 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.11.09 10:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.11.09 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\svenja\Local Settings
[2012.11.09 10:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.11.08 11:18:57 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\convert
[2012.11.08 10:39:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneSMSExport
[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPhoneSMSExport
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.29 15:20:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000UA.job
[2012.11.29 15:18:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\svenja\Desktop\OTL (1).exe
[2012.11.29 14:55:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 14:55:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 14:55:24 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.29 14:53:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.29 14:00:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.29 13:28:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.28 19:20:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000Core.job
[2012.11.28 17:15:09 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for svenja.job
[2012.11.28 12:25:05 | 000,002,090 | ---- | M] () -- C:\Users\svenja\Desktop\Google Chrome.lnk
[2012.11.28 11:16:54 | 000,001,950 | ---- | M] () -- C:\Users\svenja\Desktop\HiJackThis.lnk
[2012.11.28 10:56:05 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.23 10:01:29 | 000,000,099 | ---- | M] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat
[2012.11.22 11:07:54 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\SignageStudio.lnk
[2012.11.22 11:07:49 | 000,142,336 | ---- | M] () -- C:\Users\svenja\Desktop\SignageStudio.exe
[2012.11.21 20:45:40 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.11.21 19:57:15 | 000,002,623 | ---- | M] () -- C:\Users\svenja\Desktop\Microsoft Word.lnk
[2012.11.19 11:26:25 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.11.19 11:17:59 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.17 21:55:06 | 000,427,829 | ---- | M] () -- C:\Users\svenja\Desktop\silvestermailing2012.pdf
[2012.11.15 12:29:52 | 000,000,907 | ---- | M] () -- C:\Users\svenja\Desktop\join.me.lnk
[2012.11.15 10:54:57 | 000,628,524 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.15 10:54:57 | 000,595,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.15 10:54:57 | 000,126,074 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.15 10:54:57 | 000,103,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 10:47:42 | 000,297,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.15 10:47:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.15 10:46:00 | 2146,611,200 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.15 08:51:09 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.15 08:29:47 | 000,541,569 | ---- | M] () -- C:\Users\svenja\Desktop\AdwCleaner.exe
[2012.11.09 10:13:39 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.09 10:13:39 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.11.09 10:04:06 | 000,001,233 | ---- | M] () -- C:\Users\svenja\Desktop\PDFCreator - Verknüpfung.lnk
[2012.11.09 08:19:02 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\OTLauncher.lnk
[2012.11.08 10:52:19 | 000,000,021 | ---- | M] () -- C:\Users\svenja\AppData\Local\mc.pixel.data
[2012.11.07 09:47:35 | 000,083,912 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012.11.07 09:47:34 | 000,092,072 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012.11.07 09:47:34 | 000,031,144 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2012.11.05 08:41:45 | 000,000,905 | ---- | M] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.28 11:16:54 | 000,001,950 | ---- | C] () -- C:\Users\svenja\Desktop\HiJackThis.lnk
[2012.11.28 10:56:05 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.23 10:02:08 | 000,142,336 | ---- | C] () -- C:\Users\svenja\Desktop\SignageStudio.exe
[2012.11.22 11:08:06 | 000,000,099 | ---- | C] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat
[2012.11.22 11:07:54 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SignageStudio.lnk
[2012.11.22 11:07:53 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\SignageStudio.lnk
[2012.11.21 20:45:40 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.11.21 11:38:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.17 21:55:06 | 000,427,829 | ---- | C] () -- C:\Users\svenja\Desktop\silvestermailing2012.pdf
[2012.11.15 12:29:52 | 000,000,907 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
[2012.11.15 12:29:50 | 000,000,907 | ---- | C] () -- C:\Users\svenja\Desktop\join.me.lnk
[2012.11.15 08:51:08 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.15 08:51:08 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.15 08:29:35 | 000,541,569 | ---- | C] () -- C:\Users\svenja\Desktop\AdwCleaner.exe
[2012.11.09 10:13:39 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.09 10:13:39 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.11.09 08:19:02 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\OTLauncher.lnk
[2012.11.05 08:41:44 | 000,000,905 | ---- | C] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk
[2012.08.25 10:33:41 | 000,003,730 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\wklnhst.dat
[2011.12.18 15:25:02 | 000,094,564 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.12.05 18:21:29 | 000,000,600 | ---- | C] () -- C:\Users\svenja\AppData\Local\PUTTY.RND
[2011.11.06 14:23:06 | 000,273,500 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011.11.06 14:23:06 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011.10.22 23:09:14 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.10.22 23:09:13 | 000,138,056 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\PnkBstrK.sys
[2011.10.22 23:08:58 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.10.22 23:08:41 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.09.18 08:46:54 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2011.09.18 08:45:16 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2011.09.18 08:45:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2011.08.15 07:03:39 | 000,274,115 | ---- | C] () -- C:\Windows\hpwins05.dat.temp
[2011.08.15 06:59:15 | 000,000,725 | ---- | C] () -- C:\Windows\wsnk.ini
[2011.08.08 20:28:49 | 000,000,021 | ---- | C] () -- C:\Users\svenja\AppData\Local\mc.pixel.data
[2011.08.01 09:19:15 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp
[2011.05.04 07:35:40 | 000,000,680 | ---- | C] () -- C:\Users\svenja\AppData\Local\d3d9caps.dat
[2011.04.11 18:32:36 | 000,001,940 | ---- | C] () -- C:\Users\svenja\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.12.19 19:19:14 | 000,000,054 | ---- | C] () -- C:\Windows\System32\opentable.ini
[2009.06.25 19:49:47 | 000,000,092 | ---- | C] () -- C:\Users\svenja\AppData\Local\cuyyo.bat
[2009.06.02 09:47:50 | 000,024,206 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\UserTile.png
[2009.01.14 18:55:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.21 12:12:15 | 000,015,872 | ---- | C] () -- C:\Users\svenja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.20 15:57:10 | 000,001,891 | ---- | C] () -- C:\Users\svenja\ZENcast Organizer.lnk
[2008.07.20 15:56:45 | 000,000,124 | ---- | C] () -- C:\Users\svenja\ZEN Media Explorer.lnk
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.09.08 05:43:38 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\Memeo
[2011.09.08 05:43:38 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\Seagate
[2012.03.14 08:33:32 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\Thunderbird
[2012.07.25 20:39:05 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\YouSendIt
[2012.11.08 11:18:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\convert
[2012.11.29 13:28:08 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Dropbox
[2012.11.29 10:44:55 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FileZilla
[2011.11.29 18:25:42 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FLAC to MP3 Converter
[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Image Zone Express
[2011.08.22 18:46:46 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Leadertech
[2009.07.22 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\LEAPS
[2011.02.07 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Local
[2011.08.22 18:52:51 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Memeo
[2012.11.22 08:30:53 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org
[2012.11.15 08:43:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\pdfforge
[2009.06.02 09:47:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\PeerNetworking
[2009.07.22 16:59:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Pegasys Inc
[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Printer Info Cache
[2011.07.22 06:16:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Registry Mechanic
[2011.08.22 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seagate
[2011.12.05 16:42:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seas0nPass
[2012.11.22 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1
[2010.01.31 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Sony
[2012.11.22 10:58:47 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\TeamViewer
[2012.08.25 10:33:48 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Template
[2011.07.20 08:29:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Thunderbird
[2012.08.17 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\uTorrent
[2012.01.06 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\XMedia Recode
[2012.07.11 12:52:00 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\YouSendIt
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.07.23 08:44:02 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.06.21 15:21:46 | 000,000,000 | ---D | M] -- C:\Acer
[2012.03.12 08:48:25 | 000,000,000 | ---D | M] -- C:\AirPrint
[2008.03.29 10:01:33 | 000,000,000 | ---D | M] -- C:\Book
[2009.12.24 15:54:34 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.11.28 11:16:55 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.06.21 15:08:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.03.29 10:01:33 | 000,000,000 | ---D | M] -- C:\DRV
[2008.03.29 03:31:02 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.08.16 11:37:40 | 000,000,000 | ---D | M] -- C:\N360_BACKUP
[2012.05.26 12:04:08 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.11.09 08:18:38 | 000,000,000 | ---D | M] -- C:\OpenTable
[2008.08.30 02:27:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.28 11:16:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.28 10:56:02 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.06.21 15:08:38 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.29 15:32:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.05 15:38:55 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.28 11:14:52 | 000,000,000 | ---D | M] -- C:\vom Netz
[2012.11.19 11:09:43 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.11.22 11:06:49 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Adobe
[2011.12.19 16:52:37 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Apple Computer
[2012.11.08 11:18:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\convert
[2011.02.04 10:18:10 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Creative
[2011.02.07 12:45:07 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\DivX
[2012.11.29 13:28:08 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Dropbox
[2009.12.25 17:58:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FastStone
[2012.11.29 10:44:55 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FileZilla
[2011.11.29 18:25:42 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FLAC to MP3 Converter
[2010.12.19 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\HP
[2012.11.17 16:56:51 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\HPAppData
[2012.01.03 20:11:49 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\HpUpdate
[2008.06.21 15:18:37 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Identities
[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Image Zone Express
[2010.12.19 12:03:24 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\InstallShield
[2011.08.22 18:46:46 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Leadertech
[2009.07.22 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\LEAPS
[2011.02.07 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Local
[2012.03.05 11:17:14 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Logishrd
[2012.03.05 11:17:05 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Logitech
[2008.06.21 15:19:20 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Macromedia
[2012.11.28 10:56:25 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Media Center Programs
[2011.08.22 18:52:51 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Memeo
[2012.11.28 10:44:25 | 000,000,000 | --SD | M] -- C:\Users\svenja\AppData\Roaming\Microsoft
[2008.06.23 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Mozilla
[2012.03.05 15:39:02 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Nero
[2012.11.22 08:30:53 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org
[2012.11.15 08:43:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\pdfforge
[2009.06.02 09:47:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\PeerNetworking
[2009.07.22 16:59:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Pegasys Inc
[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Printer Info Cache
[2011.07.22 06:16:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Registry Mechanic
[2011.08.22 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seagate
[2011.12.05 16:42:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seas0nPass
[2012.11.22 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1
[2010.01.31 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Sony
[2012.11.22 10:58:47 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\TeamViewer
[2012.08.25 10:33:48 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Template
[2011.07.20 08:29:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Thunderbird
[2012.08.17 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\uTorrent
[2009.11.26 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\vlc
[2012.01.06 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\XMedia Recode
[2012.07.11 12:52:00 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\YouSendIt
 
< %APPDATA%\*.exe /s >
[2012.11.08 19:59:06 | 012,697,088 | ---- | M] () -- C:\Users\svenja\AppData\Roaming\convert\convert.exe
[2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.08.27 05:21:14 | 000,874,384 | ---- | M] (Dropbox, Inc.) -- C:\Users\svenja\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.08.27 05:21:24 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\svenja\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.11.22 11:03:54 | 000,055,424 | ---- | M] (Adobe Systems Inc.) -- C:\Users\svenja\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.09.15 13:43:34 | 030,178,880 | ---- | M] (Memeo) -- C:\Users\svenja\AppData\Roaming\Memeo\AutoBackup\temp\7876_sgmr_ib_ALL_IN_ONE_setup.exe
[2012.11.28 11:16:55 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\svenja\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011.02.21 07:08:03 | 000,010,134 | R--- | M] () -- C:\Users\svenja\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.08.22 18:54:15 | 014,225,048 | ---- | M] () -- C:\Users\svenja\AppData\Roaming\Seagate\Seagate Dashboard\temp\SeagateDashboard_1421_Better_Setup.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
[2008.03.29 10:02:12 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.03.29 10:02:11 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.03.29 10:02:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008.03.29 10:02:20 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008.03.29 10:02:21 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,540 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.30 12:12:18 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000Core.job
[2011.01.30 12:12:20 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000UA.job
[2011.02.07 15:53:01 | 000,000,438 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for svenja.job
[2011.10.03 16:18:05 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.10.03 16:18:07 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.11.21 11:38:12 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:0EA9150163ACD6C9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

--- --- ---

maxi03 · 29.11.2012, 15:56

Hallo Cosinus,
vielen Dank für die Informationen. Ich habe deinen Anweisungen exakt gefolgt. Hier der CustomScan:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.11.2012 15:24:54 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\svenja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,63 Gb Available Physical Memory | 31,66% Memory free
4,38 Gb Paging File | 1,58 Gb Available in Paging File | 36,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145,29 Gb Total Space | 4,70 Gb Free Space | 3,23% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 778,58 Gb Free Space | 83,58% Space Free | Partition Type: NTFS
Drive E: | 27,95 Gb Total Space | 5,33 Gb Free Space | 19,08% Space Free | Partition Type: NTFS
Drive G: | 144,99 Gb Total Space | 140,83 Gb Free Space | 97,13% Space Free | Partition Type: NTFS
Drive M: | 2,92 Gb Total Space | 2,52 Gb Free Space | 86,43% Space Free | Partition Type: FAT32
Drive Z: | 25,03 Gb Total Space | 14,32 Gb Free Space | 57,22% Space Free | Partition Type: NTFS
 
Computer Name: MARCUS-PC | User Name: svenja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.29 15:18:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\svenja\Desktop\OTL (1).exe
PRC - [2012.11.07 09:47:34 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012.10.11 21:56:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.10 16:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.06.18 11:22:51 | 002,550,392 | ---- | M] (EuroSmartz Ltd) -- C:\Programme\WePrint\WePrint Server.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.0.9\ccsvchst.exe
PRC - [2012.01.17 10:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) -- C:\Windows\System32\cjpcsc.exe
PRC - [2011.07.13 13:45:08 | 000,012,800 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
PRC - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011.01.24 19:36:28 | 000,085,272 | ---- | M] (Memeo Inc.) -- C:\Programme\Memeo\AutoBackup\MemeoUpdater.exe
PRC - [2011.01.24 19:35:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.22 16:54:05 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2009.06.23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.02.22 02:54:02 | 000,114,688 | ---- | M] () -- C:\Programme\MultiScreen\MultiScreen.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.12.07 14:28:22 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2007.10.11 19:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.09.07 17:23:54 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
MOD - [2012.10.31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012.10.31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012.10.31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012.10.31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012.10.31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012.10.31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012.10.31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012.08.31 12:02:46 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.08.31 12:01:10 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012.06.18 11:22:51 | 000,059,904 | ---- | M] () -- C:\Programme\WePrint\zlib1.dll
MOD - [2012.04.23 12:01:12 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.03.22 12:02:38 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.03.30 05:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009.03.30 05:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009.03.30 05:42:13 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 05:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2008.02.22 02:54:02 | 000,114,688 | ---- | M] () -- C:\Programme\MultiScreen\MultiScreen.exe
MOD - [2008.02.22 02:53:34 | 000,045,056 | ---- | M] () -- C:\Programme\MultiScreen\MGResGer.dll
MOD - [2008.02.22 02:53:20 | 000,028,672 | ---- | M] () -- C:\Programme\MultiScreen\MultiMon.dll
MOD - [2008.02.22 02:53:18 | 000,036,864 | ---- | M] () -- C:\Programme\MultiScreen\ServiceHook.dll
MOD - [2007.09.07 17:23:54 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.28 20:55:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.28 10:34:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.07 09:47:52 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012.11.07 09:47:34 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\System32\cjpcsc.exe -- (cjpcsc)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.13 13:45:08 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011.01.24 19:35:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.01.11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.22 16:54:05 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2009.06.23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.11.29 13:28:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.11.07 09:47:35 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012.10.24 00:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121106.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.09.13 02:18:37 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121128.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.09.13 02:18:37 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121128.021\NAVENG.SYS -- (NAVENG)
DRV - [2012.09.06 03:54:30 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121128.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.09 05:39:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 05:39:56 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.03 11:08:47 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys -- (SymEFA)
DRV - [2011.11.23 19:23:20 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011.11.16 20:38:00 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symtdiv.sys -- (SYMTDIv)
DRV - [2011.11.16 20:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON)
DRV - [2011.08.15 23:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys -- (SymDS)
DRV - [2011.03.29 11:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb)
DRV - [2011.01.11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011.01.11 18:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Programme\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010.03.23 02:17:06 | 001,170,464 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2009.07.22 16:54:05 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009.01.08 22:11:36 | 000,103,488 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.01.09 10:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.08 08:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.12.08 08:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.11.18 03:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.11.06 09:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007.11.06 09:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007.07.16 10:38:06 | 000,030,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007.07.07 14:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.07.03 03:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007.05.31 07:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2007.04.03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.01.18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004.01.19 16:27:31 | 000,050,396 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2004.01.19 16:27:26 | 000,006,828 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftlund.sys -- (FTLUND)
DRV - [2003.02.21 08:00:00 | 000,019,153 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://otanywhere.opentable.de/login.aspx
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://otanywhere.opentable.de/login.asp?dc=1&otaver=9828
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes,DefaultScope = {194C6A87-273C-4675-AFEC-CEED5412A375}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_131.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.08.05 15:48:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.11.15 10:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.07 13:04:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.07 13:04:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.28 10:34:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.19 11:26:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.19 11:26:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]
 
[2008.06.23 20:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Extensions
[2012.11.28 21:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions
[2010.06.12 19:38:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.15 08:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2012.11.15 11:08:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.11.28 11:32:51 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\firefox\profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.15 08:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.28 10:34:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.08 19:59:03 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: DivX HiQ = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk = C:\Programme\WePrint\WePrint Server.exe (EuroSmartz Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {A378EEF8-4E41-4BC4-8CBC-1ACB8686CC1D} https://otanywhere.opentable.de/download/PlugIn/OTSI.CAB (OTSysInfo Object)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5523D953-78C1-4DDA-BFD1-B4DE82E9D1F9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989AD318-57BC-47A0-961F-6C696470C3D7}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.02.15 05:53:50 | 000,000,027 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2002.08.14 12:42:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a43d5708-9b6b-11dd-815e-001d92a603f0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe BÜRO_1.vbs
O33 - MountPoints2\{ccf0b438-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe
O33 - MountPoints2\{ccf0b43f-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe
O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun
O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun
O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: PCMMediaSharing - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.29 15:18:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\svenja\Desktop\OTL (1).exe
[2012.11.29 13:28:23 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.28 11:16:54 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.11.28 11:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.11.28 10:56:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Malwarebytes
[2012.11.28 10:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.28 10:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.28 10:56:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.28 10:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.28 10:44:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\Macromedia
[2012.11.22 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1
[2012.11.22 11:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\SignageStudio
[2012.11.22 11:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.11.22 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\TeamViewer
[2012.11.22 08:30:53 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org
[2012.11.21 20:45:39 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.11.21 20:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.11.21 20:38:01 | 000,000,000 | ---D | C] -- C:\Users\svenja\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2012.11.19 11:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.19 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012.11.19 11:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.19 11:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.19 11:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.11.19 11:09:43 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012.11.19 11:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.11.17 16:56:51 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\HPAppData
[2012.11.15 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\join.me
[2012.11.15 08:43:22 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\pdfforge
[2012.11.09 10:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.11.09 10:13:31 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.11.09 10:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.11.09 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\svenja\Local Settings
[2012.11.09 10:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.11.08 11:18:57 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\convert
[2012.11.08 10:39:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneSMSExport
[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPhoneSMSExport
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.29 15:20:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000UA.job
[2012.11.29 15:18:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\svenja\Desktop\OTL (1).exe
[2012.11.29 14:55:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 14:55:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 14:55:24 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.29 14:53:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.29 14:00:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.29 13:28:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.28 19:20:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000Core.job
[2012.11.28 17:15:09 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for svenja.job
[2012.11.28 12:25:05 | 000,002,090 | ---- | M] () -- C:\Users\svenja\Desktop\Google Chrome.lnk
[2012.11.28 11:16:54 | 000,001,950 | ---- | M] () -- C:\Users\svenja\Desktop\HiJackThis.lnk
[2012.11.28 10:56:05 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.23 10:01:29 | 000,000,099 | ---- | M] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat
[2012.11.22 11:07:54 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\SignageStudio.lnk
[2012.11.22 11:07:49 | 000,142,336 | ---- | M] () -- C:\Users\svenja\Desktop\SignageStudio.exe
[2012.11.21 20:45:40 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.11.21 19:57:15 | 000,002,623 | ---- | M] () -- C:\Users\svenja\Desktop\Microsoft Word.lnk
[2012.11.19 11:26:25 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.11.19 11:17:59 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.17 21:55:06 | 000,427,829 | ---- | M] () -- C:\Users\svenja\Desktop\silvestermailing2012.pdf
[2012.11.15 12:29:52 | 000,000,907 | ---- | M] () -- C:\Users\svenja\Desktop\join.me.lnk
[2012.11.15 10:54:57 | 000,628,524 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.15 10:54:57 | 000,595,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.15 10:54:57 | 000,126,074 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.15 10:54:57 | 000,103,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 10:47:42 | 000,297,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.15 10:47:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.15 10:46:00 | 2146,611,200 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.15 08:51:09 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.15 08:29:47 | 000,541,569 | ---- | M] () -- C:\Users\svenja\Desktop\AdwCleaner.exe
[2012.11.09 10:13:39 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.09 10:13:39 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.11.09 10:04:06 | 000,001,233 | ---- | M] () -- C:\Users\svenja\Desktop\PDFCreator - Verknüpfung.lnk
[2012.11.09 08:19:02 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\OTLauncher.lnk
[2012.11.08 10:52:19 | 000,000,021 | ---- | M] () -- C:\Users\svenja\AppData\Local\mc.pixel.data
[2012.11.07 09:47:35 | 000,083,912 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012.11.07 09:47:34 | 000,092,072 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012.11.07 09:47:34 | 000,031,144 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2012.11.05 08:41:45 | 000,000,905 | ---- | M] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.28 11:16:54 | 000,001,950 | ---- | C] () -- C:\Users\svenja\Desktop\HiJackThis.lnk
[2012.11.28 10:56:05 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.23 10:02:08 | 000,142,336 | ---- | C] () -- C:\Users\svenja\Desktop\SignageStudio.exe
[2012.11.22 11:08:06 | 000,000,099 | ---- | C] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat
[2012.11.22 11:07:54 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SignageStudio.lnk
[2012.11.22 11:07:53 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\SignageStudio.lnk
[2012.11.21 20:45:40 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.11.21 11:38:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.17 21:55:06 | 000,427,829 | ---- | C] () -- C:\Users\svenja\Desktop\silvestermailing2012.pdf
[2012.11.15 12:29:52 | 000,000,907 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
[2012.11.15 12:29:50 | 000,000,907 | ---- | C] () -- C:\Users\svenja\Desktop\join.me.lnk
[2012.11.15 08:51:08 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.15 08:51:08 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.15 08:29:35 | 000,541,569 | ---- | C] () -- C:\Users\svenja\Desktop\AdwCleaner.exe
[2012.11.09 10:13:39 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.09 10:13:39 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.11.09 08:19:02 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\OTLauncher.lnk
[2012.11.05 08:41:44 | 000,000,905 | ---- | C] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk
[2012.08.25 10:33:41 | 000,003,730 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\wklnhst.dat
[2011.12.18 15:25:02 | 000,094,564 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.12.05 18:21:29 | 000,000,600 | ---- | C] () -- C:\Users\svenja\AppData\Local\PUTTY.RND
[2011.11.06 14:23:06 | 000,273,500 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011.11.06 14:23:06 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011.10.22 23:09:14 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.10.22 23:09:13 | 000,138,056 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\PnkBstrK.sys
[2011.10.22 23:08:58 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.10.22 23:08:41 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.09.18 08:46:54 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2011.09.18 08:45:16 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2011.09.18 08:45:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2011.08.15 07:03:39 | 000,274,115 | ---- | C] () -- C:\Windows\hpwins05.dat.temp
[2011.08.15 06:59:15 | 000,000,725 | ---- | C] () -- C:\Windows\wsnk.ini
[2011.08.08 20:28:49 | 000,000,021 | ---- | C] () -- C:\Users\svenja\AppData\Local\mc.pixel.data
[2011.08.01 09:19:15 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp
[2011.05.04 07:35:40 | 000,000,680 | ---- | C] () -- C:\Users\svenja\AppData\Local\d3d9caps.dat
[2011.04.11 18:32:36 | 000,001,940 | ---- | C] () -- C:\Users\svenja\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.12.19 19:19:14 | 000,000,054 | ---- | C] () -- C:\Windows\System32\opentable.ini
[2009.06.25 19:49:47 | 000,000,092 | ---- | C] () -- C:\Users\svenja\AppData\Local\cuyyo.bat
[2009.06.02 09:47:50 | 000,024,206 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\UserTile.png
[2009.01.14 18:55:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.21 12:12:15 | 000,015,872 | ---- | C] () -- C:\Users\svenja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.20 15:57:10 | 000,001,891 | ---- | C] () -- C:\Users\svenja\ZENcast Organizer.lnk
[2008.07.20 15:56:45 | 000,000,124 | ---- | C] () -- C:\Users\svenja\ZEN Media Explorer.lnk
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.09.08 05:43:38 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\Memeo
[2011.09.08 05:43:38 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\Seagate
[2012.03.14 08:33:32 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\Thunderbird
[2012.07.25 20:39:05 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\YouSendIt
[2012.11.08 11:18:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\convert
[2012.11.29 13:28:08 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Dropbox
[2012.11.29 10:44:55 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FileZilla
[2011.11.29 18:25:42 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FLAC to MP3 Converter
[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Image Zone Express
[2011.08.22 18:46:46 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Leadertech
[2009.07.22 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\LEAPS
[2011.02.07 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Local
[2011.08.22 18:52:51 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Memeo
[2012.11.22 08:30:53 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org
[2012.11.15 08:43:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\pdfforge
[2009.06.02 09:47:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\PeerNetworking
[2009.07.22 16:59:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Pegasys Inc
[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Printer Info Cache
[2011.07.22 06:16:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Registry Mechanic
[2011.08.22 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seagate
[2011.12.05 16:42:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seas0nPass
[2012.11.22 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1
[2010.01.31 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Sony
[2012.11.22 10:58:47 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\TeamViewer
[2012.08.25 10:33:48 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Template
[2011.07.20 08:29:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Thunderbird
[2012.08.17 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\uTorrent
[2012.01.06 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\XMedia Recode
[2012.07.11 12:52:00 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\YouSendIt
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.07.23 08:44:02 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.06.21 15:21:46 | 000,000,000 | ---D | M] -- C:\Acer
[2012.03.12 08:48:25 | 000,000,000 | ---D | M] -- C:\AirPrint
[2008.03.29 10:01:33 | 000,000,000 | ---D | M] -- C:\Book
[2009.12.24 15:54:34 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.11.28 11:16:55 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.06.21 15:08:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.03.29 10:01:33 | 000,000,000 | ---D | M] -- C:\DRV
[2008.03.29 03:31:02 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.08.16 11:37:40 | 000,000,000 | ---D | M] -- C:\N360_BACKUP
[2012.05.26 12:04:08 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.11.09 08:18:38 | 000,000,000 | ---D | M] -- C:\OpenTable
[2008.08.30 02:27:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.28 11:16:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.28 10:56:02 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.06.21 15:08:38 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.29 15:32:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.05 15:38:55 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.28 11:14:52 | 000,000,000 | ---D | M] -- C:\vom Netz
[2012.11.19 11:09:43 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.11.22 11:06:49 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Adobe
[2011.12.19 16:52:37 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Apple Computer
[2012.11.08 11:18:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\convert
[2011.02.04 10:18:10 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Creative
[2011.02.07 12:45:07 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\DivX
[2012.11.29 13:28:08 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Dropbox
[2009.12.25 17:58:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FastStone
[2012.11.29 10:44:55 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FileZilla
[2011.11.29 18:25:42 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FLAC to MP3 Converter
[2010.12.19 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\HP
[2012.11.17 16:56:51 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\HPAppData
[2012.01.03 20:11:49 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\HpUpdate
[2008.06.21 15:18:37 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Identities
[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Image Zone Express
[2010.12.19 12:03:24 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\InstallShield
[2011.08.22 18:46:46 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Leadertech
[2009.07.22 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\LEAPS
[2011.02.07 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Local
[2012.03.05 11:17:14 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Logishrd
[2012.03.05 11:17:05 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Logitech
[2008.06.21 15:19:20 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Macromedia
[2012.11.28 10:56:25 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Media Center Programs
[2011.08.22 18:52:51 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Memeo
[2012.11.28 10:44:25 | 000,000,000 | --SD | M] -- C:\Users\svenja\AppData\Roaming\Microsoft
[2008.06.23 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Mozilla
[2012.03.05 15:39:02 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Nero
[2012.11.22 08:30:53 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org
[2012.11.15 08:43:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\pdfforge
[2009.06.02 09:47:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\PeerNetworking
[2009.07.22 16:59:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Pegasys Inc
[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Printer Info Cache
[2011.07.22 06:16:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Registry Mechanic
[2011.08.22 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seagate
[2011.12.05 16:42:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seas0nPass
[2012.11.22 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1
[2010.01.31 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Sony
[2012.11.22 10:58:47 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\TeamViewer
[2012.08.25 10:33:48 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Template
[2011.07.20 08:29:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Thunderbird
[2012.08.17 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\uTorrent
[2009.11.26 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\vlc
[2012.01.06 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\XMedia Recode
[2012.07.11 12:52:00 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\YouSendIt
 
< %APPDATA%\*.exe /s >
[2012.11.08 19:59:06 | 012,697,088 | ---- | M] () -- C:\Users\svenja\AppData\Roaming\convert\convert.exe
[2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.08.27 05:21:14 | 000,874,384 | ---- | M] (Dropbox, Inc.) -- C:\Users\svenja\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.08.27 05:21:24 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\svenja\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.11.22 11:03:54 | 000,055,424 | ---- | M] (Adobe Systems Inc.) -- C:\Users\svenja\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.09.15 13:43:34 | 030,178,880 | ---- | M] (Memeo) -- C:\Users\svenja\AppData\Roaming\Memeo\AutoBackup\temp\7876_sgmr_ib_ALL_IN_ONE_setup.exe
[2012.11.28 11:16:55 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\svenja\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011.02.21 07:08:03 | 000,010,134 | R--- | M] () -- C:\Users\svenja\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.08.22 18:54:15 | 014,225,048 | ---- | M] () -- C:\Users\svenja\AppData\Roaming\Seagate\Seagate Dashboard\temp\SeagateDashboard_1421_Better_Setup.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
[2008.03.29 10:02:12 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.03.29 10:02:11 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.03.29 10:02:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008.03.29 10:02:20 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008.03.29 10:02:21 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,540 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.30 12:12:18 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000Core.job
[2011.01.30 12:12:20 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000UA.job
[2011.02.07 15:53:01 | 000,000,438 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for svenja.job
[2011.10.03 16:18:05 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.10.03 16:18:07 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.11.21 11:38:12 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:0EA9150163ACD6C9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

--- --- ---

[/CODE]

cosinus · 29.11.2012, 16:20

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
@Alternate Data Stream - 24 bytes -> C:\Windows:0EA9150163ACD6C9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

maxi03 · 29.11.2012, 16:52

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
ADS C:\Windows:0EA9150163ACD6C9 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\svenja\Desktop\cmd.bat deleted successfully.
C:\Users\svenja\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 58264 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: marcus
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 938 bytes
->Java cache emptied: 11829032 bytes
->FireFox cache emptied: 35765729 bytes
->Flash cache emptied: 6215 bytes
 
User: NeroMediaHomeUser.4
->Temp folder emptied: 14336 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
User: svenja
->Temp folder emptied: 60167662 bytes
->Temporary Internet Files folder emptied: 13276812 bytes
->Java cache emptied: 30391252 bytes
->FireFox cache emptied: 74426129 bytes
->Google Chrome cache emptied: 135161695 bytes
->Flash cache emptied: 61384 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1924422 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 44175592 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 322 bytes
RecycleBin emptied: 1209958434 bytes
 
Total Files Cleaned = 1.542,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11292012_163612

Files\Folders moved on Reboot...
File\Folder C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp\etilqs_8lTBtiE07W0fqVjY5eWD not found!
File\Folder C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp\etilqs_8lTBtiE07W0fqVjY5eWD-journal not found!
File\Folder C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp\etilqs_Fba6A8Y2B092SS9dqjzc not found!
File\Folder C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp\etilqs_Fba6A8Y2B092SS9dqjzc-journal not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 29.11.2012, 16:53

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

maxi03 · 29.11.2012, 17:12

Da ist alles sauber auch der ESET findet nix.
Öffnen eines neuen TAB in Crome bringt immer noch den MyStart IncrediBar.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.28.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16443
svenja :: MARCUS-PC [Administrator]

28.11.2012 10:57:19
mbam-log-2012-11-28 (10-57-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 296830
Laufzeit: 9 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\$RECYCLE.BIN\S-1-5-21-1101760962-3014260797-1857789441-1000\$ROZ310I.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt.

(Ende)

Hier der ESET scan

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251A
# version=7
# iexplore.exe=9.00.8112.16443 (WIN7_IE9_GDR.120227-1545)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4bfc3736d0c54140a0e1acf9d9aebf5b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-29 04:26:09
# local_time=2012-11-29 05:26:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 112157 112157 0 0
# compatibility_mode=3589 16777213 100 74 6168 104868865 0 0
# compatibility_mode=5892 16776573 100 100 128858 191739097 0 0
# compatibility_mode=8192 67108863 100 0 4978 4978 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16443 (WIN7_IE9_GDR.120227-1545)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4bfc3736d0c54140a0e1acf9d9aebf5b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-29 04:26:52
# local_time=2012-11-29 05:26:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 112200 112200 0 0
# compatibility_mode=3589 16777213 100 74 6211 104868908 0 0
# compatibility_mode=5892 16776573 100 100 128901 191739140 0 0
# compatibility_mode=8192 67108863 100 0 5021 5021 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0

cosinus · 29.11.2012, 17:40

Bitte die Funde mit Malwarebytes entfernen, diese npmieze ist dem adwCleaner und auch mir durch die Lappen gegangen

maxi03 · 29.11.2012, 17:48

... sind gelöscht. System ist neu gestartet. Leider ist der Feind immer noch nicht besiegt!!
Malwarebytes erklärt mir das alles sauber ist.

cosinus · 29.11.2012, 20:21

Eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

29.11.2012, 17:40	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Incredibar lässt sich nicht entfernen! Bitte die Funde mit Malwarebytes entfernen, diese npmieze ist dem adwCleaner und auch mir durch die Lappen gegangen __________________ Logfiles bitte immer in CODE-Tags posten

Incredibar lässt sich nicht entfernen!

Log-Analyse und Auswertung: Incredibar lässt sich nicht entfernen!