Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Google öffnet unerwünschte Seiten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.12.2012, 16:52   #1
ToxicLilith
 
Google öffnet unerwünschte Seiten - Standard

Google öffnet unerwünschte Seiten



Hallo erstmal!

Ich bin noch ziemlich neu hier aber hoffe trotzdem, das ich das richtige Forum dafür erwischt habe.

Nun zum Problem:
Ich habe seit gestern das Problem das Google mir ständig unerwünschte Seiten öffnet wie z.B. Pornoseiten, Versicherungsseiten und solch ein Kram. Es ist egal auf welche Seite ich gehen möchte, wie z.B. Ebay, Spieletipps oder sogar Postbank, ich werde immer wieder weitergeleitet. Ich habe mich auch seit gestern nirgends mehr angemeldet, weil ich natürlich Angst um meine Passwörter habe. Darauf hin habe ich mich ein wenig schlau gemacht und bin dann auf das Programm "HijackThis" aufmerksam geworden.
Ich habe dort mal alles gut durchgelesen und habe beschlossen mein Logfile hier zu posten, in der Hoffnung das jemand etwas finden kann.



Hier das Logfile:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:25:10, on 29.12.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\WTClient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Users\JenniferBäcker\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6a92db81000000000000002268075273&tlver=1.4.19.19&affID=17159
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (file missing)
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\system32\Msdxm6.ocx
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (file missing)
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Procaster] "C:\Program Files\Livestream Procaster\Procaster.exe" -autorun
O4 - HKLM\..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Anktlhfdq] rundll32 "C:\Windows\system32\perftsx.dll",Ayulc
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Shadow.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate1c9a0c944d9725f) (gupdate1c9a0c944d9725f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE
         
Vielen Dank schon mal im vorraus für die Hilfe!

Alt 29.12.2012, 17:23   #2
markusg
/// Malware-holic
 
Google öffnet unerwünschte Seiten - Standard

Google öffnet unerwünschte Seiten



Hi
das nächste mal, sei so gut, und lies die angepinnten Themen, HJT logs will eig keiner mehr sehen :-)
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 29.12.2012, 18:05   #3
ToxicLilith
 
Google öffnet unerwünschte Seiten - Standard

Google öffnet unerwünschte Seiten



Erstmal Danke für die schnelle Antwort! (:
Ist ganz schön viel krams...

Hier die Extras.Txt :

Code:
ATTFilter
OTL Extras logfile created on: 29.12.2012 18:35:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JenniferBäcker\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,21% Memory free
6,21 Gb Paging File | 4,70 Gb Available in Paging File | 75,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 233,79 Gb Total Space | 63,42 Gb Free Space | 27,13% Space Free | Partition Type: NTFS
Drive D: | 350,66 Gb Total Space | 350,17 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
 
Computer Name: JENNYB | User Name: JenniferBäcker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14CEF469-9619-4F6A-A863-DCCEB2AE6C3E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{36E0A786-7804-4B9C-9CF7-F1C607665221}" = rport=137 | protocol=17 | dir=out | app=system | 
"{415C0B0D-CF58-44AD-BD58-34D726A67B49}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6BD1B4AB-FDFA-4A76-AA64-D4593B60707A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{92CCF2B9-6F0A-486F-924F-AB5B64C2E651}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A061B8E9-A6F1-4F64-BFB0-275EE8686E4F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CBC8CBC1-8624-46D2-AFD7-BA2C84465BF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D2B25105-0C7B-4AF7-9D47-C8EED793FC77}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D71615AA-F15F-48FE-B47C-147831A972BA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E1C93E08-12E9-4CAC-93B1-E29ABAA1B926}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F18B72E0-4794-4BFB-B591-F999F9CBDB9B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F71D736D-EF6F-4137-9620-C3BC08940F0E}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F5667E-C0B9-4A18-B478-B5A888D6D523}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{0360D87C-A087-4FE3-8C72-5BE4A16161A4}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | 
"{044345C8-C362-4F9A-B2D3-5BB13ABCC462}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{04DC932E-FC53-4A39-B19C-19E3D60C75F8}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{07AE7439-AEFE-45EC-970D-D9A5362DD2C8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{12C675BC-478E-4EC0-A622-1B862B3947E2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{1ADF6CFF-E6B2-4B5E-AB5A-063BEE9AF0AB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{1F614A90-6957-4909-B11E-322220A6AC97}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{20FB5BF1-850C-428A-8050-5E6C457557BA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{21647019-063E-4945-BB6F-4C30D8B7F5E3}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{23AD8B61-02A4-4393-973A-8C105C71A9F2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{372EA25D-D82A-4779-985E-3687F66D5714}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{37AC062B-6333-4141-B011-E8C6490402FC}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{3A650B37-B94C-46E5-8D4F-BD01E5AE0D94}" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"{3D9BD45F-9600-4035-BDA3-BC53C2E37CEA}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{3F6C379A-6674-4326-8FD9-2D832673204C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{43CC4A50-2A9D-4202-94F6-D8E183B19E49}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{46096364-B33E-4A26-80EB-4B12B70CCDB2}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{5C1DE0C6-4C39-4E41-A47E-42E189BD8D30}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 
"{614096D8-B776-4150-9142-5C15073EC1F1}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{6207687F-FE96-4A07-8FFE-0BAE17476E0D}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{64A52372-1FD9-4440-9BA7-61D3BE265F94}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{69AAB61C-0180-4105-9088-16FF20D09F29}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{6A33C1E6-2D72-4E38-A9AA-76F4D5B2CAA2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{6CEBCE0A-952D-4BBB-82A0-B763CB7CD407}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | 
"{6FCCD595-2510-4D7F-B030-923783EDB95A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{707F5179-2255-46C8-A857-B552BCC3F83A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{7AE54199-A377-4275-9306-DE38583EC780}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{7D64ACEB-5050-4302-91AF-91BC8AE4E1B4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{7E37BAD3-BA62-4BA3-93A3-C0AC3148A397}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{834B1D06-0E32-44E2-A03D-1D5BA8ED970E}" = protocol=6 | dir=in | app=c:\users\jenniferbäcker\appdata\local\temp\update_8bbf.exe | 
"{8A382E69-BEC5-434B-91A2-1C7FC9F6A0EF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{8B76192E-BBFC-41C6-AD09-78A265A26890}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 
"{92835B57-D3AE-4C58-8011-7096CDE4835A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{98EEB72D-CD86-4C51-A70F-7C59C1DD4168}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{9C21BFE9-C21D-4146-9E48-FA2499D28C7D}" = protocol=17 | dir=in | app=c:\users\jenniferbäcker\appdata\local\temp\update_8bbf.exe | 
"{9F3BD9D2-BA84-4239-9C64-E285125243B2}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{A89A2F54-8A5E-4AB8-B216-9C98ABA39CE8}" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"{AD384ADF-0B7E-48A4-B542-15FB10E2E023}" = protocol=17 | dir=in | app=c:\users\jenniferbäcker\downloads\pdf_reader_setup.exe | 
"{AFA3ABF2-1C08-4AFA-A284-5BAAED59F6A7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B0083FCC-BDE3-4650-BEC9-1EF6B6DA85CC}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{B76114AA-65E6-45FF-92DC-4C41FAF20C0C}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{BDC7C81F-3122-419F-B443-F51735C01687}" = protocol=6 | dir=in | app=c:\users\jenniferbäcker\downloads\pdf_reader_setup.exe | 
"{BE077AB2-6B4A-41F2-AFFE-8FA8E1A0C824}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{BF3C507D-D25D-462A-9D2E-CE4FBAF7047D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{C3EB4E95-52CA-4AFB-B8B3-453DC4FA4DE2}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{C61199BB-AC2C-4543-A729-E9A937DCEDA5}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{C8D03E7C-C1A4-48EF-B4D3-731BF14D7508}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 
"{CB7DB70E-CEE9-41C9-B660-39FE67C5BD04}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{DE646053-28B7-4A7B-AA66-46ADFD5363E4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E9CF4757-A377-481B-844D-ACD14B87DE97}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{EE8D3ADC-5ABD-49E5-90BD-7D8EAEBF3ED4}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{FA2771D3-FB28-49DC-80DF-8E8731C50C8A}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{FE3C3DF2-23EC-4B4A-8115-07CFF1ED6227}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = Die Sims™ 3 Jahreszeiten
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C7F547E-DDE3-51BF-1D2E-04816F30AD66}" = ATI Catalyst Install Manager
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2008
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{809A3BCA-2B18-4B8D-A0DB-3AE01BCFAB4F}" = Hama Whitestorm Pad
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PhotoScape" = PhotoScape
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.1
"RocketDock_is1" = RocketDock 1.3.5
"ScreenshotCaptor_is1" = Screenshot Captor 2.56.01
"smqaiqw" = Favorit
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 550" = Left 4 Dead 2
"SystemRequirementsLab" = System Requirements Lab
"TabletDriver" = Tablet Driver V5.02
"Uplay" = Uplay
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-DC Universe Online Live" = DC Universe Online Live
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.12.2012 15:42:20 | Computer Name = JennyB | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 25.12.2012 15:42:22 | Computer Name = JennyB | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 25.12.2012 19:23:47 | Computer Name = JennyB | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.12.2012 04:41:14 | Computer Name = JennyB | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.12.2012 05:29:55 | Computer Name = JennyB | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.12.2012 07:34:09 | Computer Name = JennyB | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.12.2012 09:52:06 | Computer Name = JennyB | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 28.12.2012 04:28:44 | Computer Name = JennyB | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.12.2012 07:13:42 | Computer Name = JennyB | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.12.2012 10:52:22 | Computer Name = JennyB | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.12.2012 05:44:30 | Computer Name = JennyB | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 28.12.2012 07:13:42 | Computer Name = JennyB | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28.12.2012 11:19:51 | Computer Name = JennyB | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 28.12.2012 11:19:51 | Computer Name = JennyB | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 28.12.2012 11:19:51 | Computer Name = JennyB | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
 
Error - 29.12.2012 05:44:30 | Computer Name = JennyB | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 29.12.2012 05:59:34 | Computer Name = JennyB | Source = BROWSER | ID = 8032
Description = 
 
Error - 29.12.2012 13:01:22 | Computer Name = JennyB | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 29.12.2012 13:01:25 | Computer Name = JennyB | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 29.12.2012 13:42:27 | Computer Name = JennyB | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 29.12.2012 13:42:29 | Computer Name = JennyB | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
 
< End of report >
         

Und die OTL.Txt :

Code:
ATTFilter
OTL logfile created on: 29.12.2012 18:35:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JenniferBäcker\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,21% Memory free
6,21 Gb Paging File | 4,70 Gb Available in Paging File | 75,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 233,79 Gb Total Space | 63,42 Gb Free Space | 27,13% Space Free | Partition Type: NTFS
Drive D: | 350,66 Gb Total Space | 350,17 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
 
Computer Name: JENNYB | User Name: JenniferBäcker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.29 18:34:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JenniferBäcker\Desktop\OTL.exe
PRC - [2012.10.28 20:29:04 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Programme\Common Files\Steam\SteamService.exe
PRC - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.04 10:20:24 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe
PRC - [2010.06.01 20:46:26 | 000,073,728 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe
PRC - [2009.10.30 19:19:22 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\Windows\System32\WTClient.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.09.30 16:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2008.09.30 16:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.07.29 17:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.06.02 09:26:38 | 000,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008.06.02 09:26:22 | 000,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.05.20 17:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008.05.20 11:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.15 10:22:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
MOD - [2012.11.15 09:13:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012.11.15 09:13:29 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012.11.15 09:12:21 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012.11.15 09:11:36 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012.10.28 20:29:02 | 020,317,008 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll
MOD - [2012.10.28 20:28:59 | 000,902,480 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll
MOD - [2012.10.28 20:28:57 | 000,123,232 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll
MOD - [2012.10.28 20:28:55 | 000,190,816 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll
MOD - [2012.10.28 20:28:53 | 001,099,616 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll
MOD - [2010.09.28 20:00:56 | 000,217,088 | ---- | M] () -- C:\Windows\System32\WinTab32.dll
MOD - [2010.05.14 00:03:42 | 000,232,960 | ---- | M] () -- C:\Windows\System32\MyDrawLineWindowDll.dll
MOD - [2008.12.24 23:56:12 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3009.0__739b31b1908c49e5\Framework.UIComponent.dll
MOD - [2008.12.24 23:56:12 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.12.24 23:56:12 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
MOD - [2008.12.24 23:56:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.12.24 23:56:11 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
MOD - [2008.07.29 17:52:38 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008.07.29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.06.02 09:26:38 | 000,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\SysMonitor.exe
MOD - [2008.06.02 09:26:22 | 000,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe
MOD - [2008.06.02 09:25:36 | 000,013,824 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.Presenter.dll
MOD - [2008.06.02 09:25:02 | 000,005,120 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\de\Framework.AppBar.resources.dll
MOD - [2008.06.02 09:25:00 | 001,822,720 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.AppBar.dll
MOD - [2008.04.23 10:56:34 | 000,020,480 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eSettings\eSettings.QuickMenu.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll
MOD - [2004.08.03 18:31:38 | 000,121,344 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.11 19:21:45 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.07 19:01:14 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.28 20:29:04 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2010.06.01 20:46:26 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\drivers\WTSrv.exe -- (WinTabService)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.05.20 17:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\tclondrv.sys -- (tclondrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Tablet2k.sys -- (Tablet2k)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\SMR162.SYS -- (SMR162)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2012.10.24 00:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20121130.005\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.09.13 20:43:45 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121228.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.09.13 20:43:45 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121228.023\NAVENG.SYS -- (NAVENG)
DRV - [2012.09.01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121228.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.12 11:22:18 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.12 11:22:18 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA)
DRV - [2012.04.18 03:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symtdiv.sys -- (SYMTDIv)
DRV - [2012.04.18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON)
DRV - [2012.04.05 19:59:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.08.15 23:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS)
DRV - [2009.12.09 02:36:26 | 000,017,120 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2009.09.03 21:07:04 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.10.17 09:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008.10.17 09:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2008.09.08 23:10:24 | 000,014,848 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2008.06.02 09:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.02.25 16:29:24 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2008.02.25 16:29:24 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007.12.19 07:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007.10.12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2007.06.08 02:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2007.04.24 00:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2006.10.30 04:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2006.08.11 14:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04)
DRV - [2006.07.05 13:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a)
DRV - [2006.06.14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2004.04.08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.04.08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6a92db81000000000000002268075273&tlver=1.4.19.19&affID=17159
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=kwtb&component=&c=GNKIW29197&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b27a9fab0-caaf-4517-90f8-9ad850dafdff%7d&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{07ADD379-B5C1-4124-9825-1B6A2BBA0671}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms}
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=kwtb&component=&c=GNKIW29197&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b27a9fab0-caaf-4517-90f8-9ad850dafdff%7d&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=6a92db81000000000000002268075273
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?cbid=LS&said={D72C1780-13C1-4BA7-8AC2-00659AB7D6FE}&q={searchTerms}&crm=1&sads=1
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6a92db81000000000000002268075273&tlver=1.4.19.19&affID=17159
IE - HKCU\..\SearchScopes\{1F811A20-6353-4E18-B336-7A76A6B77185}: "URL" = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{40098A72-690E-40C1-AFAB-64D132FA3F7C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_deDE307
IE - HKCU\..\SearchScopes\{78205594-7442-4042-81D7-F34BCE9A05DA}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18
IE - HKCU\..\SearchScopes\{BA205791-59D5-4528-ACFE-57C66ED61C8E}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\..\SearchScopes\{DE2F5134-024B-4655-9C57-EEFE2A7C9B95}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.2: "WEB.DE Suche"
FF - prefs.js..browser.search.order.3: "1und1 Suche"
FF - prefs.js..browser.search.order.4: "amazon.de"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: finder%40meingutscheincode.de:3.0.3
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.26
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.9
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81b1}:2.2
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.4
FF - prefs.js..extensions.enabledItems: {da7f40f0-8675-11db-b606-0800200c9a66}:3.04
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=6a92db81000000000000002268075273&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.04.05 20:04:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.12.29 10:43:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.29 17:07:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 19:01:09 | 000,000,000 | ---D | M]
 
[2009.03.30 08:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Extensions
[2012.11.21 11:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions
[2010.04.29 06:48:54 | 000,000,000 | ---D | M] (Vista on XP) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}
[2010.04.29 06:48:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.24 19:32:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.02.18 12:47:27 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.04.09 17:16:45 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009.11.26 09:41:10 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2011.03.30 19:09:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\engine@conduit.com
[2012.10.12 18:29:30 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\info@djzig.com
[2009.09.25 23:14:20 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\moveplayer@movenetworks.com
[2009.07.23 17:10:13 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\NPDyyno@dyyno.com
[2011.03.13 11:53:00 | 000,000,000 | ---D | M] (Personas) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\personas@christopher.beard
[2012.11.18 01:27:46 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\extensions\compatibility@addons.mozilla.org.xpi
[2011.09.24 21:20:14 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\extensions\finder@meingutscheincode.de.xpi
[2012.02.19 17:22:34 | 000,562,656 | ---- | M] () (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\extensions\redshift_V2@shift-themes.com.xpi
[2011.08.21 09:15:25 | 000,553,072 | ---- | M] () (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}.xpi
[2012.10.18 22:13:18 | 001,379,887 | ---- | M] () (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\extensions\{da7f40f0-8675-11db-b606-0800200c9a66}.xpi
[2012.11.21 11:53:10 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.12.29 00:40:17 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-11.xml
[2010.07.28 16:45:46 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-12.xml
[2010.10.22 11:18:42 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-13.xml
[2010.10.29 13:53:12 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-14.xml
[2010.12.11 12:08:06 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-15.xml
[2009.12.18 14:19:29 | 000,000,961 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-2.xml
[2010.01.15 18:17:15 | 000,000,961 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-3.xml
[2010.02.13 18:45:14 | 000,000,961 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-4.xml
[2010.03.25 12:26:26 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-5.xml
[2010.04.03 11:33:54 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-6.xml
[2010.05.03 11:46:42 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-7.xml
[2010.06.23 20:16:57 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-8.xml
[2010.06.27 09:30:53 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-9.xml
[2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin.xml
[2012.12.29 00:40:18 | 000,002,121 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\personas-for-firefox.xml
[2011.02.14 17:44:02 | 000,002,449 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\safesearch.xml
[2012.12.29 17:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\JENNIFERBäCKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GP34144L.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
File not found (No name found) -- C:\USERS\JENNIFERBäCKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GP34144L.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
File not found (No name found) -- C:\USERS\JENNIFERBäCKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GP34144L.DEFAULT\EXTENSIONS\MOVEPLAYER@MOVENETWORKS.COM
File not found (No name found) -- C:\USERS\JENNIFERBäCKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GP34144L.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.27 18:27:16 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll File not found
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll File not found
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [Procaster] "C:\Program Files\Livestream Procaster\Procaster.exe" -autorun File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [Anktlhfdq] C:\Windows\System32\perftsx.dll ()
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\JenniferBäcker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\JenniferBäcker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk =  File not found
O4 - Startup: C:\Users\JenniferBäcker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk =  File not found
O4 - Startup: C:\Users\JenniferBäcker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Y'z Shadow.lnk =  File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = C:\Windows\Resources\Themes\Inspirat2\Inspirat2.msstyles
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8DD894E-93CF-47DD-B1B1-C5C8F97EA19F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\JenniferBäcker\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\JenniferBäcker\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {51F7069C-B6E6-C546-638E-3588F0E30B23} - Java (Sun)
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: >{b045cd24-4d2a-460b-b781-b78f934514d5} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.29 18:34:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JenniferBäcker\Desktop\OTL.exe
[2012.12.29 17:22:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\JenniferBäcker\Desktop\HiJackThis204.exe
[2012.12.28 17:56:36 | 000,000,000 | ---D | C] -- C:\Users\JenniferBäcker\Desktop\Originals
[2012.12.28 17:49:19 | 000,000,000 | ---D | C] -- C:\Users\JenniferBäcker\Desktop\Desktop
[2012.12.25 20:51:01 | 000,000,000 | ---D | C] -- C:\Users\JenniferBäcker\Desktop\brusches
[2012.12.07 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[61 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.29 18:34:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JenniferBäcker\Desktop\OTL.exe
[2012.12.29 18:28:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.29 18:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.29 17:22:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\JenniferBäcker\Desktop\HiJackThis204.exe
[2012.12.29 17:07:50 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.29 17:01:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.29 17:01:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.29 15:01:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.29 10:50:21 | 000,685,180 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.29 10:50:21 | 000,643,614 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.29 10:50:21 | 000,150,162 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.29 10:50:21 | 000,123,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.29 10:43:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.12.29 10:43:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.28 20:15:31 | 000,455,425 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\shepmaleXliara_Bild1.jpg
[2012.12.28 20:13:01 | 000,034,816 | -H-- | M] () -- C:\Users\JenniferBäcker\Desktop\photothumb.db
[2012.12.28 20:12:35 | 000,469,047 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara04.jpg
[2012.12.28 20:01:33 | 000,433,349 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara03.jpg
[2012.12.28 19:57:20 | 000,564,649 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara02.jpg
[2012.12.28 19:56:55 | 006,181,820 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara01.tif
[2012.12.28 18:31:04 | 000,621,084 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\melm1.png
[2012.12.28 18:03:55 | 000,739,001 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\meshep1.png
[2012.12.28 17:56:36 | 001,552,102 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\bg4.png
[2012.12.28 17:49:58 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\pgvws.job
[2012.12.28 17:49:57 | 000,114,688 | RHS- | M] () -- C:\Windows\System32\perftsx.dll
[2012.12.28 17:49:23 | 000,435,408 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\clickme_flava_stevenson.zip
[2012.12.28 17:47:18 | 000,751,004 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\shep1.png
[2012.12.28 17:41:32 | 000,006,063 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\liaramaleshep2.scene
[2012.12.28 17:41:18 | 000,003,316 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\liaramaleshep.pose
[2012.12.28 17:41:04 | 004,268,048 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara_prozess.png
[2012.12.28 16:00:24 | 000,335,890 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\bg3.jpg
[2012.12.28 15:58:15 | 002,017,362 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\bg2.png
[2012.12.28 15:54:40 | 000,219,546 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\bg1.jpg
[2012.12.25 20:20:06 | 000,002,764 | ---- | M] () -- C:\Users\JenniferBäcker\.recently-used.xbel
[2012.12.22 17:05:55 | 000,413,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.21 20:48:04 | 000,405,195 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\tumblr_m7y4icgG421r05vxjo1_500.jpg
[2012.12.13 11:18:23 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.12.13 11:17:17 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Jahreszeiten.lnk
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[61 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.29 17:07:50 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.28 20:15:31 | 000,455,425 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\shepmaleXliara_Bild1.jpg
[2012.12.28 20:12:32 | 000,469,047 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara04.jpg
[2012.12.28 20:01:33 | 000,433,349 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara03.jpg
[2012.12.28 19:57:17 | 000,564,649 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara02.jpg
[2012.12.28 18:30:09 | 000,621,084 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\melm1.png
[2012.12.28 18:07:34 | 006,181,820 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara01.tif
[2012.12.28 18:03:10 | 000,739,001 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\meshep1.png
[2012.12.28 17:52:25 | 001,552,102 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\bg4.png
[2012.12.28 17:49:58 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\pgvws.job
[2012.12.28 17:49:57 | 000,114,688 | RHS- | C] () -- C:\Windows\System32\perftsx.dll
[2012.12.28 17:49:23 | 000,435,408 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\clickme_flava_stevenson.zip
[2012.12.28 17:47:18 | 000,751,004 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\shep1.png
[2012.12.28 17:41:32 | 000,006,063 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\liaramaleshep2.scene
[2012.12.28 17:41:17 | 000,003,316 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\liaramaleshep.pose
[2012.12.28 17:41:01 | 004,268,048 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara_prozess.png
[2012.12.28 16:00:24 | 000,335,890 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\bg3.jpg
[2012.12.28 15:58:15 | 002,017,362 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\bg2.png
[2012.12.28 15:54:40 | 000,219,546 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\bg1.jpg
[2012.12.25 20:20:06 | 000,002,764 | ---- | C] () -- C:\Users\JenniferBäcker\.recently-used.xbel
[2012.12.21 20:48:03 | 000,405,195 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\tumblr_m7y4icgG421r05vxjo1_500.jpg
[2012.12.13 11:18:23 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.12.13 11:17:17 | 000,002,001 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Jahreszeiten.lnk
[2012.12.13 11:14:12 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.13 11:14:12 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.05.10 10:53:35 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2012.03.29 20:26:57 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.12.27 18:27:50 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.12.25 14:40:48 | 000,003,139 | ---- | C] () -- C:\Windows\Tablet8000x5000M.ini
[2011.12.25 14:32:22 | 000,000,142 | ---- | C] () -- C:\Windows\PenSign.INI
[2011.04.17 16:55:44 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.04.10 14:57:46 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.04.10 14:57:46 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.04.10 14:57:46 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.04.10 14:57:46 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.04.10 14:57:46 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.04.10 14:57:46 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.04.10 14:57:46 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.04.10 14:57:46 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.04.10 14:57:46 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.04.10 14:57:46 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.04.10 14:57:46 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.04.10 14:57:46 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.04.10 14:57:46 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.04.10 14:57:46 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.04.10 14:57:46 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.04.10 14:57:46 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.04.10 14:57:46 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.04.10 14:57:46 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.04.10 14:57:46 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.04.10 14:51:42 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2011.01.21 12:28:34 | 000,001,940 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.01.08 10:58:58 | 000,208,896 | ---- | C] () -- C:\Windows\System32\tb.dll
[2011.01.08 10:58:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ttb.dll
[2010.10.10 11:17:33 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.10.10 11:16:18 | 000,000,034 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010.10.10 11:16:14 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010.08.17 18:02:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.09 23:16:49 | 000,022,328 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Roaming\PnkBstrK.sys
[2009.06.05 19:53:54 | 000,000,058 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009.06.03 19:16:56 | 000,001,301 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\oyggo_navps.dat
[2009.06.03 19:16:55 | 000,417,036 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\oyggo_nav.dat
[2009.06.03 19:16:55 | 000,002,974 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\oyggo.dat
[2009.03.23 13:34:32 | 000,000,097 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\smqaiqw.bat
[2009.01.28 17:27:39 | 000,008,592 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\d3d9caps.dat
[2008.12.30 12:49:53 | 000,002,352 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Roaming\wklnhst.dat
[2008.12.25 00:04:51 | 000,038,912 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.10.08 15:33:56 | 000,000,000 | -HSD | M] -- C:\Users\JenniferBäcker\AppData\Roaming\.#
[2008.03.16 15:34:55 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Acer GameZone Console
[2009.02.14 10:42:00 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Ashampoo
[2011.12.27 18:27:13 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Babylon
[2010.03.02 17:52:25 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Bioshock
[2010.07.09 16:48:40 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Bioshock2
[2010.11.13 15:02:06 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Blender Foundation
[2009.03.26 14:21:05 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Clickteam
[2012.03.29 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\DesktopIconForAmazon
[2009.01.11 17:14:14 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Desperate Housewives
[2009.06.05 19:53:54 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\DonationCoder
[2008.12.30 12:47:37 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\eSobi
[2009.10.10 12:36:54 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\GetRightToGo
[2012.12.25 20:20:06 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\gtk-2.0
[2010.03.26 15:25:22 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Hasbro
[2009.02.14 10:58:37 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\IrfanView
[2009.06.16 18:54:40 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Leadertech
[2009.03.23 14:25:34 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\live-player
[2010.03.28 15:17:04 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\MrJobs
[2012.05.10 21:51:08 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\NevoSoft Games
[2012.05.10 17:19:13 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Oberon Games
[2012.03.29 21:05:27 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\OfficeRecovery
[2012.03.29 21:06:07 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\OfficeRecovery.6c86a929
[2009.01.28 18:55:44 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\OpenOffice.org
[2012.10.23 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Origin
[2012.09.16 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\PhotoScape
[2009.03.18 14:41:28 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\PlayFirst
[2011.04.17 17:56:23 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Serif
[2010.05.03 11:29:18 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\SumatraPDF
[2011.06.27 16:10:37 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\TeamViewer
[2009.02.12 09:11:46 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Template
[2011.05.03 16:28:53 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Tific
[2010.09.18 22:03:25 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\TS3Client
[2010.03.20 14:05:15 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Ubisoft
[2012.05.10 21:52:23 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\ViquaSoft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2008.12.24 23:32:32 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.05.30 09:42:38 | 000,000,000 | ---D | M] -- C:\ACER
[2008.03.16 16:05:19 | 000,000,000 | ---D | M] -- C:\book
[2009.10.20 17:56:20 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.12.13 11:24:19 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.12.24 23:28:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.05.11 02:41:38 | 000,000,000 | -HSD | M] -- C:\found.000
[2012.05.09 21:49:15 | 000,000,000 | -HSD | M] -- C:\found.001
[2012.11.11 12:31:09 | 000,000,000 | -HSD | M] -- C:\found.002
[2009.10.05 20:00:07 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.12.07 22:49:41 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.22 09:04:07 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.12.24 23:28:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.12.29 18:38:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.18 03:04:25 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.13 11:34:26 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[61 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,516 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.06.30 21:10:56 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.06.30 21:10:57 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.04.04 21:54:36 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.12.28 17:49:58 | 000,000,320 | ---- | C] () -- C:\Windows\Tasks\pgvws.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2007.12.19 07:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\ACER\Preload\msdrv\ahcix86s.sys
[2007.12.19 07:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Windows\System32\drivers\ahcix86s.sys
[2007.12.19 07:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_864d20f0\ahcix86s.sys
[2007.08.08 05:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ACER\Preload\Autorun\DRV\ATI Chipset RS780 RS740+SB700\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.22 05:59:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=76D70915EB81608DC6ACA87887FAB38F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_ddac250d3ab7a648\atapi.sys
[2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_3d9c5057\atapi.sys
[2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_dd25892021975283\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2010.10.04 12:56:17 | 000,004,608 | ---- | M] () MD5=EED7A4D972BB2F0F38E24159F67A08A4 -- C:\Users\JenniferBäcker\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v7AC6EAFE\Native\STUBEXE\@WINDIR@\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.03.16 08:05:50 | 013,115,392 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.03.16 08:05:42 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.03.16 08:05:50 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008.03.16 08:05:58 | 017,633,280 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008.03.16 08:06:00 | 006,668,288 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.12.28 17:49:57 | 000,114,688 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\perftsx.dll
[61 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.12.25 20:20:06 | 000,002,764 | ---- | M] () -- C:\Users\JenniferBäcker\.recently-used.xbel
[2012.12.29 18:55:51 | 005,505,024 | -HS- | M] () -- C:\Users\JenniferBäcker\ntuser.dat
[2012.12.29 18:55:51 | 000,262,144 | -H-- | M] () -- C:\Users\JenniferBäcker\ntuser.dat.LOG1
[2008.12.24 23:31:54 | 000,000,000 | -H-- | M] () -- C:\Users\JenniferBäcker\ntuser.dat.LOG2
[2012.12.29 01:28:20 | 000,065,536 | -HS- | M] () -- C:\Users\JenniferBäcker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.15 20:08:16 | 000,524,288 | -HS- | M] () -- C:\Users\JenniferBäcker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.12.29 01:28:20 | 000,524,288 | -HS- | M] () -- C:\Users\JenniferBäcker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.12.24 23:31:55 | 000,000,020 | -HS- | M] () -- C:\Users\JenniferBäcker\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:56F368C9
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:490BCC52
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:7AF9CAEB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0DFE2AE1

< End of report >
         
__________________

Alt 03.01.2013, 15:50   #4
markusg
/// Malware-holic
 
Google öffnet unerwünschte Seiten - Standard

Google öffnet unerwünschte Seiten



hi
sorry für späte Antwort, gesundes Neues

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.12.28 17:49:57 | 000,114,688 | RHS- | M] () -- C:\Windows\System32\perftsx.dll
[2012.12.28 17:49:58 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\pgvws.job
O4 - HKCU..\Run: [Anktlhfdq] C:\Windows\System32\perftsx.dll ()
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.



Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Google öffnet unerwünschte Seiten
adobe, bho, defender, desktop, ebay, excel, explorer, firefox, flash player, google, google falsche seite, hijack, hijackthis, hijackthis logfile, internet, internet explorer, logfile, mozilla, nvidia update, problem, programm, rundll, software, symantec, system, tablet, vista, windows



Ähnliche Themen: Google öffnet unerwünschte Seiten


  1. Google Weiterleitung auf unerwünschte Seiten, Microsoft Security Essentials und Windows Defender funktionieren nicht
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (10)
  2. Google redirect (unerwünschte Umleitungen auf andere Seiten)
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (20)
  3. Google, Umleitung auf unerwünschte Seiten
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (18)
  4. Google öffnet falsche Seiten.
    Plagegeister aller Art und deren Bekämpfung - 30.10.2012 (8)
  5. System kehrt immerwieder auf Desktop zurück, Google Links rufen unerwünschte Seiten auf
    Plagegeister aller Art und deren Bekämpfung - 10.08.2011 (13)
  6. Google-Weiterleitung auf unerwünschte Seiten
    Log-Analyse und Auswertung - 07.06.2011 (33)
  7. Google leitet auf unerwünschte Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 06.04.2011 (16)
  8. Unerwünschte Seiten nach google-Suche!
    Log-Analyse und Auswertung - 24.03.2011 (1)
  9. Browser öffnet Google Seiten oder Werbung, Google Suche funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 20.01.2011 (26)
  10. Firefox leitet bei google auf unerwünschte Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 10.03.2010 (1)
  11. Google öffnet andere Seiten
    Log-Analyse und Auswertung - 02.02.2010 (94)
  12. Google öffnet falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 26.08.2009 (1)
  13. Google öffnet falsche Seiten, Spybot öffnet sich nicht und PC geht immer wieder aus
    Plagegeister aller Art und deren Bekämpfung - 26.08.2009 (8)
  14. Browser öffnet unerwünschte Seiten-bitte HJT Auswertung
    Log-Analyse und Auswertung - 13.02.2008 (7)
  15. HILFE!!!! DRINGEND !!!! Internet Explorer öffnet automatisch unerwünschte Seiten
    Plagegeister aller Art und deren Bekämpfung - 17.01.2006 (7)
  16. IE6 öffnet unerwünschte Seiten !!!!!
    Log-Analyse und Auswertung - 14.11.2004 (7)
  17. HILFE!!!! DRINGEND !!!! Internet Explorer öffnet automatisch zwei unerwünschte Seiten
    Plagegeister aller Art und deren Bekämpfung - 12.11.2004 (14)

Zum Thema Google öffnet unerwünschte Seiten - Hallo erstmal! Ich bin noch ziemlich neu hier aber hoffe trotzdem, das ich das richtige Forum dafür erwischt habe. Nun zum Problem: Ich habe seit gestern das Problem das Google - Google öffnet unerwünschte Seiten...
Archiv
Du betrachtest: Google öffnet unerwünschte Seiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.