Malwarebytes bricht ständig ab

cosinus · 18.01.2013, 12:39

Schonmal was von Backup vorher gehört?!
Bevor man so einen riesigen Eingriff wie ein Update von Vista auf 7 oder 8 macht, versteht sich das Ganze von selbst!

Ich halte aber eher nichts von diesen Updaterei. Ich würde immer eine komplette Neuinstallation bevorzugen wenn ich zB von Vista auf 7 oder 8 umsatteln muss. Ist die sauberste Lösung.

Die nächsten nicht mehr für Bereinigung relevanten Fragen bitte später stellen! Ich mag es nicht wenn man hier ins offtopic schlittert und dadurch aus der Analyse gerissen wird.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Gentlegladur · 18.01.2013, 12:49

Cosinus, entschuldige bitte, war nicht böse gemeint. Ja Backup mache ich regelmäßig. Ich mach mich jetzt ans Combofix Werk.

Danke nochmal für deine geduldige Hilfe!

Kirstin

Combofix:

Code:

ATTFilter

ComboFix 13-01-17.04 - Kirstin 19.01.2013   9:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2429.1290 [GMT 1:00]
ausgeführt von:: c:\users\Kirstin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 72 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BrowserCompanion
c:\programdata\SPLE24A.tmp
c:\users\Kirstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\BackupManager.list
c:\users\Kirstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\eportoZip
c:\users\Kirstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\pplCsv.txt
c:\users\Kirstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\smartUpdate.txt
c:\users\Kirstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\tempCsv.txt
c:\users\Kirstin\AppData\Roaming\.#
c:\users\Kirstin\AppData\Roaming\.#\BackupManager.list
c:\users\Kirstin\Favorites\BackupManager.list
c:\users\Kirstin\GoToAssistDownloadHelper.exe
c:\users\Public\Favorites\BackupManager.list
c:\windows\system32\AutoRun.inf
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-19 bis 2013-01-19  ))))))))))))))))))))))))))))))
.
.
2013-01-19 09:20 . 2013-01-19 09:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-19 00:55 . 2013-01-19 00:55	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C87C1D0-E101-4DF3-B00E-9D311DABAD07}\offreg.dll
2013-01-18 06:49 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C87C1D0-E101-4DF3-B00E-9D311DABAD07}\mpengine.dll
2013-01-17 13:45 . 2013-01-17 13:45	110080	----a-r-	c:\users\Kirstin\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconF7A21AF7.exe
2013-01-17 13:45 . 2013-01-17 13:45	110080	----a-r-	c:\users\Kirstin\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconD7F16134.exe
2013-01-17 13:45 . 2013-01-17 13:45	110080	----a-r-	c:\users\Kirstin\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconCF33A0CE.exe
2013-01-17 13:45 . 2013-01-17 13:46	--------	d-----w-	C:\sh4ldr
2013-01-17 13:45 . 2013-01-17 13:45	--------	d-----w-	c:\program files\Enigma Software Group
2013-01-17 13:43 . 2013-01-17 13:45	--------	d-----w-	c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2013-01-14 08:07 . 2013-01-14 08:07	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-01-14 08:07 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-13 21:18 . 2013-01-13 21:18	--------	d-----w-	c:\users\Kirstin\AppData\Roaming\Malwarebytes
2013-01-13 21:18 . 2013-01-13 21:18	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-09 09:33 . 2012-11-23 01:35	2048000	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 09:32 . 2012-11-20 04:22	204288	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 09:22 . 2012-11-02 10:19	1400832	----a-w-	c:\windows\system32\msxml6.dll
2013-01-07 21:44 . 2013-01-07 21:44	--------	d-----w-	c:\users\Kirstin\AppData\Roaming\HPAppData
2012-12-22 02:01 . 2012-12-16 13:12	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 02:01 . 2012-12-16 10:50	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 12:31 . 2012-11-28 09:35	93640	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-12-20 09:56 . 2012-12-20 09:56	--------	d-----w-	C:\Languages
2012-12-20 09:56 . 2012-12-20 09:56	--------	d-----w-	C:\Help
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 09:06 . 2012-05-18 05:58	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-09 09:06 . 2011-05-24 06:11	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 06:03 . 2012-11-07 07:13	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-12 06:03 . 2012-11-07 07:13	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-05 20:11 . 2012-12-05 20:11	49280	----a-w-	c:\windows\system32\FKStampPainter20.dll
2012-12-04 09:57 . 2012-12-04 09:57	4939904	----a-w-	c:\windows\system32\LxXtreme110.dll
2012-12-04 09:57 . 2012-12-04 09:57	104064	----a-w-	c:\windows\system32\LxUISettingsN100.dll
2012-12-04 09:57 . 2012-12-04 09:57	25728	----a-w-	c:\windows\system32\LxTPSW100.dll
2012-12-04 09:56 . 2012-12-04 09:56	1360512	----a-w-	c:\windows\system32\LxTool110.dll
2012-12-04 09:56 . 2012-12-04 09:56	63104	----a-w-	c:\windows\system32\LxPXTree100.dll
2012-12-04 09:56 . 2012-12-04 09:56	127104	----a-w-	c:\windows\system32\LxMail100.dll
2012-12-04 09:56 . 2012-12-04 09:56	49280	----a-w-	c:\windows\system32\LXCurr100.dll
2012-12-04 09:56 . 2012-12-04 09:56	67712	----a-w-	c:\windows\system32\LxCI12.dll
2012-12-04 09:56 . 2012-12-04 09:56	206976	----a-w-	c:\windows\system32\LxBasics100.dll
2012-11-14 02:09 . 2012-12-14 02:43	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-14 02:43	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 02:43	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-14 02:43	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 02:43	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-14 02:43	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-13 14:12 . 2012-11-07 07:13	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-13 01:29 . 2012-12-13 04:41	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-02 10:18 . 2012-12-13 04:42	376320	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-13 04:42	23040	----a-w-	c:\windows\system32\dpnsvr.exe
2013-01-18 20:40 . 2013-01-18 20:40	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-12 12:26 . 2013-01-18 20:40	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952]
"{937f343c-c9c2-4235-b544-7fc4da2f2594}"= "c:\program files\Suche_Deutschland\prxtbSuc0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Suche_Deutschland\prxtbSuc0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{937f343c-c9c2-4235-b544-7fc4da2f2594}"= "c:\program files\Suche_Deutschland\prxtbSuc0.dll" [2011-05-09 176936]
"{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}"= "c:\program files\ChatZum Toolbar\tbunsa4DD3.tmp\tbcore3.dll" [2012-08-29 2665984]
.
[HKEY_CLASSES_ROOT\clsid\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
.
[HKEY_CLASSES_ROOT\clsid\{37d48d9c-3f7e-412f-b5bf-611be7ccfca1}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{937F343C-C9C2-4235-B544-7FC4DA2F2594}"= "c:\program files\Suche_Deutschland\prxtbSuc0.dll" [2011-05-09 176936]
"{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}"= "c:\program files\ChatZum Toolbar\tbunsa4DD3.tmp\tbcore3.dll" [2012-08-29 2665984]
.
[HKEY_CLASSES_ROOT\clsid\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
.
[HKEY_CLASSES_ROOT\clsid\{37d48d9c-3f7e-412f-b5bf-611be7ccfca1}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Kirstin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Kirstin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Kirstin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05	40496	------w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-09-20 6377120]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Akamai NetSession Interface"="c:\users\Kirstin\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Optimizer Pro"="c:\program files\Optimizer Pro\OptProLauncher.exe" [2012-06-10 79664]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2012-07-08 68000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"D490D4BEFDEAEF6310F5FBDFAEDB8D5359769B10._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-01-08 1248360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-03-20 249600]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-12 30192]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-22 5587832]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-06 391240]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2571032]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-20 1574176]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-12 384800]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\Kirstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BackupManager.list [2009-12-17 556]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
HPService	REG_MULTI_SZ   	HPSLPSVC
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 15:32	1606760	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 09:06]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-14 19:54]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-14 19:54]
.
2013-01-18 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-04-27 12:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
mStart Page = hxxp://search.chatzum.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab
FF - ProfilePath - c:\users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2303923&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=c499b9f8-8ea2-43a8-b166-8e5718f8f42b&apn_ptnrs=^AGS&apn_sauid=B51F3D41-F8DA-4BC7-A3B0-29FCBD8F8293&apn_dtid=^YYYYYY^YY^DE&&q=
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2012-11-25 21:58; firebug@software.joehewitt.com; c:\users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2012-11-25 22:07; browserlab@adobe.com; c:\users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\extensions\browserlab@adobe.com
FF - ExtSQL: 2012-11-25 22:07; DrupalForFirebug@drupal.org; c:\users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\extensions\DrupalForFirebug@drupal.org.xpi
FF - ExtSQL: 2012-11-25 22:07; firebug@tools.sitepoint.com; c:\users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\extensions\firebug@tools.sitepoint.com.xpi
FF - ExtSQL: 2012-11-25 22:07; firebugpaintevents@kylescholz.com; c:\users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\extensions\firebugpaintevents@kylescholz.com.xpi
FF - ExtSQL: 2012-11-25 22:07; firefinder@robertnyman.com; c:\users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\extensions\firefinder@robertnyman.com.xpi
FF - ExtSQL: 2012-11-25 22:07; icffirebug@robertnyman.com; c:\users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\extensions\icffirebug@robertnyman.com.xpi
FF - ExtSQL: 2012-11-25 22:07; {9aad3da6-6c46-4ef0-9109-6df5eaaf597c}; c:\users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{9aad3da6-6c46-4ef0-9109-6df5eaaf597c}.xpi
FF - ExtSQL: 2012-12-21 13:16; {E6C1199F-E687-42da-8C24-E7770CC3AE66}; c:\users\Kirstin\AppData\Roaming\Mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
FF - ExtSQL: !HIDDEN! 2010-01-13 15:40; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
FF - user.js: extentions.y2layers.installId - 39c5220d-e4f0-4f86-921f-f7916ca5d3c0
FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDtC0FtCyCzyzz0ByBtD0EtC0E0FyBtN0D0Tzu0CtByEtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1891229338
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDtC0FtCyCzyzz0ByBtD0EtC0E0FyBtN0D0Tzu0CtByEtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1891229338
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDtC0FtCyCzyzz0ByBtD0EtC0E0FyBtN0D0Tzu0CtByEtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1891229338&q=
FF - user.js: extensions.funmoods.id - 001F1698B70E1EF7
FF - user.js: extensions.funmoods.instlDay - 15580
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2223:24
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - sware
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - sware
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM_ActiveSetup-{5CCF8330-F742-411A-8A04-719806D168B5} - msiexec
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-19 10:20
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**PB8›*4]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:4f50013f
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1680)
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\users\Kirstin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\Acer\Acer ePower Management\SysHook.dll
.
Zeit der Fertigstellung: 2013-01-19  10:25:37
ComboFix-quarantined-files.txt  2013-01-19 09:25
.
Vor Suchlauf: 19 Verzeichnis(se), 221.460.393.984 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 223.471.558.656 Bytes frei
.
- - End Of File - - 2C5B5112DE237C6DD51756B1A27F71BF

cosinus · 20.01.2013, 18:47

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

cosinus · 20.01.2013, 20:02

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

cosinus · 21.01.2013, 08:51

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
SRV - (Napsuivcudm) --  File not found
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{3D34971C-E1B2-B068-DFC3-6337AA1A9947}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112843&babsrc=SP_ss&mntrId=5ed31ef70000000000000017c47d807f
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{61D67AE6-764E-4fe3-9EA9-EED03317C725}: "URL" = http://www.ask.com/web?&o=13795&l=dis&q={searchTerms}
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{BE89DB2D-4B15-4FB4-8237-D5FDE15FDE87}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=c499b9f8-8ea2-43a8-b166-8e5718f8f42b&apn_sauid=B51F3D41-F8DA-4BC7-A3B0-29FCBD8F8293
FF - prefs.js..backup.old.browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2013.01.17 23:14:25 | 000,000,512 | ---- | M] () -- C:\Users\Kirstin\Desktop\MBR.dat
[2011.01.14 07:42:08 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Gutscheinmieze
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Gentlegladur · 21.01.2013, 09:30

OTL nach dem Fix:

Code:

ATTFilter

All processes killed
========== OTL ==========
Error: No service named Napsuivcudm was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Napsuivcudm deleted successfully.
File   File not found not found.
Registry key HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3D34971C-E1B2-B068-DFC3-6337AA1A9947}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D34971C-E1B2-B068-DFC3-6337AA1A9947}\ not found.
Registry key HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Internet Explorer\SearchScopes\{61D67AE6-764E-4fe3-9EA9-EED03317C725}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61D67AE6-764E-4fe3-9EA9-EED03317C725}\ not found.
Registry key HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BE89DB2D-4B15-4FB4-8237-D5FDE15FDE87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE89DB2D-4B15-4FB4-8237-D5FDE15FDE87}\ not found.
Prefs.js: "foxsearch" removed from backup.old.browser.search.selectedEngine
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "foxsearch" removed from browser.search.order.1
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\Users\Kirstin\Desktop\MBR.dat moved successfully.
C:\Users\Kirstin\AppData\Roaming\Gutscheinmieze folder moved successfully.
ADS C:\ProgramData\Temp:3B3A35EC deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:CE0A077E deleted successfully.
ADS C:\ProgramData\Temp:B203B914 deleted successfully.
ADS C:\ProgramData\Temp:131C0EE9 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Kirstin\Desktop\cmd.bat deleted successfully.
C:\Users\Kirstin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
-> No Temporary Internet Files cache folder defined!
 
User: Default
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 56550 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
->Flash cache emptied: 0 bytes
 
User: Kirstin
->Temp folder emptied: 1602587 bytes
-> No Temporary Internet Files cache folder defined!
->Java cache emptied: 2667925 bytes
->FireFox cache emptied: 66777414 bytes
->Google Chrome cache emptied: 206542267 bytes
->Flash cache emptied: 57280 bytes
 
User: Public
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72062 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 265,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 01212013_091822

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 21.01.2013, 10:14

Eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Gentlegladur · 21.01.2013, 12:00

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 21.01.2013 11:10:38 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kirstin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,37 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 60,67% Memory free
4,97 Gb Paging File | 3,60 Gb Available in Paging File | 72,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 208,06 Gb Free Space | 45,63% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 128,65 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
 
Computer Name: KIRSTINS-PC | User Name: Kirstin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kirstin\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Kirstin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Kirstin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lxctcoms.exe ( )
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\8db51a0e07118635fb71b05f21937db8\Kies.Theme.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\b07ff83c3ce2fd8d3a938889f020552d\DevicePodcast.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\54c3c22053264729fde00785baf21eb9\DummyStorePlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\aaa553d73526328d450a142814849e40\DeviceVideo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\e5334ab5e29c40a7af6223175123263b\DevicePhoto.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\233972a5ba7f8718ba70734134186b1a\DeviceMusic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\e2689f807ac87966b7e78f74ab677453\VideoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\c8a238c49512fddf15119a48f1c8e520\PhotoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\b086aa6691c54b382c9dff23d19879cd\Podcaster.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ff3157a926a4c62bd7c4fc462b44d4ae\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\d532b3a8c28f7131b6c1d7eb62a9a421\DeviceHost.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\521e8f5d3e1452cabfea9ea69659c679\Phonebook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\5c80e523a29d6577d167f5550f882dc0\Kies.Plugin.ContentsManagerLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\c332273df479d78fd386207bd8aeee42\MusicManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\8bf212e316537432a2356c88f3bb6f4d\BATPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\017429623044d5a3e9aa2aeef7d00017\Kies.Common.StoreManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\8bb1cf762dcfd25fa6fec281620a67e3\Kies.Common.MediaDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3b13bd2ffd57d5a08bfb85636513922d\Kies.Common.AllShare.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ca0b9f739dc8a16a0b45b07b6f1deae0\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\68bf9214584209eb5ebf209d1b95ac1e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5ff671ad98a74cfc1dee4a439fb8728e\Kies.Common.DeviceServiceLib.FileService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\d1baf93e68f207b043f0861c5ee2d7ea\Interop.DevFileServiceLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\57a3553bbf6667ae14d38bdb66f605a2\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6e4f1bc2e9b41f984d67aa1cd7f65c3d\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2c72efd53cc6951822e9782f762e0950\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\016586bd2a1964a0a519cbc522d2906d\Kies.Common.DeviceService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\7316848f01ce1da27fc2d701f32cae0d\Interop.PRPLAYERCORELib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\c869231737a2b3d15915dcd3cf44b935\Kies.Common.Multimedia.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\89a65c0b3dd11b28cee0f0af1185b12d\Kies.Common.MainUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\2a6cd90bb628de35d70c9dba6897d013\Kies.Common.DBManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\c7db33ddaee23e7ec8a3458fde5b50eb\Kies.Common.CRMManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\7134f52b3f25107e9868d664eed50a2f\Kies.Common.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\83ea8d246c90eeee2b100f01994eef5b\Kies.Locale.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\0bbdc52b6dd44363e4a194ee8bd8a460\Kies.MVVM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8e2b0a9c69e1065931751dcb16bd5fac\Kies.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\7c3107cb236a66aa4602f12d23611c55\GongSolutions.Wpf.DragDrop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\7ed89054a3bdd9dbbf1cce0e0b592d78\Kies.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\f619ad24547bdefcd7ae3b6afdf99a67\Kies.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e40fa3c6d2f2a4200ee4e11fce57e7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d995a0e7d64a874cddea6294caaa2539\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\776fced3857dce33967e805879757d24\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll ()
MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3321.40317__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3321.40399__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3321.40301__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3321.40319__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3321.40378__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3321.40308__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3321.40357__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3321.40308__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3321.40400__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3321.40413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3321.40398__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3321.40362__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3321.40398__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3321.40414__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3321.40346__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3321.40372__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3321.40345__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3321.40310__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3321.40340__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3321.40356__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3321.40325__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3321.40324__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3321.40355__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3294.18784__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3294.18795__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3321.40431__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3321.40393__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3321.40409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3321.40297__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3321.40305__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3321.40387__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3321.40299__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3321.40298__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3321.40391__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3321.40300__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3321.40392__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3321.40298__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3321.40297__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Programme\Launch Manager\PowerUtl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxct_device) -- C:\Windows\System32\lxctcoms.exe ( )
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (AdobeVersionCue) -- C:\Programme\Adobe\Adobe Version Cue\service\VersionCue.exe (Adobe Sytems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Kirstin\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (Advanced Micro Devices, Inc)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3D34971C-E1B2-B068-DFC3-6337AA1A9947}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2303923
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE330DE330
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE330DE330&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..backup.old.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5
FF - prefs.js..extensions.enabledAddons: browserlab%40adobe.com:1.0.0.1227P.314153
FF - prefs.js..extensions.enabledAddons: firebug%40tools.sitepoint.com:1.6
FF - prefs.js..extensions.enabledAddons: firebugpaintevents%40kylescholz.com:0.1.8
FF - prefs.js..extensions.enabledAddons: firefinder%40robertnyman.com:1.2.5
FF - prefs.js..extensions.enabledAddons: icffirebug%40robertnyman.com:1.1
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: info%40skymeissner.com:1.4
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: %7B9aad3da6-6c46-4ef0-9109-6df5eaaf597c%7D:1.4.1
FF - prefs.js..extensions.enabledAddons: %7B9BAE5926-8513-417d-8E47-774955A7C60D%7D:1.1.1d
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {9BAE5926-8513-417d-8E47-774955A7C60D}:1.1.1d
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: firebug@tools.sitepoint.com:1.6
FF - prefs.js..extensions.enabledItems: browserlab@adobe.com:1.0.0.1009P.274944
FF - prefs.js..extensions.enabledItems: firefinder@robertnyman.com:1.01
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: icffirebug@robertnyman.com:1.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com')%20%7B%20return%20'PROXY%20us04.personalitycores.com%3A8000%3B%20PROXY%20us01.personalitycores.com%3A8000%3B%20PROXY%20us05.personalitycores.com%3A8000'%3B%7D%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.13 15:40:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.18 21:40:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.18 21:40:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.21 08:22:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.13 15:40:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.18 21:40:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.18 21:40:42 | 000,000,000 | ---D | M]
 
[2010.05.03 12:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Extensions
[2010.05.03 12:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.01.20 20:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions
[2011.04.09 20:02:41 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}(316)
[2011.04.09 20:02:44 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}(317)
[2011.04.06 11:07:59 | 000,000,000 | ---D | M] (Firebug Autocompleter) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{9aad3da6-6c46-4ef0-9109-6df5eaaf597c}(318)
[2009.12.17 00:36:51 | 000,000,000 | ---D | M] (FireFTP button) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
[2010.06.02 11:38:59 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(358)
[2010.12.03 10:40:39 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}(491)
[2010.02.06 09:15:15 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}(249)
[2010.07.27 06:35:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(692)
[2012.04.02 06:57:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(820)
[2012.11.25 22:07:02 | 000,000,000 | ---D | M] (Adobe BrowserLab for Firebug) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\browserlab@adobe.com
[2011.04.26 09:45:23 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\flashfirebug@o-minds(315).com
[2012.09.19 21:23:42 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\ich@maltegoetz.de
[2011.03.13 20:21:38 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\personas@christopher.beard
[2010.07.29 22:55:34 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Kirstin\AppData\Roaming\mozilla\Firefox\Profiles\emn4ri5p.default\extensions\YoutubeDownloader@PeterOlayev(691).com
[2012.11.14 21:43:16 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.01.05 19:48:11 | 000,013,169 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\DrupalForFirebug@drupal.org.xpi
[2012.12.13 10:23:31 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\firebug@software.joehewitt.com.xpi
[2012.11.25 22:07:02 | 000,870,767 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\firebug@tools.sitepoint.com.xpi
[2012.11.25 22:07:02 | 000,006,131 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\firebugpaintevents@kylescholz.com.xpi
[2012.11.25 22:07:02 | 000,043,807 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\firefinder@robertnyman.com.xpi
[2012.11.25 22:07:02 | 000,011,251 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\icffirebug@robertnyman.com.xpi
[2012.11.12 09:57:49 | 000,009,689 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\info@skymeissner.com.xpi
[2013.01.11 19:55:53 | 000,300,446 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2012.11.25 22:07:02 | 000,338,733 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{9aad3da6-6c46-4ef0-9109-6df5eaaf597c}.xpi
[2012.11.22 15:12:27 | 000,876,990 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013.01.05 19:48:13 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.09.06 17:20:33 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012.12.21 13:16:58 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Kirstin\AppData\Roaming\mozilla\firefox\profiles\emn4ri5p.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2013.01.20 20:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.18 21:40:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.01.18 21:40:59 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.21 07:37:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 06:24:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.21 07:37:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.01 06:33:42 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2012.06.21 07:37:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 07:37:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 07:37:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDtC0FtCyCzyzz0ByBtD0EtC0E0FyBtN0D0Tzu0CtByEtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1891229338
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDtC0FtCyCzyzz0ByBtD0EtC0E0FyBtN0D0Tzu0CtByEtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1891229338
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.7.4_0\
CHR - Extension: Cut the Rope = C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\15_0\
CHR - Extension: Skype Click to Call = C:\Users\Kirstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2013.01.19 10:20:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [Akamai NetSession Interface] C:\Users\Kirstin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [D490D4BEFDEAEF6310F5FBDFAEDB8D5359769B10._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [Optimizer Pro] C:\Programme\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Kirstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackupManager.list ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2900932004-3961150359-2209842598-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab (CanvasX Class)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C127B67-4A0E-49B6-A4E5-0D313D95E43A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img30.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img30.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.21 09:18:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.20 21:11:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kirstin\Desktop\OTL.exe
[2013.01.19 10:24:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.19 09:52:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.19 09:52:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.19 09:52:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.19 09:52:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.01.19 09:52:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.19 09:50:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.18 21:43:45 | 005,023,971 | R--- | C] (Swearware) -- C:\Users\Kirstin\Desktop\ComboFix.exe
[2013.01.18 21:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.17 23:26:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kirstin\Desktop\tdsskiller.exe
[2013.01.17 22:18:40 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Kirstin\Desktop\aswMBR.exe
[2013.01.17 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Kirstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.01.17 14:45:18 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.01.17 14:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.16 07:49:33 | 000,000,000 | ---D | C] -- C:\Users\Kirstin\Desktop\mbar
[2013.01.14 09:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.14 09:07:24 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.14 09:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.13 22:18:33 | 000,000,000 | ---D | C] -- C:\Users\Kirstin\AppData\Roaming\Malwarebytes
[2013.01.13 22:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.09 10:33:33 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 10:32:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.07 22:44:53 | 000,000,000 | ---D | C] -- C:\Users\Kirstin\AppData\Roaming\HPAppData
[2013.01.06 19:16:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.21 11:22:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 11:22:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 11:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.21 10:31:08 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.21 09:26:45 | 000,006,836 | ---- | M] () -- C:\Users\Kirstin\AppData\Local\d3d9caps.dat
[2013.01.21 09:22:52 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.21 09:22:50 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2013.01.21 09:22:34 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.01.21 09:22:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.21 09:22:17 | 2548,350,976 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.20 21:12:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kirstin\Desktop\OTL.exe
[2013.01.20 18:54:37 | 000,574,677 | ---- | M] () -- C:\Users\Kirstin\Desktop\adwcleaner.exe
[2013.01.19 10:20:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.19 08:23:42 | 000,089,600 | ---- | M] () -- C:\Users\Kirstin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.18 21:45:04 | 005,023,971 | R--- | M] (Swearware) -- C:\Users\Kirstin\Desktop\ComboFix.exe
[2013.01.17 23:26:24 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kirstin\Desktop\tdsskiller.exe
[2013.01.17 22:57:40 | 303,258,382 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.17 22:19:31 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Kirstin\Desktop\aswMBR.exe
[2013.01.17 14:45:26 | 000,002,085 | ---- | M] () -- C:\Users\Kirstin\Desktop\SpyHunter.lnk
[2013.01.16 07:49:08 | 013,462,931 | ---- | M] () -- C:\Users\Kirstin\Desktop\mbar-1.01.0.1016.zip
[2013.01.14 09:07:27 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.10 07:38:03 | 004,178,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.10 00:22:56 | 000,628,968 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.10 00:22:56 | 000,596,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.10 00:22:56 | 000,126,680 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.10 00:22:56 | 000,104,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.09 10:06:33 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.09 10:06:32 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.07 08:26:12 | 000,065,415 | ---- | M] () -- C:\Users\Kirstin\Documents\Scan0010.pdf
[2013.01.07 08:23:38 | 000,116,893 | ---- | M] () -- C:\Users\Kirstin\Documents\Scan0012.pdf
[2013.01.07 08:21:39 | 000,115,993 | ---- | M] () -- C:\Users\Kirstin\Documents\Scan0011.jpg
[2013.01.06 00:39:00 | 000,001,787 | ---- | M] () -- C:\Users\Kirstin\Desktop\Samsung Kies (Lite).lnk
[2013.01.06 00:24:19 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.01.04 20:44:35 | 000,001,456 | ---- | M] () -- C:\Users\Kirstin\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.12.31 19:18:59 | 000,007,368 | ---- | M] () -- C:\Users\Kirstin\Documents\Kontaktformular Horsemanshipschule.html
[2012.12.23 00:46:57 | 000,000,133 | ---- | M] () -- C:\Users\Kirstin\Desktop\verkleinerer.set
 
========== Files Created - No Company Name ==========
 
[2013.01.20 18:54:33 | 000,574,677 | ---- | C] () -- C:\Users\Kirstin\Desktop\adwcleaner.exe
[2013.01.20 17:39:38 | 000,006,836 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\d3d9caps.dat
[2013.01.19 09:52:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.19 09:52:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.19 09:52:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.19 09:52:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.19 09:52:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.17 14:45:25 | 000,002,085 | ---- | C] () -- C:\Users\Kirstin\Desktop\SpyHunter.lnk
[2013.01.16 07:48:39 | 013,462,931 | ---- | C] () -- C:\Users\Kirstin\Desktop\mbar-1.01.0.1016.zip
[2013.01.14 09:07:27 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.07 08:23:37 | 000,116,893 | ---- | C] () -- C:\Users\Kirstin\Documents\Scan0012.pdf
[2013.01.07 08:21:39 | 000,115,993 | ---- | C] () -- C:\Users\Kirstin\Documents\Scan0011.jpg
[2013.01.07 07:18:24 | 000,065,415 | ---- | C] () -- C:\Users\Kirstin\Documents\Scan0010.pdf
[2013.01.06 00:39:00 | 000,001,787 | ---- | C] () -- C:\Users\Kirstin\Desktop\Samsung Kies (Lite).lnk
[2012.12.31 19:18:59 | 000,007,368 | ---- | C] () -- C:\Users\Kirstin\Documents\Kontaktformular Horsemanshipschule.html
[2012.10.02 12:30:22 | 000,207,488 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.10.02 12:30:22 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.10.02 12:30:20 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.10.02 12:30:18 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.08.28 22:29:13 | 000,065,024 | ---- | C] () -- C:\Windows\System32\wlaopref.exe
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.04.30 08:32:38 | 000,000,728 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\Tempgui.config
[2011.11.29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.09.07 21:43:04 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.05.10 13:07:21 | 000,000,126 | ---- | C] () -- C:\Windows\APDatabaseUI.INI
[2011.05.09 09:15:20 | 000,000,132 | ---- | C] () -- C:\Users\Kirstin\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.02.17 23:07:19 | 000,000,132 | ---- | C] () -- C:\Users\Kirstin\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.02.17 22:58:28 | 000,001,456 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.02.16 08:35:38 | 000,000,034 | ---- | C] () -- C:\Users\Kirstin\mm.cfg
[2010.08.03 21:40:36 | 000,024,206 | ---- | C] () -- C:\Users\Kirstin\AppData\Roaming\UserTile.png
[2010.07.28 14:07:43 | 003,650,262 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\TempBad Segeberg 2010 Sando Leichte Kür.mp3
[2010.07.17 22:44:48 | 000,013,658 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\Tempplan.xml
[2010.07.17 22:44:48 | 000,001,010 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\Tempvprofile.dat
[2010.01.24 23:10:39 | 000,003,928 | -H-- | C] () -- C:\Users\Kirstin\AppData\Local\BackupManager.list
[2010.01.12 13:38:58 | 000,001,677 | ---- | C] () -- C:\Users\Kirstin\Kalender von Kirstin.ics
[2009.12.17 09:29:25 | 000,000,100 | -H-- | C] () -- C:\ProgramData\BackupManager.list
[2009.12.17 03:15:57 | 000,002,780 | -H-- | C] () -- C:\Users\Kirstin\BackupManager.list
[2009.12.17 01:04:17 | 000,004,836 | -H-- | C] () -- C:\Users\Kirstin\AppData\Roaming\BackupManager.list
[2009.10.23 07:12:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.24 06:51:34 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.06.07 21:36:17 | 000,089,600 | ---- | C] () -- C:\Users\Kirstin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.03 12:24:51 | 000,000,772 | ---- | C] () -- C:\Users\Kirstin\AppData\Roaming\wklnhst.dat
[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.03.11 23:29:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009.03.11 23:29:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2011.09.12 22:57:04 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\26C13EA7-D779-4643-9AB5-334070B15EBD
[2012.10.07 22:38:40 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\4Free
[2009.12.17 00:16:32 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\5400 Series
[2011.01.06 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\8BF4B188-E5B9-42F4-B63E-F27754744D04
[2009.12.17 00:16:53 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Acer GameZone Console
[2010.01.25 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Acronis
[2010.12.10 19:36:41 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Amazon
[2012.11.26 00:01:33 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Artisteer
[2010.03.01 10:15:35 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Avery
[2012.01.30 07:48:00 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\BA46F38A-7DD2-49DA-91FB-9766CBF88899
[2012.02.28 13:00:28 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Blender Foundation
[2011.10.14 11:25:44 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\calibre
[2011.02.14 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.05.27 12:32:18 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\DA14BE56-1881-4862-8000-E459337B3A83
[2010.07.01 06:34:09 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Digiarty
[2012.04.13 23:55:25 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Dropbox
[2009.12.17 00:20:30 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\eSobi
[2013.01.09 00:03:05 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\FileZilla
[2009.12.17 00:20:31 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\fotobuch.de AG
[2009.12.17 00:20:34 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Helios
[2009.12.17 00:20:36 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Hentrich-Software
[2011.01.09 22:58:52 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\kompozer.net
[2012.12.10 10:56:28 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Lexware
[2009.12.17 00:38:49 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\NCH Swift Sound
[2012.04.30 08:22:41 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Nokia
[2012.04.30 08:22:42 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Nokia Ovi Suite
[2012.10.23 14:03:07 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Optimizer Pro
[2010.02.18 15:39:56 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\PC Suite
[2010.08.03 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\PeerNetworking
[2009.12.17 00:38:50 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\PowerCinema
[2009.12.17 00:39:12 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Recordpad
[2012.12.05 14:42:44 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Samsung
[2009.12.17 00:41:02 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\SoftDMA
[2011.04.04 12:30:54 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.04.09 00:06:29 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Temp
[2009.12.17 00:41:16 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Template
[2010.05.03 12:27:21 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Thunderbird
[2011.09.05 10:48:34 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Uniblue
[2009.12.17 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Vodafone
[2011.03.03 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\Windows Live Writer
[2011.04.28 16:10:56 | 000,000,000 | ---D | M] -- C:\Users\Kirstin\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >

Gentlegladur · 21.01.2013, 12:01

OTL Extras:

Code:

ATTFilter

OTL Extras logfile created on: 21.01.2013 11:10:38 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kirstin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,37 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 60,67% Memory free
4,97 Gb Paging File | 3,60 Gb Available in Paging File | 72,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 208,06 Gb Free Space | 45,63% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 128,65 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
 
Computer Name: KIRSTINS-PC | User Name: Kirstin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [SNAPFISH] -- "C:\Program Files\SNAPFISH\SNAPFISH\SNAPFISH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36216B6B-D235-4EEE-BD7C-000D23FBE068}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5890EC8B-D561-4FB6-8BF8-F7EBA199E59B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5EC43925-47A6-473E-AE11-735312FA97C5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{69749B3D-941C-4BCD-AE5E-924F1EA4E28D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6A80AE2F-0572-4280-ADC1-FD212D88110F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{747AE341-FED3-4DF8-A51E-964CA28E7B65}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9CB067D0-19BF-47FE-83AC-CA0CE777BC72}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B58CA460-0C64-4233-90A6-8F43BEA08B57}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BA5F590D-4D55-47A6-9165-F2BCDE63EBE5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BFC72BE4-9A88-4734-AA4B-5CAC8F0AB26B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C5480AD3-1EFC-4CA0-9AB5-52BE5F7840EF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{C891C919-BE4F-438C-A3D8-6994E6D60A5E}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface | 
"{E8328714-4761-4A30-8211-B882A75CECBC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B7897C-C34F-44C9-A204-15D58CE28078}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{030E6D27-ABD2-4AEF-9A71-2E6413D0802F}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{05FA87D4-B383-4F6F-A73B-E7CEEA7F105B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{06CB9592-E30B-460B-A93B-C2FDFEDE7DF0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{0C8EC47A-FB3E-44C4-A94D-E84281E1EBF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{11168A22-D55E-4067-87AB-785E74D1831B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{161E7BE5-6E84-4938-8446-2988729EA90B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{1999BC21-F33C-407B-8095-596B083FE740}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{19ABFE8C-0159-4DDB-B63B-048F847773BC}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe | 
"{1B882A53-4495-4DA6-B358-A1FEDB48243A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{1C59A376-AAAD-43FD-AA89-51A523E6F92A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1CA23ACD-0DAA-4E35-A6C1-4E8606982FA4}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe | 
"{1CCA0F32-946D-460C-ADA7-675DF86B3B1A}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{2119289C-4426-44C6-8DCD-B3D9E4DE59D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{21EC42CF-63DA-4CC0-84F6-3F479EE36735}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{22C58FB7-2E8C-4818-B2D4-D7D8FA4F2793}" = protocol=17 | dir=in | app=d:\alicecd.exe | 
"{23686365-02C7-4943-8E98-50D30A5E868B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{27B7146A-0188-49C3-B2EB-DCBDAF300186}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{2CFF7347-B3C8-4A35-A33E-5CC7EE83939A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{321F58FB-6B81-4D2C-8E89-67E8E3294ABB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3291AAC7-7B09-4256-918E-EC87D8EA94F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{342B9064-2C3E-4F40-9262-307C6CEF8C60}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{34387E27-B86B-478C-8103-458BDD5B5189}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{3AD621CD-F3DB-40CC-AA78-F9DE377D7685}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CAD15D5-523A-4388-98F3-309D9AFC6B8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3E502686-CA9B-41E4-8A23-4B4A700DB759}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{45D2F5BF-16C4-4324-93BF-A5E2EE7F73F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{47DDC0B4-BE2B-4CFA-9605-83E366123A35}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{4CEFAB47-00BA-4760-AC32-BEF5814226E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{4EA0F4C2-3E70-4FC3-A19C-C15C6C9A7B1E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4F1B65DE-C669-4BA4-9759-6D9516D1B9CE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5202A704-E66A-437D-BF0D-99C338C7501C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{57D088B9-7F24-4035-8D61-A9391806B296}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{58C26802-5231-4762-921C-BF6C80999CA1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{5F38EDED-815A-4E5F-821C-40A30A729E41}" = protocol=6 | dir=out | app=system | 
"{6308DE0B-20A0-4A00-9EDB-9E6881A7778D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{6C975B16-6FC8-47E1-BD02-9A96BC58EEE7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7226EADE-9C2B-43B2-83EE-E9D57C77D9F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{79998817-05CF-4709-A9DF-6DD2DC2901D3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{7D5BD84D-0F97-45C3-BBE9-41810F3828A1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7D6C2C5C-4D22-48A1-A6FF-D5BA10899DE5}" = protocol=6 | dir=in | app=c:\users\kirstin\appdata\local\akamai\netsession_win.exe | 
"{7FC71BDB-44B5-4879-977F-00963824D872}" = protocol=17 | dir=in | app=c:\users\kirstin\appdata\local\akamai\netsession_win.exe | 
"{841FD16A-C75C-4A1A-A072-8DCC40BA0134}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{87D28B73-A45A-4391-95E7-226ADFB3BC5A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{8A3938E5-66B4-475D-B557-4024D07FD56D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8CB531D1-CF68-463C-8102-1A593848F9E9}" = protocol=17 | dir=in | app=c:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{94D1EF94-015E-4DA9-B49B-14545B07C76D}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{99B7FA1F-AD94-4C46-A434-8C999D1EF40D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{9A8F3A3C-4911-4EE4-8828-13ED5167AFA8}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{9BD8939B-8EBB-4EDA-85C3-843FA735BDBA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A000D248-9E56-4F4E-B333-CB0712FAEEE9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{A0FF3DA8-7795-4942-8E76-7DE40C3012C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{A6BDB3F0-A2B3-4CB4-8945-DE79B390BCBE}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe | 
"{AB95645F-F9FD-4A51-A73A-4DA372DE01D7}" = protocol=6 | dir=in | app=c:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BE5A22FF-6A30-4A38-A03A-5186CA80B314}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{C0339C8E-05A2-4BEA-9BA3-8D3DCEA0EC93}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{C069B866-7823-4CCA-8568-4186F651BAA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4C60E83-601B-449E-91AC-58C31D9C07F8}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{CD7D3905-FAF6-4958-B35F-21C1D77F3948}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{CDE98BCB-D245-43A3-A1ED-FF0809BB6F46}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{DE54707B-A614-480B-A2B0-6B29ACB20A4B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{DEECD085-B757-4794-A4B8-F6DAD84383EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{E53E42D2-0620-4E7F-8283-1BE761990E5B}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe | 
"{E6D7B207-484C-4FEA-B76D-8F657BD65A29}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{E9AE87DC-A834-448A-ABB6-C3AC06BB5B93}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{EACD1FB2-D6F3-4A30-BE57-EBFAA36FA127}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{ECF2E501-67E1-473C-94F6-D5EB3B7A9B4D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{F1248F2F-3A28-4614-9D4B-7E77179E65FD}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe | 
"{F1A81FFE-A643-469E-9EA3-D4F25E32BE8C}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe | 
"{F25ABB89-3577-4109-8BB6-24D83231BBEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5451596-6DC2-4BD4-A714-61A0FDC21C2B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{FBB7453C-2016-4C0C-AF54-6842C8EBAE03}" = protocol=6 | dir=in | app=d:\alicecd.exe | 
"{FF85C6A5-7596-4827-8471-594B8742D16A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"TCP Query User{0A2AB32D-41E6-4B0E-8BB0-09C34246D30A}C:\users\kirstin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kirstin\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{0F62C7AF-B86A-48CA-9AB7-DE1C73D41889}C:\users\kirstin\programm-xmapp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\kirstin\programm-xmapp\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{12DE0971-1BF1-44ED-9CC1-809E3D872993}C:\users\kirstin\programm-xmapp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\kirstin\programm-xmapp\xampp\apache\bin\httpd.exe | 
"TCP Query User{20F8CCC4-3B04-46DD-9679-C56555A1ECFF}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{28B44C2C-4CDD-4C30-B686-A599BE3372DE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2F3B54C2-25DB-4B2D-A3AD-FE3E42BFADD3}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{395E72D6-FE39-44B9-BD39-67B9C8BF1CB4}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{53816B02-3364-4B3F-A17B-9002B908F151}C:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{68F3DB9A-408C-433B-B556-6F262AE0E0E3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{7591E67A-9F70-4DC5-BE65-604185DC38AA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{7BB806CF-AA53-44FB-9889-040A435A24FF}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{9B604713-47BA-4A34-A9F9-933EFAD5C6E1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{A839EE0A-B44A-41DB-BFED-8C85DAB3C00B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{BDD0980B-9157-44F2-8B5C-3B1D41225B62}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{C5426E46-0159-40AF-B355-351F28BA3476}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{E52EFD82-D7CD-4684-9976-F089B8708748}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{F1A75F55-A9E9-45B9-A4A5-FD1F2AE9ADC7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{003A95E7-D78D-4D1E-923A-8C56BD492EBC}C:\users\kirstin\programm-xmapp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\kirstin\programm-xmapp\xampp\apache\bin\httpd.exe | 
"UDP Query User{0CC12258-FE4E-4B94-9798-E1A8579A7685}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{2443B5B0-AE01-499C-8E14-B972E0ED0444}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{394C5E5B-B985-4DD8-ABBE-DAAAF7B997B8}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{3E9F7169-53E6-44AE-827E-01C7022ACAE7}C:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kirstin\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{452A35F5-A707-4A07-B0CC-9125DD178BC3}C:\users\kirstin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kirstin\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{53DF4BE7-96A2-4A97-8590-7351C9ED7BC1}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{587CB2E3-373D-43E5-BDB8-BDA5541661C5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{70E42497-D304-4F5E-B498-8C4CCF68A412}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{71346BF5-21DD-451C-9CAE-7A475BA80C75}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{72427C59-ED23-4F79-8E00-BDADF5D99540}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A9AAFC21-3131-4615-BB0F-430FB027E95D}C:\users\kirstin\programm-xmapp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\kirstin\programm-xmapp\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{C0F6C829-E0F9-4DB1-A33D-37CE16F4AC43}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{C6FF72DF-8615-4698-87C1-F2EF9F45CD27}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{E6889EF9-B386-4FCF-BA45-8159E79DBF0A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{E9312D64-89A2-4B07-AEC3-6066CC49470A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{F738080C-A8B4-41F6-B6D9-7F1468CB4339}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AB7335-3CEF-4747-9CC7-41C600A7E0E9}" = Lexware faktura+auftrag 2013
"{02698606-3A21-489D-9D2A-75C9E8D3E5BD}" = Adobe Creative Suite 5 Design Premium
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04441EE4-3631-43DB-813A-9D031380C8E5}" = MarketingReg
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1696F18E-2932-8A68-91A8-EAD17895285C}" = CCC Help Polish
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{181AEE57-04D3-26A1-6DCD-5A2084D4C36F}" = CCC Help Danish
"{18433D88-7499-D8F4-5D1C-32A83CC05752}" = CCC Help Chinese Traditional
"{1846A764-A6C1-46D2-B245-DAEDB2FDF5C9}" = Lexware kundenmanager 2011 System
"{195F5712-5E23-4DBB-8413-0EC6F0D60ABA}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten
"{1B8BF8D8-325A-8AEE-CBFE-EC1251C51B0B}" = Catalyst Control Center Core Implementation
"{1E6804DA-9192-F510-7A19-DD505E662D41}" = CCC Help Korean
"{1EBD33A9-2AAF-4CE6-8D62-9D3634C8B43B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25B6FA39-24D1-4B2F-9280-099F2543E6B8}" = Lexware kundenmanager 2009 System
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2C39F7CF-E022-4C0D-B1BA-AF6DDD931054}" = ArcSoft MediaImpression
"{2CAB55FA-A147-4215-81A6-E9A9038B7970}" = Plus Pack für Acronis True Image Home 2011
"{2CC8130C-D0DC-C15B-21BE-99926467CBD1}" = CCC Help Finnish
"{2D27D952-ACF0-0B27-DC1A-C1DB49CAD846}" = ccc-core-static
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3A3653D7-90DA-D323-EE10-02BE5A955051}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{457B1BA7-0829-B9EE-AC06-42BD80CFA6D2}" = ccc-utility
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4AEC222A-82B0-A8DB-2BFC-CFB2759B3F36}" = Catalyst Control Center Localization All
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{569A0B32-D216-63C9-9148-B3221BF5C30D}" = CCC Help German
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{591203A7-8794-BDD1-11F3-1447522E4150}" = CCC Help Greek
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5CCF8330-F742-411A-8A04-719806D168B5}" = Deutsche Post E-Porto
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{660AB86D-3900-62F4-C790-879ABB6B4CF7}" = CCC Help French
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FA27A0B-8E35-A611-382F-2C31828DBBCA}" = Catalyst Control Center Graphics Light
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83B9F0EF-68CC-6151-0339-BE2DAD01254B}" = Catalyst Control Center Graphics Full New
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A3F7BF5-AE97-E6AA-2078-56678841B9F2}" = CCC Help Japanese
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{91D87975-616E-C6E2-6AB0-AC48E6E3C8B4}" = Catalyst Control Center InstallProxy
"{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}" = Catalyst Control Center - Branding
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A0D285EA-5E1F-DC9C-2092-2C8A422E42C3}" = CCC Help Chinese Standard
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A509F7BA-007E-82CF-003D-F8C01A1E8511}" = CCC Help Thai
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B2EFA385-09C9-4E52-B4B3-AD15A6D3773B}" = Lexware kundenmanager 2011
"{B4A34D42-758D-8BEE-1F06-D8AFAC8F4002}" = CCC Help Spanish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"{BF74F0D6-542B-1D47-1026-31F568D8A798}" = CCC Help Norwegian
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C2EE3A10-C169-68C7-5335-2F7FC56DA1A4}" = Catalyst Control Center Graphics Full Existing
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7E1D9E3-3569-5898-714F-22EF74C04B73}" = CCC Help Hungarian
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE9F5AF2-A03A-26C2-7DF6-DAED2368E673}" = CCC Help Czech
"{CF25D77A-BDBE-EE99-EACC-5576FA9FFD19}" = CCC Help Swedish
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
"{DC39A078-4D4C-4EF2-9CAF-69D342D74125}" = Microsoft Sync Framework Runtime v1.0 (x86) de
"{DDA88701-D6FB-783C-5339-4F9875DB7F6B}" = CCC Help Russian
"{DDABC667-56B3-4122-82B0-2F5782EA2F9A}" = SpyHunter
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEE132BD-4ADD-D9A1-56C7-356CB939A69E}" = CCC Help Italian
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E250B734-C4C2-8D67-546D-640D6789088D}" = CCC Help Portuguese
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1" = Uniblue RegistryBooster
"{E8D33431-67EA-4DC1-B443-EE989DE532BC}" = Microsoft Sync Framework Services v1.0 (x86) de
"{EAF1DC9B-81CB-AADD-EA03-EE3F7EC9A8D7}" = CCC Help English
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}" = HP Officejet 6500 E710n-z Hilfe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F7CE0C98-25D9-853D-63C8-72CD673F693E}" = CCC Help Dutch
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Schnellzugriffe
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FE215BA1-CFE6-37D1-81A8-231961C4941E}" = ATI Catalyst Install Manager
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface Service
"AnyDVD" = AnyDVD
"Artisteer 3" = Artisteer 3
"Artisteer 4" = Artisteer 4
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Blender" = Blender
"Buttonz & Tilez" = Buttonz & Tilez
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Designer 2.0_is1" = Designer 2.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"FileZilla Client" = FileZilla Client 3.3.3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"HS Mehrwertsteuer 3.27" = HS Mehrwertsteuer 3.27
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"Lexmark 5400 Series" = Lexmark 5400 Series
"LManager" = Launch Manager
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marble Pop 3D" = Marble Pop 3D
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.2.0.802
"Nokia PC Suite" = Nokia PC Suite
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Pearl Poppers" = Pearl Poppers
"Samplitude Music Studio 15 Download-Version D" = Samplitude Music Studio 15 Download-Version 15.0.1.0 (D)
"Secret Of Six Seas" = Secret Of Six Seas
"Shop for HP Supplies" = Shop for HP Supplies
"SNAPFISH" = SNAPFISH
"Switch" = Switch Audiodatei-Konverter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinX Video Converter_is1" = WinX Video Converter 4.5.2
"XMedia Recode" = XMedia Recode 2.2.9.7
"Zuma's Revenge!" = Zuma's Revenge!
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2900932004-3961150359-2209842598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.01.2013 17:13:02 | Computer Name = Kirstins-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.01.2013 19:27:20 | Computer Name = Kirstins-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 21.01.2013 02:46:15 | Computer Name = Kirstins-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 21.01.2013 02:47:13 | Computer Name = Kirstins-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.01.2013 04:19:15 | Computer Name = Kirstins-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.01.2013 04:19:15 | Computer Name = Kirstins-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.01.2013 04:20:14 | Computer Name = Kirstins-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.01.2013 04:20:15 | Computer Name = Kirstins-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.01.2013 04:22:50 | Computer Name = Kirstins-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 21.01.2013 04:24:11 | Computer Name = Kirstins-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 12.08.2009 10:18:58 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4007
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 19.09.2009 08:47:51 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 187373
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 16.07.2010 02:34:16 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1385
 seconds with 1320 seconds of active time.  This session ended with a crash.
 
Error - 02.03.2011 13:05:00 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19287
 seconds with 3120 seconds of active time.  This session ended with a crash.
 
Error - 27.04.2011 22:01:29 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 66840
 seconds with 3660 seconds of active time.  This session ended with a crash.
 
Error - 21.08.2012 16:57:46 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 135373
 seconds with 2100 seconds of active time.  This session ended with a crash.
 
Error - 07.09.2012 04:01:08 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12835
 seconds with 4800 seconds of active time.  This session ended with a crash.
 
Error - 19.01.2013 19:18:14 | Computer Name = Kirstins-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 53
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.06.2009 16:32:08 | Computer Name = Kirstins-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 13.06.2009 16:32:40 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.06.2009 16:38:11 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.06.2009 16:41:41 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.06.2009 16:41:41 | Computer Name = Kirstins-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.06.2009 06:36:19 | Computer Name = Kirstins-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.06.2009 um 22:57:52 unerwartet heruntergefahren.
 
 
< End of report >

cosinus · 21.01.2013, 12:25

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Gentlegladur · 21.01.2013, 13:02

Malewarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.21.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kirstin :: KIRSTINS-PC [Administrator]

Schutz: Deaktiviert

21.01.2013 12:41:21
mbam-log-2013-01-21 (12-41-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228419
Laufzeit: 17 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

*freu* 2. Scann mit ESET Online Scanner kommt gleich

Gentlegladur · 22.01.2013, 07:37

Moin Cosinus,

sag mal, der ESET Online läuft jetzt seit 18 Stunden..... Ist das normal? Steht auf 99 % hat einen Infected file gefunden. Siehe Screenshot. Abbrechen nochmal machen oder laufen lassen?

cosinus · 22.01.2013, 10:39

Ist ESET nocht nicht fertig?

Gentlegladur · 22.01.2013, 11:54

Also, hab's abgebrochen, alles noch mal gemacht, weil es dann zum Schluß echt hing. Nix ging mehr. Jetzt läuft's seit 3:42 Std. aber dafür flutscht es jetzt besser. Ist auch nun bei 99 %. Schauen wir mal. Ich trink jetzt noch'n Kaffee....

cosinus · 22.01.2013, 14:09

Und schmeckt der

Was sagt ESET?

22.01.2013, 10:39	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malwarebytes bricht ständig ab Ist ESET nocht nicht fertig? __________________ Logfiles bitte immer in CODE-Tags posten

22.01.2013, 14:09	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malwarebytes bricht ständig ab Und schmeckt der Was sagt ESET? __________________ Logfiles bitte immer in CODE-Tags posten

Malwarebytes bricht ständig ab

Plagegeister aller Art und deren Bekämpfung: Malwarebytes bricht ständig ab