Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.03.2013, 13:35   #1
bente345
 
Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus - Standard

Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus



Hallo und Hilfe liebe kompetene Menschen vom Trojaner Board,

nachdem ich die Fehlermeldung (aus dem Titel) entdeckt habe, hab ich wie empfohlen zuerst das Programm "Malwarebytes Anti-Maleware" runtergeladen und durchlaufen lassen. Das Programm hat nichts gefunden. Mein reguläres Antivirenprogramm ist Sophos und hat auch nichts gefunden.

Abgesehen von dder Fehlermeldung war mir nicht wirklich eine Veränderung aufgefallen, allerdings reagiert der Rechner tatsächlich immer leicht verzögert.

Der Rechner wurde von mir vor ca. 3 Wochen erst neu formatiert, bin völlig ratlos wo dieser %§$"%sSmall.CA-Mist jetzt herkommt. Aber das ist ja wahrscheinlich immer der Fall.

Ansonsten sind auf dem Desktop nach Schritt 2 zwei Icons aufgetaucht die sagen sie wären "Konfigurationseinstellungen". (Chrrm, evtl Teil von den Scan-Prozessen?) und der Rechner ist eben beim editieren des Threads wegen einem "unerwarteten Fehler" runtergefahren.

Ich führe die angeratenen 4 Schritte durch: http://www.trojaner-board.de/69886-a...-beachten.html und bin bei Schritt 2:

Hier der OTLtxt. Editor:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.03.2013 14:08:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mareike\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 43,05% Memory free
3,87 Gb Paging File | 2,31 Gb Available in Paging File | 59,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220,79 Gb Total Space | 182,42 Gb Free Space | 82,62% Space Free | Partition Type: NTFS
 
Computer Name: MAREIKE-PC | User Name: mareike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.28 13:50:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mareike\Downloads\OTL.exe
PRC - [2013.03.21 21:53:46 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2013.03.12 08:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.01.28 18:28:45 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2013.01.11 14:11:57 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2013.01.11 14:11:54 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2013.01.11 14:11:24 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.12 18:00:09 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.09.21 12:13:23 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2009.09.24 13:14:42 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009.09.10 14:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.08.04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.07.10 23:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009.07.10 10:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.04.16 07:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.28 18:28:45 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.21 21:53:46 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2013.03.18 12:21:37 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.18 12:17:53 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.11 14:11:54 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2013.01.11 14:11:24 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.12 18:00:12 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.11.12 18:00:09 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.09.21 12:13:23 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.30 22:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.09.10 14:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.10 10:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.21 12:13:10 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012.08.14 18:07:19 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2012.08.14 18:07:00 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.09.21 04:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.15 05:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 23:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009.06.18 13:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.26 14:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.04.27 09:25:58 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273601131406l0433z165t4441a895
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273601131406l0433z165t4441a895
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273601131406l0433z165t4441a895
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273601131406l0433z165t4441a895
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273601131406l0433z165t4441a895
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273601131406l0433z165t4441a895
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE521DE521
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D15F001F-C2BD-4447-9F50-7A383A98A6E8}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2013.01.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.02.18 14:53:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.18 12:21:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.18 12:21:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.28 19:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mareike\AppData\Roaming\mozilla\Extensions
[2013.03.21 15:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mareike\AppData\Roaming\mozilla\Firefox\Profiles\0njt57p8.default\extensions
[2013.01.28 21:13:25 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\mareike\AppData\Roaming\mozilla\Firefox\Profiles\0njt57p8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013.02.18 10:26:08 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\mareike\AppData\Roaming\mozilla\firefox\profiles\0njt57p8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.18 12:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.18 14:53:52 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2013.03.18 12:21:37 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\mareike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB7D3716-AF4E-4C9A-8066-757D9D62C3DE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Users\mareike\Desktop\DOWNLO~1\SOPHOS~1\SOPHOS~2.DLL) - C:\Users\mareike\Desktop\DOWNLO~1\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\Users\mareike\Desktop\DOWNLO~1\SOPHOS~1\SOPHOS~1.DLL) - C:\Users\mareike\Desktop\DOWNLO~1\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.28 12:21:17 | 000,000,000 | ---D | C] -- C:\Users\mareike\AppData\Roaming\Malwarebytes
[2013.03.28 12:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.28 12:19:42 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.28 12:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.28 10:17:03 | 000,000,000 | R--D | C] -- C:\Users\mareike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013.03.21 16:06:18 | 000,000,000 | ---D | C] -- C:\Users\mareike\AppData\Local\Sophos
[2013.03.21 16:02:16 | 000,036,640 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2013.03.21 16:02:15 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2013.03.21 16:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.03.21 16:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
[2013.03.21 16:01:10 | 000,037,440 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\sophosboottasks.exe
[2013.03.21 16:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013.03.21 15:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sophos
[2013.03.21 15:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013.03.21 15:48:22 | 000,154,952 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2013.03.21 15:48:22 | 000,025,608 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys
[2013.03.19 10:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.19 10:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.19 10:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.18 14:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013.03.18 14:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.18 12:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.05 15:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.03.05 14:42:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.03.05 14:39:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2009.10.23 07:50:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.28 13:49:22 | 000,000,000 | ---- | M] () -- C:\Users\mareike\defogger_reenable
[2013.03.28 13:39:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.28 13:17:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.28 12:21:07 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.28 12:10:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.28 10:23:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.28 10:23:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.28 10:16:53 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.28 10:16:09 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.26 18:39:58 | 000,001,057 | ---- | M] () -- C:\Users\mareike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.26 18:39:52 | 000,000,130 | ---- | M] () -- C:\Windows\wininit.ini
[2013.03.23 01:33:54 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.23 01:33:54 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.23 01:33:54 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.23 01:33:54 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.23 01:33:54 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.06 20:12:00 | 000,093,336 | ---- | M] () -- C:\Users\mareike\Documents\§ 52 AO.pdf
[2013.03.06 10:15:41 | 000,343,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.28 13:49:22 | 000,000,000 | ---- | C] () -- C:\Users\mareike\defogger_reenable
[2013.03.28 12:21:07 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.26 18:39:52 | 000,000,130 | ---- | C] () -- C:\Windows\wininit.ini
[2013.03.06 20:11:55 | 000,093,336 | ---- | C] () -- C:\Users\mareike\Documents\§ 52 AO.pdf
[2013.01.28 18:29:15 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2013.01.28 18:29:15 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2013.01.28 18:29:15 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.27 19:08:09 | 000,000,000 | ---D | M] -- C:\Users\mareike\AppData\Roaming\.purple
[2013.03.28 10:17:23 | 000,000,000 | ---D | M] -- C:\Users\mareike\AppData\Roaming\Dropbox
[2013.01.28 18:50:29 | 000,000,000 | ---D | M] -- C:\Users\mareike\AppData\Roaming\pdfforge
[2013.02.18 16:09:20 | 000,000,000 | ---D | M] -- C:\Users\mareike\AppData\Roaming\Swiss Academic Software
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Und hier der Extrasxt.Edito:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.03.2013 14:08:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mareike\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 43,05% Memory free
3,87 Gb Paging File | 2,31 Gb Available in Paging File | 59,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220,79 Gb Total Space | 182,42 Gb Free Space | 82,62% Space Free | Partition Type: NTFS
 
Computer Name: MAREIKE-PC | User Name: mareike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Users\mareike\Desktop\Downloads\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Users\mareike\Desktop\Downloads\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Users\mareike\Desktop\Downloads\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Users\mareike\Desktop\Downloads\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Users\mareike\Desktop\Downloads\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Users\mareike\Desktop\Downloads\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00709971-C05F-4945-AC3D-400B344A2867}" = rport=137 | protocol=17 | dir=out | app=system | 
"{08C16754-AD99-4B6B-ABE7-71DD81D2A860}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0C7BE7EE-BB7F-407D-AAD0-EFD8F6E73F28}" = lport=445 | protocol=6 | dir=in | app=system | 
"{344FE3EF-2FEE-4D0D-BC4E-1D4A5E73262A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{42DFE171-E3C5-4B9E-B6E2-3164AF9C2B9F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{447FCCD8-5973-4A01-9752-7F0B8647CE75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{44AAB9F7-AB8D-44A9-BD35-AC734E043AA0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4E811805-F213-4AAD-8E85-A2F2DD6A19E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5402986B-D90D-4AE9-B916-BB43A4AAE13A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{58B964BF-8900-472B-A3B4-3DA1CB13717D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6CEF2D7C-2B3E-43DE-90B4-E4FE0D9E2916}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{759CDE2F-C92E-4AC9-8818-39624DEA40F3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{77F1AFA3-6590-42F0-8D38-FF4A4D926D0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7B468A11-11FD-4DBD-AF0B-CA8B9ECA8445}" = lport=137 | protocol=17 | dir=in | app=system | 
"{803A1F93-311C-4123-A3D0-B6A4800B3041}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8769AF2D-AFDA-4570-8DD0-20376A306ED8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9400C91F-4F61-4B33-9F8F-2712778ABC6B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9D02589C-DD15-4FBF-B6D2-7D754F2D2225}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A1C9F5A7-2C2A-4BE0-94DF-0970C7C11187}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A32DCF0D-8282-4207-A24F-DAFF33FE011F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AADBE841-5AC4-4A9B-9C61-BF7362AE8670}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B056430E-6C94-4E7B-A3C8-1A3F65E5EA38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B111DC42-BC6D-48AA-8632-F19C1345775A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CF40ECF5-9910-45C1-89D5-F88240C9AF4E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E3C49AFF-8263-4447-AFF7-5AEC227F7DF8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6BA943-2549-436B-AF63-BB1C9DD3E8E6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1A1246F6-1A3E-477C-AD36-3E7950BC3987}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A59AD91-F798-415A-8F58-237D7FE85967}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C3667A8-BB3E-4158-B5B0-A409D3DD17EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2FCB26FA-9A11-4DA0-AD52-6088EA2D7734}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3016E2C2-07F8-495E-B86C-81942E370453}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3E917B6D-CF01-47AE-9179-1541A2440BFD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{41959E4A-8DE8-4B7C-9CEF-F6C8527271B2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{451CCDC2-AAC3-4204-BABC-C4D3092A9AD1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{45D6909A-55E3-4A93-A9F8-E4EDF260CCF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{55D10E2E-94C3-4B77-9AA2-4A03AD09CA29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{578656EC-19FE-4C99-9BBF-5228AF188228}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FE926AA-A73B-462B-9724-4440B89069A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{62E582AE-6880-445D-9A78-036477D1BD80}" = protocol=6 | dir=in | app=c:\users\mareike\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8AFF59DE-712D-4546-A00D-7A018420C5D0}" = protocol=6 | dir=out | app=system | 
"{8D739CF1-593B-4C90-B75F-1DA8E94CA4CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{96A1D822-465F-41D4-A422-6F7A598084EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{97124854-8DAC-4585-BEB9-4CCC550E2E4E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{9EF19ED5-631F-41A3-AC81-651284CF064B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9F2765F8-B79F-4A6F-AC77-550A523B77D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A389F387-A16A-46A8-8673-C31A73998649}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AE76FCFF-ACE0-494E-99BB-0B6F4F838B8D}" = protocol=17 | dir=in | app=c:\users\mareike\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B8F16573-E282-4641-AC6A-6EDE0B515EAF}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 
"{BC3E22CF-7DF6-4671-9C98-4EBB186B89F1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BF7C8D4D-76F8-4839-A53C-8316A6A6C53D}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 
"{DA4FAF3A-FE86-46D9-AC13-D8CCF4F06682}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{DCA5D36B-7F0A-45D4-9A4E-FBAAC96100E4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F7E7EAEF-1DB2-4DF1-A2AB-D3877621E87B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F88145D1-5140-432E-ADFD-28B700558DBD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F9DC5605-BFE3-4E56-9E01-F3ABB6A9C441}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"TCP Query User{9D90CB45-3CF7-4FA9-BEC1-F579FBEECC5A}C:\users\mareike\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mareike\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{77C95B1F-7D7A-46D8-9146-9B7748E3E1FD}C:\users\mareike\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mareike\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.95.714
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Foxit Reader_is1" = Foxit Reader
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 4.0.0-1
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.03.2013 09:42:39 | Computer Name = mareike-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 05.03.2013 09:50:02 | Computer Name = mareike-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 05.03.2013 09:57:37 | Computer Name = mareike-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 05.03.2013 10:10:28 | Computer Name = mareike-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 05.03.2013 10:48:07 | Computer Name = mareike-PC | Source = ESENT | ID = 215
Description = WinMail (2948) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 05.03.2013 10:48:18 | Computer Name = mareike-PC | Source = ESENT | ID = 215
Description = WinMail (780) WindowsMail0: Die Sicherung wurde abgebrochen, weil 
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 12.03.2013 14:42:05 | Computer Name = mareike-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 18.03.2013 06:28:49 | Computer Name = mareike-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 18.03.2013 08:25:32 | Computer Name = mareike-PC | Source = Application Hang | ID = 1002
Description = Programm Citavi.exe, Version 3.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c38    Startzeit: 
01ce23c1e30920c1    Endzeit: 15    Anwendungspfad: C:\Users\mareike\Desktop\Downloads\Citavi
 3\bin\Citavi.exe    Berichts-ID: dfe3eee3-8fc6-11e2-90ca-c80aa901168d  
 
Error - 21.03.2013 10:58:59 | Computer Name = mareike-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\mareike\Desktop\Downloads\Sophos
 Anti-Virus\SavMain.exe".  Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 02.02.2013 06:57:19 | Computer Name = mareike-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
Error - 25.02.2013 21:46:47 | Computer Name = mareike-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 05.03.2013 09:40:47 | Computer Name = mareike-PC | Source = Microsoft-Windows-Service Pack Installer | ID = 6
Description = The Service Pack cannot be installed when the computer is running 
on battery power.
 
Error - 05.03.2013 10:43:37 | Computer Name = mareike-PC | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 05.03.2013 10:43:37 | Computer Name = mareike-PC | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 05.03.2013 10:43:37 | Computer Name = mareike-PC | Source = WMPNetworkSvc | ID = 866321
Description = 
 
Error - 05.03.2013 10:43:37 | Computer Name = mareike-PC | Source = WMPNetworkSvc | ID = 866317
Description = 
 
Error - 21.03.2013 10:59:43 | Computer Name = mareike-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sophos Anti-Virus" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%5
 
Error - 23.03.2013 12:32:36 | Computer Name = mareike-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 23.03.2013 12:43:36 | Computer Name = mareike-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?03.?2013 um 17:32:32 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---


Das Ergebnis vom Gmer-Scan:

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-28 15:11:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0001 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\mareike\AppData\Local\Temp\awdiifow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                 0000000076a41465 2 bytes [A4, 76]
.text  C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                0000000076a414bb 2 bytes [A4, 76]
.text  ...                                                                                                                                                                                          * 2
.text  C:\Windows\Explorer.EXE[1228] C:\Windows\system32\kernel32.dll!CopyFileExW                                                                                                                   00000000774723d0 5 bytes JMP 000000016fff00d8
.text  C:\Windows\Explorer.EXE[1228] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW                                                                                                         00000000774ef6c0 8 bytes JMP 000000016fff0110
.text  C:\Windows\Explorer.EXE[1228] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                 000007fefe297490 11 bytes JMP 000007fffe2600d8
.text  C:\Users\mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                       0000000076a41465 2 bytes [A4, 76]
.text  C:\Users\mareike\AppData\Roaming\Dropbox\bin\Dropbox.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                      0000000076a414bb 2 bytes [A4, 76]
.text  ...                                                                                                                                                                                          * 2
.text  C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                             0000000076a41465 2 bytes [A4, 76]
.text  C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            0000000076a414bb 2 bytes [A4, 76]
.text  ...                                                                                                                                                                                          * 2
?      C:\Windows\System32\NLSData0007.dll [3624] entry point in ".rdata" section                                                                                                                   000007fef268cec8
.text  C:\Program Files (x86)\Launch Manager\LManager.EXE[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                             0000000076a41465 2 bytes [A4, 76]
.text  C:\Program Files (x86)\Launch Manager\LManager.EXE[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                            0000000076a414bb 2 bytes [A4, 76]
.text  ...                                                                                                                                                                                          * 2
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                               0000000076a41465 2 bytes [A4, 76]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                              0000000076a414bb 2 bytes [A4, 76]
.text  ...                                                                                                                                                                                          * 2
.text  C:\Users\mareike\Downloads\gmer_2.1.19155.exe[440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                   0000000076a41465 2 bytes [A4, 76]
.text  C:\Users\mareike\Downloads\gmer_2.1.19155.exe[440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                  0000000076a414bb 2 bytes [A4, 76]
.text  ...                                                                                                                                                                                          * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb@DCSettingIndex  50
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556ee9790                                                                                                                  
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556ee9790 (not active ControlSet)                                                                                              

---- EOF - GMER 2.1 ----
         
--- --- ---

Ich hoffe bisher alles soweit richtig gemacht zu haben, bin völlig ratlos wies weitergehen könnte und um jede Hilfe dankbar!

Liebe_r Admin,
nachdem ich vorher vergessen hab zu erwähnen dass die beiden neuen Icons desktop.ini hießen (inzwischen im Papierkorb) kann ich nun vermelden, dass (anscheinend) alles wieder in Ordnung zu sein scheint. Sophos hat wieder nix gefunden (was ja aber scheinbar auch nichts zu sagen hat), aber die windows Fehlermeldung ist auch verschwunden. Von daher geh ich jetzt mal vom Besten aus und der Thread kann wieder gelöscht werden...
Schöne Feiertage und auf jeden Fall trotzdem vielen Dank für die verständliche Anleitung mit den Schritten

Liebe_r Admin,
vielleicht kann doch noch einmal jemand drüber gucken? Der Rechner erscheint mir deutlich verzögert zu reagieren immer noch und das sophos update war quasi richtig Arbeit um das an den Start zu bringen. Bin reichlich verunsichert, auch wenn die Virenprogramme immer noch nix finden...beurgs! verflixte viren

Geändert von bente345 (28.03.2013 um 14:33 Uhr)

Alt 30.03.2013, 15:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus - Standard

Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 03.04.2013, 08:27   #3
bente345
 
Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus - Standard

Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus



Hi,
sorry für die Verzögerung, da sind die Feiertage dazwischen gekommen. Logs mit Funden hab ich nicht, bei Malwarebytes ist nix rausgekommen und die Sophos-Berichte sind verschwunden hab ich festgestellt. Da wo Sophos mir sagt dass sie sein sollten ist viel, aber nicht die txt.-Dateien. Auf der Suche nach den Scans hab ich allerdigns festgestellt, dass das win32.-Miststück mir ganze Ordner verschlüsselt hat (nehm ich zumindest stark an, ich selbst wars nämlich nicht^^). Und zwar die Ordner "$Recycle.Bin", "Documents and Settings", "Dokumente und Einstellungen" und den Ordner "Programme". Ohje, hoffe Du bist noch da...lg in den δ-Quadrant
__________________

Alt 03.04.2013, 15:04   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus - Standard

Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus



Hatte Sophos denn etwas mal gefunden?`Wenn ja wüsstest du noch was?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.04.2013, 16:59   #5
bente345
 
Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus - Standard

Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus



nee, Sophos hat nie was gefunden. Mittlerweile hab ich den McAffee Stinger runtergeladen und durchlaufen lassen, der hat auch was gefunden und zwar den Win32/Heur.elsti und ihn auch gleich gelöscht und in den Logs stand, dass auch Sophos betroffen gewesen ist. Bin grade eigentlich wieder ganz optimistisch, die Ordner sind wieder frei und alle Fehlermeldungen weg, scheint ein Programm zu sein, das dem ganzen gewachsen zu sein ist...


Alt 03.04.2013, 20:13   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus - Standard

Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus



Sry, aber der Stinger kann nur ganz gestimmte Infektionen bekämpfen aberlängst nicht alles. Was genau bitte wurde wo genau gefunden? Bitte nicht immer nur einfach nur die Schädlingsnamen posten
__________________
--> Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus

Alt 03.04.2013, 20:39   #7
bente345
 
Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus - Standard

Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus



https://www.dropbox.com/s/f90f3aukz54nryu/Quarant%C3%A4ne.jpg
öh, so?

Alt 03.04.2013, 21:02   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus - Standard

Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus



Sieht nach typischen Fehlalarmen aus, die auftreten wenn ein Virenscanner vom Hersteller A In den Bestandteilen des Scanners von Hersteller B findet ...

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus
7-zip, adobe, adobe reader xi, application/pdf:, autorun, bho, entfernen, error, excel, fehlermeldung, firefox, flash player, format, gmer-scan, helper, home, install.exe, launch, logfile, monitor, mozilla, office 2007, pc-problem, programm, realtek, registry, rundll, scan, security, software, svchost.exe, udp, windows



Ähnliche Themen: Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus


  1. Windows-Problembericht: Entfernen des Win32/Small.CA-Virus von Ihrem PC
    Mülltonne - 28.12.2013 (1)
  2. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 16.12.2013 (4)
  3. Win7: Small.CA Virus entfernen
    Log-Analyse und Auswertung - 03.12.2013 (11)
  4. Windows sagt: Entfernen des Win32/Small.CA-Virus von Ihrem PC
    Log-Analyse und Auswertung - 03.11.2013 (15)
  5. Win 7 x64: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 31.10.2013 (15)
  6. Windows zeigt an: Entfernen des Win32 small ca virus
    Log-Analyse und Auswertung - 28.10.2013 (18)
  7. Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 21.10.2013 (9)
  8. Windows 7: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 30.09.2013 (9)
  9. Ich bekomme die Meldung win32/small.ca-virus entfernen. Was soll ich tun? Win 7 64 bit
    Log-Analyse und Auswertung - 21.09.2013 (5)
  10. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 22.07.2013 (13)
  11. Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (41)
  12. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 03.07.2013 (13)
  13. Windows 7-Medlung : Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 27.06.2013 (13)
  14. Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (19)
  15. Win7 Sicherheitscenter meldet Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (4)
  16. Win7 Wartungscenter: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 14.05.2013 (8)

Zum Thema Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus - Hallo und Hilfe liebe kompetene Menschen vom Trojaner Board, nachdem ich die Fehlermeldung (aus dem Titel) entdeckt habe, hab ich wie empfohlen zuerst das Programm "Malwarebytes Anti-Maleware" runtergeladen und durchlaufen - Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus...
Archiv
Du betrachtest: Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.