Trojaner-Board - Incredibar lässt sich nicht entfernen!

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Incredibar lässt sich nicht entfernen! (https://www.trojaner-board.de/127603-incredibar-laesst-entfernen.html)

Incredibar lässt sich nicht entfernen!

Guten Tag,
Ich habe mir durch den download von einem pdf Creator incredibar eingefangen.
Diese Startseite öffnet sich beim Öffnen des Browsers Crome.
Firefox habe ich neu aufgesetzt.Hier habe ich das Problem gelöst.

In Crome habe ich alle add ins deinstalliert, es ist dort nicht mehr zu finden.
ADW Cleaner habe ich auch darüberlaufen lassen, er hat auch etwas gefunden und hat es gelöscht.

Ich arbeite mit Windows Vista, Norton 360 ist installiert.
Norton bietet keine Lösungsvorschläge an.

Hier die Log Files:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:29:57, on 28.11.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\MultiScreen\MultiScreen.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\WePrint\WePrint Server.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\conime.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\Explorer.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\svenja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_124.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_124.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://otanywhere.opentable.de/login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MultiScreen] C:\Program Files\MultiScreen\MultiScreen.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\svenja\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Run: [Google Update] "C:\Users\svenja\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1101760962-3014260797-1857789441-1003\..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1101760962-3014260797-1857789441-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-21-1101760962-3014260797-1857789441-1004\..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: WePrint Server.lnk = C:\Program Files\WePrint\WePrint Server.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {A378EEF8-4E41-4BC4-8CBC-1ACB8686CC1D} (OTSysInfo Object) - https://otanywhere.opentable.de/download/PlugIn/OTSI.CAB
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cyberJack PC/SC COM Service (cjpcsc) - REINER SCT - C:\Windows\system32\cjpcsc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Mediencenter Service (MCSWASVR) - Deutsche Telekom AG - C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 14173 bytes

Freu mich auf Hilfe!
Viele grüße aus der Hauptstadt.
Marcus

Hallo und :hallo:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Zitat:

ADW Cleaner habe ich auch darüberlaufen lassen, er hat auch etwas gefunden und hat es gelöscht.

Und warum lässt du das Log weg? :wtf:
Die adwCleaner-Logs wären wesentlicher sinnvoller als ein Hijackthis-Log gewesen :(

Bitte keine Hijackthis-Logfiles posten!!!

Zitat:

Zitat von Larusso (Beitrag 614538)

Uns ist klar, dass HijackThis wahrscheinlich eines der bekanntesten Analysetools ist.

Jedoch scannt es nur noch sehr oberflächlich und gibt uns für eine genaue Analyse eures Systems zu wenig Informationen.

Darum, bitte keine HijackThis Logfiles posten, sondern folgendes lesen und abarbeiten.

http://www.trojaner-board.de/69886-a...-beachten.html

Nur mit diesen Informationen können wir euch helfen.

Danke :daumenhoc

Hallo Cosinos,
vielen Dank für deine Antwort und Tips.
Ich warte dann auf Info für die nächsten Steps.

lg Marcus

Zitat:

Ich warte dann auf Info für die nächsten Steps.

Kann s sein, dass du eine wichtige Frage von mir überlesen hast? ;)

Zitat:

Zitat von cosinus

Und warum lässt du das Log weg? :wtf:
Die adwCleaner-Logs wären wesentlicher sinnvoller als ein Hijackthis-Log gewesen :(

upps, sorry!
hier der Log vor der Säuberung:
# AdwCleaner v2.007 - Datei am 15/11/2012 um 08:30:23 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : svenja - MARCUS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\svenja\Downloads\AdwCleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\svenja\AppData\Local\medbarri.dat
Datei Gefunden : C:\Users\svenja\AppData\Local\medbarri.dat
Datei Gefunden : C:\Users\svenja\AppData\Local\medbarri_nav.dat
Datei Gefunden : C:\Users\svenja\AppData\Local\medbarri_nav.dat
Datei Gefunden : C:\Users\svenja\AppData\Local\medbarri_navps.dat
Datei Gefunden : C:\Users\svenja\AppData\Local\medbarri_navps.dat
Datei Gefunden : C:\Users\svenja\AppData\Roaming\Mozilla\Firefox\Profiles\ty77o4ho.default\searchplugins\MyStart Search.xml
Ordner Gefunden : C:\Program Files\RelevantKnowledge
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\marcus\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\marcus\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\svenja\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\svenja\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\svenja\AppData\Roaming\loadtbs
Ordner Gefunden : C:\Users\svenja\AppData\Roaming\Mozilla\Firefox\Profiles\ty77o4ho.default\extensions\ffxtlbr@incredibar.com
Ordner Gefunden : C:\Users\svenja\AppData\Roaming\Mozilla\Firefox\Profiles\ty77o4ho.default\extensions\software@loadtubes.com
Ordner Gefunden : C:\Users\svenja\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\Software\IB Updater
Schlüssel Gefunden : HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16443

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Profilname : default
Datei : C:\Users\svenja\AppData\Roaming\Mozilla\Firefox\Profiles\ty77o4ho.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb201?a=6OyTESYRQQ&i=26");
Gefunden : user_pref("browser.search.defaultenginename", "MyStart Search");
Gefunden : user_pref("browser.search.selectedEngine", "MyStart Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb201?a=6OyTESYRQQ&i=26");
Gefunden : user_pref("extensions.enabledAddons", "battlefieldheroespatcher@ea.com:5.0.127.0,de-DE@dictionaries.[...]
Gefunden : user_pref("extensions.incredibar.admin", false);
Gefunden : user_pref("extensions.incredibar.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar.dfltLng", "");
Gefunden : user_pref("extensions.incredibar.dfltSrch", false);
Gefunden : user_pref("extensions.incredibar.did", "10643");
Gefunden : user_pref("extensions.incredibar.excTlbr", false);
Gefunden : user_pref("extensions.incredibar.hmpg", false);
Gefunden : user_pref("extensions.incredibar.id", "ac2cc66500000000000000064f6562db");
Gefunden : user_pref("extensions.incredibar.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar.instlDay", "15653");
Gefunden : user_pref("extensions.incredibar.instlRef", "");
Gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1410:01:40");
Gefunden : user_pref("extensions.incredibar.newTab", false);
Gefunden : user_pref("extensions.incredibar.noFFXTlbr", false);
Gefunden : user_pref("extensions.incredibar.ppd", "77777166");
Gefunden : user_pref("extensions.incredibar.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar.productid", "26");
Gefunden : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyTESYRQQ&loc=IB_T[...]
Gefunden : user_pref("extensions.incredibar.upn2", "6OyTESYRQQ");
Gefunden : user_pref("extensions.incredibar.upn2n", "92262420924136416");
Gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1410:01:40");
Gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Gefunden : user_pref("extensions.incredibar_i.did", "10643");
Gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Gefunden : user_pref("extensions.incredibar_i.id", "ac2cc66500000000000000064f6562db");
Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar_i.instlDay", "15653");
Gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Gefunden : user_pref("extensions.incredibar_i.newTab", false);
Gefunden : user_pref("extensions.incredibar_i.ppd", "77777166");
Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar_i.productid", "26");
Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyTESYRQQ&loc=IB[...]
Gefunden : user_pref("extensions.incredibar_i.upn2", "6OyTESYRQQ");
Gefunden : user_pref("extensions.incredibar_i.upn2n", "92262420924136416");
Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1410:01:40");
Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gefunden : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6OyTESYRQQ&&i=26&search="[...]

Profilname : default
Datei : C:\Users\marcus\AppData\Roaming\Mozilla\Firefox\Profiles\ox69q1ek.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.64

Datei : C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.16] : urls_to_restore_on_startup = [ "hxxp://www.google.de/", "hxxp://www.google.de/", "hxxp://mystart.incredibar.com/mb201?a=6OyTESYRQQ&i=26" ]
Gefunden [l.2442] : urls_to_restore_on_startup = [ "hxxp://www.google.de/", "hxxp://www.google.de/", "hxxp://mystart.incredibar.com/mb201?a=6OyTESYRQQ&i=26" ]

*************************

AdwCleaner[R1].txt - [7549 octets] - [15/11/2012 08:30:23]

########## EOF - C:\AdwCleaner[R1].txt - [7609 octets] ##########

und nach der Säuberung:
# AdwCleaner v2.007 - Datei am 15/11/2012 um 08:49:46 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : svenja - MARCUS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\svenja\Desktop\AdwCleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\svenja\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16443

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Profilname : default
Datei : C:\Users\svenja\AppData\Roaming\Mozilla\Firefox\Profiles\ty77o4ho.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default
Datei : C:\Users\marcus\AppData\Roaming\Mozilla\Firefox\Profiles\ox69q1ek.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.64

Datei : C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [7678 octets] - [15/11/2012 08:30:23]
AdwCleaner[R2].txt - [1203 octets] - [15/11/2012 08:49:46]
AdwCleaner[S1].txt - [7491 octets] - [15/11/2012 08:31:21]

########## EOF - C:\AdwCleaner[R2].txt - [1323 octets] ##########

Die Logs bitte in CODE-Tags! :kloppen:

Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

msconfig

netsvcs

safebootminimal

safebootnetwork

activex

drivers32

%SYSTEMDRIVE%\*.

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles

%SYSTEMROOT%\System32\config\*.sav

%SYSTEMROOT%\*. /mp /s

%SYSTEMROOT%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo Cosinus,
vielen Dank für die Informationen. Ich habe deinen Anweisungen exakt gefolgt. Hier der CustomScan:

OTL Logfile:

Code:

OTL logfile created on: 29.11.2012 15:24:54 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\svenja\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16443)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 0,63 Gb Available Physical Memory | 31,66% Memory free

4,38 Gb Paging File | 1,58 Gb Available in Paging File | 36,12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 145,29 Gb Total Space | 4,70 Gb Free Space | 3,23% Space Free | Partition Type: NTFS

Drive D: | 931,51 Gb Total Space | 778,58 Gb Free Space | 83,58% Space Free | Partition Type: NTFS

Drive E: | 27,95 Gb Total Space | 5,33 Gb Free Space | 19,08% Space Free | Partition Type: NTFS

Drive G: | 144,99 Gb Total Space | 140,83 Gb Free Space | 97,13% Space Free | Partition Type: NTFS

Drive M: | 2,92 Gb Total Space | 2,52 Gb Free Space | 86,43% Space Free | Partition Type: FAT32

Drive Z: | 25,03 Gb Total Space | 14,32 Gb Free Space | 57,22% Space Free | Partition Type: NTFS

 

Computer Name: MARCUS-PC | User Name: svenja | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.11.29 15:18:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\svenja\Desktop\OTL (1).exe

PRC - [2012.11.07 09:47:34 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe

PRC - [2012.10.11 21:56:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe

PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.09.10 16:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

PRC - [2012.06.18 11:22:51 | 002,550,392 | ---- | M] (EuroSmartz Ltd) -- C:\Programme\WePrint\WePrint Server.exe

PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.0.9\ccsvchst.exe

PRC - [2012.01.17 10:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe

PRC - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) -- C:\Windows\System32\cjpcsc.exe

PRC - [2011.07.13 13:45:08 | 000,012,800 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe

PRC - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe

PRC - [2011.01.24 19:36:28 | 000,085,272 | ---- | M] (Memeo Inc.) -- C:\Programme\Memeo\AutoBackup\MemeoUpdater.exe

PRC - [2011.01.24 19:35:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe

PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009.07.22 16:54:05 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe

PRC - [2009.06.23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

PRC - [2008.02.22 02:54:02 | 000,114,688 | ---- | M] () -- C:\Programme\MultiScreen\MultiScreen.exe

PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.19 08:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe

PRC - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007.12.07 14:28:22 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe

PRC - [2007.10.11 19:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007.09.07 17:23:54 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe

PRC - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

PRC - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.10.31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

MOD - [2012.10.31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll

MOD - [2012.10.31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll

MOD - [2012.10.31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll

MOD - [2012.10.31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll

MOD - [2012.10.31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll

MOD - [2012.10.31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll

MOD - [2012.10.31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll

MOD - [2012.08.31 12:02:46 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2012.08.31 12:01:10 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

MOD - [2012.06.18 11:22:51 | 000,059,904 | ---- | M] () -- C:\Programme\WePrint\zlib1.dll

MOD - [2012.04.23 12:01:12 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2012.03.22 12:02:38 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll

MOD - [2009.03.30 05:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2009.03.30 05:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MOD - [2009.03.30 05:42:13 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.03.30 05:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

MOD - [2008.02.22 02:54:02 | 000,114,688 | ---- | M] () -- C:\Programme\MultiScreen\MultiScreen.exe

MOD - [2008.02.22 02:53:34 | 000,045,056 | ---- | M] () -- C:\Programme\MultiScreen\MGResGer.dll

MOD - [2008.02.22 02:53:20 | 000,028,672 | ---- | M] () -- C:\Programme\MultiScreen\MultiMon.dll

MOD - [2008.02.22 02:53:18 | 000,036,864 | ---- | M] () -- C:\Programme\MultiScreen\ServiceHook.dll

MOD - [2007.09.07 17:23:54 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.11.28 20:55:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.11.28 10:34:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.11.07 09:47:52 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn\x86\ramaint.exe -- (LMIMaint)

SRV - [2012.11.07 09:47:34 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)

SRV - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\System32\cjpcsc.exe -- (cjpcsc)

SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011.07.13 13:45:08 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)

SRV - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)

SRV - [2011.01.24 19:35:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)

SRV - [2011.01.11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.07.22 16:54:05 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)

SRV - [2009.06.23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)

SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)

SRV - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012.11.29 13:28:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012.11.07 09:47:35 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2012.10.24 00:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121106.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012.09.13 02:18:37 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121128.021\NAVEX15.SYS -- (NAVEX15)

DRV - [2012.09.13 02:18:37 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121128.021\NAVENG.SYS -- (NAVENG)

DRV - [2012.09.06 03:54:30 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121128.001\IDSvix86.sys -- (IDSVix86)

DRV - [2012.08.09 05:39:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012.08.09 05:39:56 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012.08.03 11:08:47 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP)

DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX)

DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360)

DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys -- (SymEFA)

DRV - [2011.11.23 19:23:20 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)

DRV - [2011.11.16 20:38:00 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symtdiv.sys -- (SYMTDIv)

DRV - [2011.11.16 20:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON)

DRV - [2011.08.15 23:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys -- (SymDS)

DRV - [2011.03.29 11:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb)

DRV - [2011.01.11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2011.01.11 18:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Programme\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2010.03.23 02:17:06 | 001,170,464 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)

DRV - [2009.07.22 16:54:05 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)

DRV - [2009.01.08 22:11:36 | 000,103,488 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)

DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)

DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)

DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)

DRV - [2008.01.09 10:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)

DRV - [2007.12.08 08:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007.12.08 08:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)

DRV - [2007.11.18 03:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007.11.06 09:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)

DRV - [2007.11.06 09:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)

DRV - [2007.07.16 10:38:06 | 000,030,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2007.07.07 14:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2007.07.03 03:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2007.05.31 07:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial)

DRV - [2007.04.03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007.01.18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2004.01.19 16:27:31 | 000,050,396 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)

DRV - [2004.01.19 16:27:26 | 000,006,828 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftlund.sys -- (FTLUND)

DRV - [2003.02.21 08:00:00 | 000,019,153 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://otanywhere.opentable.de/login.aspx

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://otanywhere.opentable.de/login.asp?dc=1&otaver=9828

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes,DefaultScope = {194C6A87-273C-4675-AFEC-CEED5412A375}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_131.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.08.05 15:48:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.11.15 10:48:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.07 13:04:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.07 13:04:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.28 10:34:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.19 11:26:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.19 11:26:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]

 

[2008.06.23 20:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Extensions

[2012.11.28 21:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions

[2010.06.12 19:38:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.05.15 08:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash

[2012.11.15 11:08:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.11.28 11:32:51 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\firefox\profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.11.15 08:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.11.28 10:34:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.11.08 19:59:03 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll

[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Perion plugin (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - Extension: DivX HiQ = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\

CHR - Extension: New tab for Chrome\u2122 = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

CHR - Extension: Norton Identity Protection = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()

O4 - HKLM..\Run: [Acer Tour]  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)

O4 - HKLM..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()

O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found

O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()

O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk = C:\Programme\WePrint\WePrint Server.exe (EuroSmartz Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Domains: fritz.box ([]* in Local intranet)

O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Ranges: Range1 ([*] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {A378EEF8-4E41-4BC4-8CBC-1ACB8686CC1D} https://otanywhere.opentable.de/download/PlugIn/OTSI.CAB (OTSysInfo Object)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5523D953-78C1-4DDA-BFD1-B4DE82E9D1F9}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989AD318-57BC-47A0-961F-6C696470C3D7}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010.02.15 05:53:50 | 000,000,027 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2002.08.14 12:42:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{a43d5708-9b6b-11dd-815e-001d92a603f0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe BÜRO_1.vbs

O33 - MountPoints2\{ccf0b438-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe

O33 - MountPoints2\{ccf0b43f-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe

O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun

O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a

O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun

O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.)

MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

MsConfig - StartUpReg: PCMMediaSharing - hkey= - key= -  File not found

MsConfig - State: "startup" - 2

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.29 15:18:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\svenja\Desktop\OTL (1).exe

[2012.11.29 13:28:23 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.11.28 11:16:54 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012.11.28 11:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012.11.28 10:56:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Malwarebytes

[2012.11.28 10:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.11.28 10:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.11.28 10:56:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.11.28 10:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.11.28 10:44:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\Macromedia

[2012.11.22 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1

[2012.11.22 11:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\SignageStudio

[2012.11.22 11:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2012.11.22 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\TeamViewer

[2012.11.22 08:30:53 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org

[2012.11.21 20:45:39 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1

[2012.11.21 20:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2012.11.21 20:38:01 | 000,000,000 | ---D | C] -- C:\Users\svenja\Desktop\OpenOffice.org 3.4.1 (de) Installation Files

[2012.11.19 11:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.11.19 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

[2012.11.19 11:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.11.19 11:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.11.19 11:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2012.11.19 11:09:43 | 000,000,000 | ---D | C] -- C:\Windows\LastGood

[2012.11.19 11:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012.11.17 16:56:51 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\HPAppData

[2012.11.15 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\join.me

[2012.11.15 08:43:22 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\pdfforge

[2012.11.09 10:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator

[2012.11.09 10:13:31 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll

[2012.11.09 10:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator

[2012.11.09 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\svenja\Local Settings

[2012.11.09 10:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Perion

[2012.11.08 11:18:57 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\convert

[2012.11.08 10:39:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneSMSExport

[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPhoneSMSExport

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.29 15:20:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000UA.job

[2012.11.29 15:18:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\svenja\Desktop\OTL (1).exe

[2012.11.29 14:55:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.29 14:55:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.29 14:55:24 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.11.29 14:53:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.11.29 14:00:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.11.29 13:28:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.11.28 19:20:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000Core.job

[2012.11.28 17:15:09 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for svenja.job

[2012.11.28 12:25:05 | 000,002,090 | ---- | M] () -- C:\Users\svenja\Desktop\Google Chrome.lnk

[2012.11.28 11:16:54 | 000,001,950 | ---- | M] () -- C:\Users\svenja\Desktop\HiJackThis.lnk

[2012.11.28 10:56:05 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.11.23 10:01:29 | 000,000,099 | ---- | M] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat

[2012.11.22 11:07:54 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\SignageStudio.lnk

[2012.11.22 11:07:49 | 000,142,336 | ---- | M] () -- C:\Users\svenja\Desktop\SignageStudio.exe

[2012.11.21 20:45:40 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk

[2012.11.21 19:57:15 | 000,002,623 | ---- | M] () -- C:\Users\svenja\Desktop\Microsoft Word.lnk

[2012.11.19 11:26:25 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012.11.19 11:17:59 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.11.17 21:55:06 | 000,427,829 | ---- | M] () -- C:\Users\svenja\Desktop\silvestermailing2012.pdf

[2012.11.15 12:29:52 | 000,000,907 | ---- | M] () -- C:\Users\svenja\Desktop\join.me.lnk

[2012.11.15 10:54:57 | 000,628,524 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.11.15 10:54:57 | 000,595,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.11.15 10:54:57 | 000,126,074 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.11.15 10:54:57 | 000,103,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.11.15 10:47:42 | 000,297,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.11.15 10:47:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.11.15 10:46:00 | 2146,611,200 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.15 08:51:09 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.11.15 08:29:47 | 000,541,569 | ---- | M] () -- C:\Users\svenja\Desktop\AdwCleaner.exe

[2012.11.09 10:13:39 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk

[2012.11.09 10:13:39 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk

[2012.11.09 10:04:06 | 000,001,233 | ---- | M] () -- C:\Users\svenja\Desktop\PDFCreator - Verknüpfung.lnk

[2012.11.09 08:19:02 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\OTLauncher.lnk

[2012.11.08 10:52:19 | 000,000,021 | ---- | M] () -- C:\Users\svenja\AppData\Local\mc.pixel.data

[2012.11.07 09:47:35 | 000,083,912 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll

[2012.11.07 09:47:34 | 000,092,072 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll

[2012.11.07 09:47:34 | 000,031,144 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll

[2012.11.05 08:41:45 | 000,000,905 | ---- | M] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.11.28 11:16:54 | 000,001,950 | ---- | C] () -- C:\Users\svenja\Desktop\HiJackThis.lnk

[2012.11.28 10:56:05 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.11.23 10:02:08 | 000,142,336 | ---- | C] () -- C:\Users\svenja\Desktop\SignageStudio.exe

[2012.11.22 11:08:06 | 000,000,099 | ---- | C] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat

[2012.11.22 11:07:54 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SignageStudio.lnk

[2012.11.22 11:07:53 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\SignageStudio.lnk

[2012.11.21 20:45:40 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk

[2012.11.21 11:38:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.11.17 21:55:06 | 000,427,829 | ---- | C] () -- C:\Users\svenja\Desktop\silvestermailing2012.pdf

[2012.11.15 12:29:52 | 000,000,907 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk

[2012.11.15 12:29:50 | 000,000,907 | ---- | C] () -- C:\Users\svenja\Desktop\join.me.lnk

[2012.11.15 08:51:08 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.11.15 08:51:08 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.11.15 08:29:35 | 000,541,569 | ---- | C] () -- C:\Users\svenja\Desktop\AdwCleaner.exe

[2012.11.09 10:13:39 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk

[2012.11.09 10:13:39 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk

[2012.11.09 08:19:02 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\OTLauncher.lnk

[2012.11.05 08:41:44 | 000,000,905 | ---- | C] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk

[2012.08.25 10:33:41 | 000,003,730 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\wklnhst.dat

[2011.12.18 15:25:02 | 000,094,564 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2011.12.05 18:21:29 | 000,000,600 | ---- | C] () -- C:\Users\svenja\AppData\Local\PUTTY.RND

[2011.11.06 14:23:06 | 000,273,500 | ---- | C] () -- C:\Windows\hpwins05.dat

[2011.11.06 14:23:06 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat

[2011.10.22 23:09:14 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011.10.22 23:09:13 | 000,138,056 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\PnkBstrK.sys

[2011.10.22 23:08:58 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2011.10.22 23:08:41 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2011.09.18 08:46:54 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini

[2011.09.18 08:45:16 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll

[2011.09.18 08:45:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll

[2011.08.15 07:03:39 | 000,274,115 | ---- | C] () -- C:\Windows\hpwins05.dat.temp

[2011.08.15 06:59:15 | 000,000,725 | ---- | C] () -- C:\Windows\wsnk.ini

[2011.08.08 20:28:49 | 000,000,021 | ---- | C] () -- C:\Users\svenja\AppData\Local\mc.pixel.data

[2011.08.01 09:19:15 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp

[2011.05.04 07:35:40 | 000,000,680 | ---- | C] () -- C:\Users\svenja\AppData\Local\d3d9caps.dat

[2011.04.11 18:32:36 | 000,001,940 | ---- | C] () -- C:\Users\svenja\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010.12.19 19:19:14 | 000,000,054 | ---- | C] () -- C:\Windows\System32\opentable.ini

[2009.06.25 19:49:47 | 000,000,092 | ---- | C] () -- C:\Users\svenja\AppData\Local\cuyyo.bat

[2009.06.02 09:47:50 | 000,024,206 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\UserTile.png

[2009.01.14 18:55:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2008.09.21 12:12:15 | 000,015,872 | ---- | C] () -- C:\Users\svenja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.07.20 15:57:10 | 000,001,891 | ---- | C] () -- C:\Users\svenja\ZENcast Organizer.lnk

[2008.07.20 15:56:45 | 000,000,124 | ---- | C] () -- C:\Users\svenja\ZEN Media Explorer.lnk

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2011.09.08 05:43:38 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\Memeo

[2011.09.08 05:43:38 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\Seagate

[2012.03.14 08:33:32 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\Thunderbird

[2012.07.25 20:39:05 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\YouSendIt

[2012.11.08 11:18:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\convert

[2012.11.29 13:28:08 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Dropbox

[2012.11.29 10:44:55 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FileZilla

[2011.11.29 18:25:42 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FLAC to MP3 Converter

[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Image Zone Express

[2011.08.22 18:46:46 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Leadertech

[2009.07.22 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\LEAPS

[2011.02.07 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Local

[2011.08.22 18:52:51 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Memeo

[2012.11.22 08:30:53 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org

[2012.11.15 08:43:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\pdfforge

[2009.06.02 09:47:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\PeerNetworking

[2009.07.22 16:59:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Pegasys Inc

[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Printer Info Cache

[2011.07.22 06:16:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Registry Mechanic

[2011.08.22 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seagate

[2011.12.05 16:42:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seas0nPass

[2012.11.22 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1

[2010.01.31 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Sony

[2012.11.22 10:58:47 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\TeamViewer

[2012.08.25 10:33:48 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Template

[2011.07.20 08:29:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Thunderbird

[2012.08.17 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\uTorrent

[2012.01.06 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\XMedia Recode

[2012.07.11 12:52:00 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\YouSendIt

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2009.07.23 08:44:02 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2008.06.21 15:21:46 | 000,000,000 | ---D | M] -- C:\Acer

[2012.03.12 08:48:25 | 000,000,000 | ---D | M] -- C:\AirPrint

[2008.03.29 10:01:33 | 000,000,000 | ---D | M] -- C:\Book

[2009.12.24 15:54:34 | 000,000,000 | -HSD | M] -- C:\Boot

[2012.11.28 11:16:55 | 000,000,000 | -H-D | M] -- C:\Config.Msi

[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2008.06.21 15:08:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2008.03.29 10:01:33 | 000,000,000 | ---D | M] -- C:\DRV

[2008.03.29 03:31:02 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2011.08.16 11:37:40 | 000,000,000 | ---D | M] -- C:\N360_BACKUP

[2012.05.26 12:04:08 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2012.11.09 08:18:38 | 000,000,000 | ---D | M] -- C:\OpenTable

[2008.08.30 02:27:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.11.28 11:16:52 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.11.28 10:56:02 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2008.06.21 15:08:38 | 000,000,000 | -HSD | M] -- C:\Programme

[2012.11.29 15:32:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012.03.05 15:38:55 | 000,000,000 | R--D | M] -- C:\Users

[2012.11.28 11:14:52 | 000,000,000 | ---D | M] -- C:\vom Netz

[2012.11.19 11:09:43 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.11.22 11:06:49 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Adobe

[2011.12.19 16:52:37 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Apple Computer

[2012.11.08 11:18:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\convert

[2011.02.04 10:18:10 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Creative

[2011.02.07 12:45:07 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\DivX

[2012.11.29 13:28:08 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Dropbox

[2009.12.25 17:58:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FastStone

[2012.11.29 10:44:55 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FileZilla

[2011.11.29 18:25:42 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FLAC to MP3 Converter

[2010.12.19 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\HP

[2012.11.17 16:56:51 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\HPAppData

[2012.01.03 20:11:49 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\HpUpdate

[2008.06.21 15:18:37 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Identities

[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Image Zone Express

[2010.12.19 12:03:24 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\InstallShield

[2011.08.22 18:46:46 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Leadertech

[2009.07.22 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\LEAPS

[2011.02.07 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Local

[2012.03.05 11:17:14 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Logishrd

[2012.03.05 11:17:05 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Logitech

[2008.06.21 15:19:20 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Macromedia

[2012.11.28 10:56:25 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Malwarebytes

[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Media Center Programs

[2011.08.22 18:52:51 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Memeo

[2012.11.28 10:44:25 | 000,000,000 | --SD | M] -- C:\Users\svenja\AppData\Roaming\Microsoft

[2008.06.23 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Mozilla

[2012.03.05 15:39:02 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Nero

[2012.11.22 08:30:53 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org

[2012.11.15 08:43:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\pdfforge

[2009.06.02 09:47:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\PeerNetworking

[2009.07.22 16:59:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Pegasys Inc

[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Printer Info Cache

[2011.07.22 06:16:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Registry Mechanic

[2011.08.22 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seagate

[2011.12.05 16:42:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seas0nPass

[2012.11.22 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1

[2010.01.31 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Sony

[2012.11.22 10:58:47 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\TeamViewer

[2012.08.25 10:33:48 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Template

[2011.07.20 08:29:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Thunderbird

[2012.08.17 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\uTorrent

[2009.11.26 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\vlc

[2012.01.06 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\XMedia Recode

[2012.07.11 12:52:00 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\YouSendIt

 
 < %APPDATA%\*.exe /s >

[2012.11.08 19:59:06 | 012,697,088 | ---- | M] () -- C:\Users\svenja\AppData\Roaming\convert\convert.exe

[2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.08.27 05:21:14 | 000,874,384 | ---- | M] (Dropbox, Inc.) -- C:\Users\svenja\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

[2012.08.27 05:21:24 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\svenja\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2012.11.22 11:03:54 | 000,055,424 | ---- | M] (Adobe Systems Inc.) -- C:\Users\svenja\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011.09.15 13:43:34 | 030,178,880 | ---- | M] (Memeo) -- C:\Users\svenja\AppData\Roaming\Memeo\AutoBackup\temp\7876_sgmr_ib_ALL_IN_ONE_setup.exe

[2012.11.28 11:16:55 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\svenja\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

[2011.02.21 07:08:03 | 000,010,134 | R--- | M] () -- C:\Users\svenja\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe

[2011.08.22 18:54:15 | 014,225,048 | ---- | M] () -- C:\Users\svenja\AppData\Roaming\Seagate\Seagate Dashboard\temp\SeagateDashboard_1421_Better_Setup.exe

 
 < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >

 
 < %SYSTEMROOT%\System32\config\*.sav >

[2008.03.29 10:02:12 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.03.29 10:02:11 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.03.29 10:02:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2008.03.29 10:02:20 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2008.03.29 10:02:21 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %SYSTEMROOT%\*. /mp /s >

 
 < %SYSTEMROOT%\system32\*.dll /lockedfiles >

 
 <           >

[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2006.11.02 14:01:49 | 000,032,540 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.01.30 12:12:18 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000Core.job

[2011.01.30 12:12:20 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000UA.job

[2011.02.07 15:53:01 | 000,000,438 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for svenja.job

[2011.10.03 16:18:05 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2011.10.03 16:18:07 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[2012.11.21 11:38:12 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 24 bytes -> C:\Windows:0EA9150163ACD6C9

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
 

< End of report >

--- --- ---

Hallo Cosinus,
vielen Dank für die Informationen. Ich habe deinen Anweisungen exakt gefolgt. Hier der CustomScan:

OTL Logfile:

Code:

OTL logfile created on: 29.11.2012 15:24:54 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\svenja\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16443)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 0,63 Gb Available Physical Memory | 31,66% Memory free

4,38 Gb Paging File | 1,58 Gb Available in Paging File | 36,12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 145,29 Gb Total Space | 4,70 Gb Free Space | 3,23% Space Free | Partition Type: NTFS

Drive D: | 931,51 Gb Total Space | 778,58 Gb Free Space | 83,58% Space Free | Partition Type: NTFS

Drive E: | 27,95 Gb Total Space | 5,33 Gb Free Space | 19,08% Space Free | Partition Type: NTFS

Drive G: | 144,99 Gb Total Space | 140,83 Gb Free Space | 97,13% Space Free | Partition Type: NTFS

Drive M: | 2,92 Gb Total Space | 2,52 Gb Free Space | 86,43% Space Free | Partition Type: FAT32

Drive Z: | 25,03 Gb Total Space | 14,32 Gb Free Space | 57,22% Space Free | Partition Type: NTFS

 

Computer Name: MARCUS-PC | User Name: svenja | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.11.29 15:18:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\svenja\Desktop\OTL (1).exe

PRC - [2012.11.07 09:47:34 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe

PRC - [2012.10.11 21:56:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe

PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012.09.10 16:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

PRC - [2012.06.18 11:22:51 | 002,550,392 | ---- | M] (EuroSmartz Ltd) -- C:\Programme\WePrint\WePrint Server.exe

PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.0.9\ccsvchst.exe

PRC - [2012.01.17 10:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe

PRC - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) -- C:\Windows\System32\cjpcsc.exe

PRC - [2011.07.13 13:45:08 | 000,012,800 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe

PRC - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe

PRC - [2011.01.24 19:36:28 | 000,085,272 | ---- | M] (Memeo Inc.) -- C:\Programme\Memeo\AutoBackup\MemeoUpdater.exe

PRC - [2011.01.24 19:35:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe

PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009.07.22 16:54:05 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe

PRC - [2009.06.23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

PRC - [2008.02.22 02:54:02 | 000,114,688 | ---- | M] () -- C:\Programme\MultiScreen\MultiScreen.exe

PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.19 08:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe

PRC - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007.12.07 14:28:22 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe

PRC - [2007.10.11 19:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007.09.07 17:23:54 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe

PRC - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

PRC - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.10.31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

MOD - [2012.10.31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll

MOD - [2012.10.31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll

MOD - [2012.10.31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll

MOD - [2012.10.31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll

MOD - [2012.10.31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll

MOD - [2012.10.31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll

MOD - [2012.10.31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll

MOD - [2012.08.31 12:02:46 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2012.08.31 12:01:10 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

MOD - [2012.06.18 11:22:51 | 000,059,904 | ---- | M] () -- C:\Programme\WePrint\zlib1.dll

MOD - [2012.04.23 12:01:12 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2012.03.22 12:02:38 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll

MOD - [2009.03.30 05:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2009.03.30 05:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MOD - [2009.03.30 05:42:13 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.03.30 05:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

MOD - [2008.02.22 02:54:02 | 000,114,688 | ---- | M] () -- C:\Programme\MultiScreen\MultiScreen.exe

MOD - [2008.02.22 02:53:34 | 000,045,056 | ---- | M] () -- C:\Programme\MultiScreen\MGResGer.dll

MOD - [2008.02.22 02:53:20 | 000,028,672 | ---- | M] () -- C:\Programme\MultiScreen\MultiMon.dll

MOD - [2008.02.22 02:53:18 | 000,036,864 | ---- | M] () -- C:\Programme\MultiScreen\ServiceHook.dll

MOD - [2007.09.07 17:23:54 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.11.28 20:55:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.11.28 10:34:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.11.07 09:47:52 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn\x86\ramaint.exe -- (LMIMaint)

SRV - [2012.11.07 09:47:34 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)

SRV - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\System32\cjpcsc.exe -- (cjpcsc)

SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011.07.13 13:45:08 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)

SRV - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)

SRV - [2011.01.24 19:35:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)

SRV - [2011.01.11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009.07.22 16:54:05 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)

SRV - [2009.06.23 15:59:32 | 000,259,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)

SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007.04.16 18:48:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)

SRV - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012.11.29 13:28:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012.11.07 09:47:35 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2012.10.24 00:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121106.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012.09.13 02:18:37 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121128.021\NAVEX15.SYS -- (NAVEX15)

DRV - [2012.09.13 02:18:37 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121128.021\NAVENG.SYS -- (NAVENG)

DRV - [2012.09.06 03:54:30 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121128.001\IDSvix86.sys -- (IDSVix86)

DRV - [2012.08.09 05:39:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012.08.09 05:39:56 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012.08.03 11:08:47 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP)

DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX)

DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360)

DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys -- (SymEFA)

DRV - [2011.11.23 19:23:20 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)

DRV - [2011.11.16 20:38:00 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symtdiv.sys -- (SYMTDIv)

DRV - [2011.11.16 20:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON)

DRV - [2011.08.15 23:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys -- (SymDS)

DRV - [2011.03.29 11:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb)

DRV - [2011.01.11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2011.01.11 18:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Programme\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2010.03.23 02:17:06 | 001,170,464 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)

DRV - [2009.07.22 16:54:05 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)

DRV - [2009.01.08 22:11:36 | 000,103,488 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)

DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)

DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)

DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)

DRV - [2008.01.09 10:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)

DRV - [2007.12.08 08:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007.12.08 08:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)

DRV - [2007.11.18 03:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007.11.06 09:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)

DRV - [2007.11.06 09:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)

DRV - [2007.07.16 10:38:06 | 000,030,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2007.07.07 14:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2007.07.03 03:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2007.05.31 07:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial)

DRV - [2007.04.03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007.01.18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2004.01.19 16:27:31 | 000,050,396 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)

DRV - [2004.01.19 16:27:26 | 000,006,828 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftlund.sys -- (FTLUND)

DRV - [2003.02.21 08:00:00 | 000,019,153 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://otanywhere.opentable.de/login.aspx

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://otanywhere.opentable.de/login.asp?dc=1&otaver=9828

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes,DefaultScope = {194C6A87-273C-4675-AFEC-CEED5412A375}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_131.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.08.05 15:48:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.11.15 10:48:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.07 13:04:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.07 13:04:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.28 10:34:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.19 11:26:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.19 11:26:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]

 

[2008.06.23 20:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Extensions

[2012.11.28 21:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions

[2010.06.12 19:38:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.05.15 08:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash

[2012.11.15 11:08:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.11.28 11:32:51 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\firefox\profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.11.15 08:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.11.28 10:34:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.11.08 19:59:03 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll

[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Perion plugin (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - Extension: DivX HiQ = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\

CHR - Extension: New tab for Chrome\u2122 = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

CHR - Extension: Norton Identity Protection = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()

O4 - HKLM..\Run: [Acer Tour]  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)

O4 - HKLM..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()

O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found

O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()

O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk = C:\Programme\WePrint\WePrint Server.exe (EuroSmartz Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Domains: fritz.box ([]* in Local intranet)

O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Ranges: Range1 ([*] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {A378EEF8-4E41-4BC4-8CBC-1ACB8686CC1D} https://otanywhere.opentable.de/download/PlugIn/OTSI.CAB (OTSysInfo Object)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5523D953-78C1-4DDA-BFD1-B4DE82E9D1F9}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989AD318-57BC-47A0-961F-6C696470C3D7}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010.02.15 05:53:50 | 000,000,027 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2002.08.14 12:42:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{a43d5708-9b6b-11dd-815e-001d92a603f0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe BÜRO_1.vbs

O33 - MountPoints2\{ccf0b438-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe

O33 - MountPoints2\{ccf0b43f-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe

O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun

O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a

O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun

O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.)

MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

MsConfig - StartUpReg: PCMMediaSharing - hkey= - key= -  File not found

MsConfig - State: "startup" - 2

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.29 15:18:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\svenja\Desktop\OTL (1).exe

[2012.11.29 13:28:23 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.11.28 11:16:54 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012.11.28 11:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012.11.28 10:56:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Malwarebytes

[2012.11.28 10:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.11.28 10:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.11.28 10:56:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.11.28 10:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.11.28 10:44:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\Macromedia

[2012.11.22 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1

[2012.11.22 11:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\SignageStudio

[2012.11.22 11:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2012.11.22 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\TeamViewer

[2012.11.22 08:30:53 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org

[2012.11.21 20:45:39 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1

[2012.11.21 20:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2012.11.21 20:38:01 | 000,000,000 | ---D | C] -- C:\Users\svenja\Desktop\OpenOffice.org 3.4.1 (de) Installation Files

[2012.11.19 11:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.11.19 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

[2012.11.19 11:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.11.19 11:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.11.19 11:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2012.11.19 11:09:43 | 000,000,000 | ---D | C] -- C:\Windows\LastGood

[2012.11.19 11:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012.11.17 16:56:51 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\HPAppData

[2012.11.15 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\join.me

[2012.11.15 08:43:22 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\pdfforge

[2012.11.09 10:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator

[2012.11.09 10:13:31 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll

[2012.11.09 10:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator

[2012.11.09 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\svenja\Local Settings

[2012.11.09 10:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Perion

[2012.11.08 11:18:57 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\convert

[2012.11.08 10:39:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneSMSExport

[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPhoneSMSExport

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.29 15:20:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000UA.job

[2012.11.29 15:18:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\svenja\Desktop\OTL (1).exe

[2012.11.29 14:55:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.29 14:55:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.29 14:55:24 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.11.29 14:53:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.11.29 14:00:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.11.29 13:28:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.11.28 19:20:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000Core.job

[2012.11.28 17:15:09 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for svenja.job

[2012.11.28 12:25:05 | 000,002,090 | ---- | M] () -- C:\Users\svenja\Desktop\Google Chrome.lnk

[2012.11.28 11:16:54 | 000,001,950 | ---- | M] () -- C:\Users\svenja\Desktop\HiJackThis.lnk

[2012.11.28 10:56:05 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.11.23 10:01:29 | 000,000,099 | ---- | M] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat

[2012.11.22 11:07:54 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\SignageStudio.lnk

[2012.11.22 11:07:49 | 000,142,336 | ---- | M] () -- C:\Users\svenja\Desktop\SignageStudio.exe

[2012.11.21 20:45:40 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk

[2012.11.21 19:57:15 | 000,002,623 | ---- | M] () -- C:\Users\svenja\Desktop\Microsoft Word.lnk

[2012.11.19 11:26:25 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012.11.19 11:17:59 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.11.17 21:55:06 | 000,427,829 | ---- | M] () -- C:\Users\svenja\Desktop\silvestermailing2012.pdf

[2012.11.15 12:29:52 | 000,000,907 | ---- | M] () -- C:\Users\svenja\Desktop\join.me.lnk

[2012.11.15 10:54:57 | 000,628,524 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.11.15 10:54:57 | 000,595,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.11.15 10:54:57 | 000,126,074 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.11.15 10:54:57 | 000,103,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.11.15 10:47:42 | 000,297,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.11.15 10:47:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.11.15 10:46:00 | 2146,611,200 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.15 08:51:09 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.11.15 08:29:47 | 000,541,569 | ---- | M] () -- C:\Users\svenja\Desktop\AdwCleaner.exe

[2012.11.09 10:13:39 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk

[2012.11.09 10:13:39 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk

[2012.11.09 10:04:06 | 000,001,233 | ---- | M] () -- C:\Users\svenja\Desktop\PDFCreator - Verknüpfung.lnk

[2012.11.09 08:19:02 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\OTLauncher.lnk

[2012.11.08 10:52:19 | 000,000,021 | ---- | M] () -- C:\Users\svenja\AppData\Local\mc.pixel.data

[2012.11.07 09:47:35 | 000,083,912 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll

[2012.11.07 09:47:34 | 000,092,072 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll

[2012.11.07 09:47:34 | 000,031,144 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll

[2012.11.05 08:41:45 | 000,000,905 | ---- | M] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.11.28 11:16:54 | 000,001,950 | ---- | C] () -- C:\Users\svenja\Desktop\HiJackThis.lnk

[2012.11.28 10:56:05 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.11.23 10:02:08 | 000,142,336 | ---- | C] () -- C:\Users\svenja\Desktop\SignageStudio.exe

[2012.11.22 11:08:06 | 000,000,099 | ---- | C] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat

[2012.11.22 11:07:54 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SignageStudio.lnk

[2012.11.22 11:07:53 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\SignageStudio.lnk

[2012.11.21 20:45:40 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk

[2012.11.21 11:38:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.11.17 21:55:06 | 000,427,829 | ---- | C] () -- C:\Users\svenja\Desktop\silvestermailing2012.pdf

[2012.11.15 12:29:52 | 000,000,907 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk

[2012.11.15 12:29:50 | 000,000,907 | ---- | C] () -- C:\Users\svenja\Desktop\join.me.lnk

[2012.11.15 08:51:08 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.11.15 08:51:08 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.11.15 08:29:35 | 000,541,569 | ---- | C] () -- C:\Users\svenja\Desktop\AdwCleaner.exe

[2012.11.09 10:13:39 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk

[2012.11.09 10:13:39 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk

[2012.11.09 08:19:02 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\OTLauncher.lnk

[2012.11.05 08:41:44 | 000,000,905 | ---- | C] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk

[2012.08.25 10:33:41 | 000,003,730 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\wklnhst.dat

[2011.12.18 15:25:02 | 000,094,564 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2011.12.05 18:21:29 | 000,000,600 | ---- | C] () -- C:\Users\svenja\AppData\Local\PUTTY.RND

[2011.11.06 14:23:06 | 000,273,500 | ---- | C] () -- C:\Windows\hpwins05.dat

[2011.11.06 14:23:06 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat

[2011.10.22 23:09:14 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011.10.22 23:09:13 | 000,138,056 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\PnkBstrK.sys

[2011.10.22 23:08:58 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2011.10.22 23:08:41 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2011.09.18 08:46:54 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini

[2011.09.18 08:45:16 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll

[2011.09.18 08:45:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll

[2011.08.15 07:03:39 | 000,274,115 | ---- | C] () -- C:\Windows\hpwins05.dat.temp

[2011.08.15 06:59:15 | 000,000,725 | ---- | C] () -- C:\Windows\wsnk.ini

[2011.08.08 20:28:49 | 000,000,021 | ---- | C] () -- C:\Users\svenja\AppData\Local\mc.pixel.data

[2011.08.01 09:19:15 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp

[2011.05.04 07:35:40 | 000,000,680 | ---- | C] () -- C:\Users\svenja\AppData\Local\d3d9caps.dat

[2011.04.11 18:32:36 | 000,001,940 | ---- | C] () -- C:\Users\svenja\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010.12.19 19:19:14 | 000,000,054 | ---- | C] () -- C:\Windows\System32\opentable.ini

[2009.06.25 19:49:47 | 000,000,092 | ---- | C] () -- C:\Users\svenja\AppData\Local\cuyyo.bat

[2009.06.02 09:47:50 | 000,024,206 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\UserTile.png

[2009.01.14 18:55:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2008.09.21 12:12:15 | 000,015,872 | ---- | C] () -- C:\Users\svenja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.07.20 15:57:10 | 000,001,891 | ---- | C] () -- C:\Users\svenja\ZENcast Organizer.lnk

[2008.07.20 15:56:45 | 000,000,124 | ---- | C] () -- C:\Users\svenja\ZEN Media Explorer.lnk

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2011.09.08 05:43:38 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\Memeo

[2011.09.08 05:43:38 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\Seagate

[2012.03.14 08:33:32 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\Thunderbird

[2012.07.25 20:39:05 | 000,000,000 | ---D | M] -- C:\Users\marcus\AppData\Roaming\YouSendIt

[2012.11.08 11:18:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\convert

[2012.11.29 13:28:08 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Dropbox

[2012.11.29 10:44:55 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FileZilla

[2011.11.29 18:25:42 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FLAC to MP3 Converter

[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Image Zone Express

[2011.08.22 18:46:46 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Leadertech

[2009.07.22 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\LEAPS

[2011.02.07 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Local

[2011.08.22 18:52:51 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Memeo

[2012.11.22 08:30:53 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org

[2012.11.15 08:43:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\pdfforge

[2009.06.02 09:47:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\PeerNetworking

[2009.07.22 16:59:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Pegasys Inc

[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Printer Info Cache

[2011.07.22 06:16:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Registry Mechanic

[2011.08.22 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seagate

[2011.12.05 16:42:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seas0nPass

[2012.11.22 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1

[2010.01.31 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Sony

[2012.11.22 10:58:47 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\TeamViewer

[2012.08.25 10:33:48 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Template

[2011.07.20 08:29:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Thunderbird

[2012.08.17 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\uTorrent

[2012.01.06 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\XMedia Recode

[2012.07.11 12:52:00 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\YouSendIt

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2009.07.23 08:44:02 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2008.06.21 15:21:46 | 000,000,000 | ---D | M] -- C:\Acer

[2012.03.12 08:48:25 | 000,000,000 | ---D | M] -- C:\AirPrint

[2008.03.29 10:01:33 | 000,000,000 | ---D | M] -- C:\Book

[2009.12.24 15:54:34 | 000,000,000 | -HSD | M] -- C:\Boot

[2012.11.28 11:16:55 | 000,000,000 | -H-D | M] -- C:\Config.Msi

[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2008.06.21 15:08:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2008.03.29 10:01:33 | 000,000,000 | ---D | M] -- C:\DRV

[2008.03.29 03:31:02 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2011.08.16 11:37:40 | 000,000,000 | ---D | M] -- C:\N360_BACKUP

[2012.05.26 12:04:08 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2012.11.09 08:18:38 | 000,000,000 | ---D | M] -- C:\OpenTable

[2008.08.30 02:27:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.11.28 11:16:52 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.11.28 10:56:02 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2008.06.21 15:08:38 | 000,000,000 | -HSD | M] -- C:\Programme

[2012.11.29 15:32:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012.03.05 15:38:55 | 000,000,000 | R--D | M] -- C:\Users

[2012.11.28 11:14:52 | 000,000,000 | ---D | M] -- C:\vom Netz

[2012.11.19 11:09:43 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.11.22 11:06:49 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Adobe

[2011.12.19 16:52:37 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Apple Computer

[2012.11.08 11:18:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\convert

[2011.02.04 10:18:10 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Creative

[2011.02.07 12:45:07 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\DivX

[2012.11.29 13:28:08 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Dropbox

[2009.12.25 17:58:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FastStone

[2012.11.29 10:44:55 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FileZilla

[2011.11.29 18:25:42 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\FLAC to MP3 Converter

[2010.12.19 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\HP

[2012.11.17 16:56:51 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\HPAppData

[2012.01.03 20:11:49 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\HpUpdate

[2008.06.21 15:18:37 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Identities

[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Image Zone Express

[2010.12.19 12:03:24 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\InstallShield

[2011.08.22 18:46:46 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Leadertech

[2009.07.22 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\LEAPS

[2011.02.07 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Local

[2012.03.05 11:17:14 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Logishrd

[2012.03.05 11:17:05 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Logitech

[2008.06.21 15:19:20 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Macromedia

[2012.11.28 10:56:25 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Malwarebytes

[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Media Center Programs

[2011.08.22 18:52:51 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Memeo

[2012.11.28 10:44:25 | 000,000,000 | --SD | M] -- C:\Users\svenja\AppData\Roaming\Microsoft

[2008.06.23 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Mozilla

[2012.03.05 15:39:02 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Nero

[2012.11.22 08:30:53 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org

[2012.11.15 08:43:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\pdfforge

[2009.06.02 09:47:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\PeerNetworking

[2009.07.22 16:59:57 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Pegasys Inc

[2009.03.03 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Printer Info Cache

[2011.07.22 06:16:22 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Registry Mechanic

[2011.08.22 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seagate

[2011.12.05 16:42:50 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Seas0nPass

[2012.11.22 11:08:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1

[2010.01.31 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Sony

[2012.11.22 10:58:47 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\TeamViewer

[2012.08.25 10:33:48 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Template

[2011.07.20 08:29:03 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\Thunderbird

[2012.08.17 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\uTorrent

[2009.11.26 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\vlc

[2012.01.06 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\XMedia Recode

[2012.07.11 12:52:00 | 000,000,000 | ---D | M] -- C:\Users\svenja\AppData\Roaming\YouSendIt

 
 < %APPDATA%\*.exe /s >

[2012.11.08 19:59:06 | 012,697,088 | ---- | M] () -- C:\Users\svenja\AppData\Roaming\convert\convert.exe

[2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.08.27 05:21:14 | 000,874,384 | ---- | M] (Dropbox, Inc.) -- C:\Users\svenja\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

[2012.08.27 05:21:24 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\svenja\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2012.11.22 11:03:54 | 000,055,424 | ---- | M] (Adobe Systems Inc.) -- C:\Users\svenja\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011.09.15 13:43:34 | 030,178,880 | ---- | M] (Memeo) -- C:\Users\svenja\AppData\Roaming\Memeo\AutoBackup\temp\7876_sgmr_ib_ALL_IN_ONE_setup.exe

[2012.11.28 11:16:55 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\svenja\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

[2011.02.21 07:08:03 | 000,010,134 | R--- | M] () -- C:\Users\svenja\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe

[2011.08.22 18:54:15 | 014,225,048 | ---- | M] () -- C:\Users\svenja\AppData\Roaming\Seagate\Seagate Dashboard\temp\SeagateDashboard_1421_Better_Setup.exe

 
 < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >

 
 < %SYSTEMROOT%\System32\config\*.sav >

[2008.03.29 10:02:12 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.03.29 10:02:11 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.03.29 10:02:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2008.03.29 10:02:20 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2008.03.29 10:02:21 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %SYSTEMROOT%\*. /mp /s >

 
 < %SYSTEMROOT%\system32\*.dll /lockedfiles >

 
 <           >

[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2006.11.02 14:01:49 | 000,032,540 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.01.30 12:12:18 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000Core.job

[2011.01.30 12:12:20 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000UA.job

[2011.02.07 15:53:01 | 000,000,438 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for svenja.job

[2011.10.03 16:18:05 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2011.10.03 16:18:07 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[2012.11.21 11:38:12 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 24 bytes -> C:\Windows:0EA9150163ACD6C9

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
 

< End of report >

--- --- ---

[/CODE]

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:OTL

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3

@Alternate Data Stream - 24 bytes -> C:\Windows:0EA9150163ACD6C9

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Files

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Code:

All processes killed

========== OTL ==========

Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems

Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems

ADS C:\Windows:0EA9150163ACD6C9 deleted successfully.

ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.

========== FILES ==========
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\svenja\Desktop\cmd.bat deleted successfully.

C:\Users\svenja\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 58264 bytes

 

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: marcus

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 938 bytes

->Java cache emptied: 11829032 bytes

->FireFox cache emptied: 35765729 bytes

->Flash cache emptied: 6215 bytes

 

User: NeroMediaHomeUser.4

->Temp folder emptied: 14336 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Public

 

User: svenja

->Temp folder emptied: 60167662 bytes

->Temporary Internet Files folder emptied: 13276812 bytes

->Java cache emptied: 30391252 bytes

->FireFox cache emptied: 74426129 bytes

->Google Chrome cache emptied: 135161695 bytes

->Flash cache emptied: 61384 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1924422 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 44175592 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 322 bytes

RecycleBin emptied: 1209958434 bytes

 

Total Files Cleaned = 1.542,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.69.0 log created on 11292012_163612
 

Files\Folders moved on Reboot...

File\Folder C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp\etilqs_8lTBtiE07W0fqVjY5eWD not found!

File\Folder C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp\etilqs_8lTBtiE07W0fqVjY5eWD-journal not found!

File\Folder C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp\etilqs_Fba6A8Y2B092SS9dqjzc not found!

File\Folder C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp\etilqs_Fba6A8Y2B092SS9dqjzc-journal not found!
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Da ist alles sauber auch der ESET findet nix.
Öffnen eines neuen TAB in Crome bringt immer noch den MyStart IncrediBar.

Code:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.11.28.04
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16443

svenja :: MARCUS-PC [Administrator]
 

28.11.2012 10:57:19

mbam-log-2012-11-28 (10-57-19).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 296830

Laufzeit: 9 Minute(n), 41 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 1

HKCU\SOFTWARE\fcn (Rogue.Residue) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.

C:\$RECYCLE.BIN\S-1-5-21-1101760962-3014260797-1857789441-1000\$ROZ310I.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt.
 

(Ende)

Hier der ESET scan

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251A

# version=7

# iexplore.exe=9.00.8112.16443 (WIN7_IE9_GDR.120227-1545)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=4bfc3736d0c54140a0e1acf9d9aebf5b

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-11-29 04:26:09

# local_time=2012-11-29 05:26:09 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 112157 112157 0 0

# compatibility_mode=3589 16777213 100 74 6168 104868865 0 0

# compatibility_mode=5892 16776573 100 100 128858 191739097 0 0

# compatibility_mode=8192 67108863 100 0 4978 4978 0 0

# scanned=0

# found=0

# cleaned=0

# scan_time=0

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=9.00.8112.16443 (WIN7_IE9_GDR.120227-1545)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=4bfc3736d0c54140a0e1acf9d9aebf5b

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-11-29 04:26:52

# local_time=2012-11-29 05:26:52 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 112200 112200 0 0

# compatibility_mode=3589 16777213 100 74 6211 104868908 0 0

# compatibility_mode=5892 16776573 100 100 128901 191739140 0 0

# compatibility_mode=8192 67108863 100 0 5021 5021 0 0

# scanned=0

# found=0

# cleaned=0

# scan_time=0

Bitte die Funde mit Malwarebytes entfernen, diese npmieze ist dem adwCleaner und auch mir durch die Lappen gegangen :balla: :stirn:

... sind gelöscht. System ist neu gestartet. Leider ist der Feind immer noch nicht besiegt!!
Malwarebytes erklärt mir das alles sauber ist.

Eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Danke für Antworten:
Hier scan 1:

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 29.11.2012 20:27:40 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\svenja\Desktop\virenhilfe

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16443)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 34,45% Memory free

4,23 Gb Paging File | 2,29 Gb Available in Paging File | 54,04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 145,29 Gb Total Space | 5,31 Gb Free Space | 3,65% Space Free | Partition Type: NTFS

Drive D: | 931,51 Gb Total Space | 778,58 Gb Free Space | 83,58% Space Free | Partition Type: NTFS

Drive E: | 27,95 Gb Total Space | 5,33 Gb Free Space | 19,08% Space Free | Partition Type: NTFS

Drive G: | 144,99 Gb Total Space | 140,83 Gb Free Space | 97,13% Space Free | Partition Type: NTFS

Drive M: | 2,92 Gb Total Space | 2,52 Gb Free Space | 86,43% Space Free | Partition Type: FAT32

Drive Z: | 25,03 Gb Total Space | 14,32 Gb Free Space | 57,22% Space Free | Partition Type: NTFS

 

Computer Name: MARCUS-PC | User Name: svenja | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08536DB8-EFED-45FC-A02D-20D09B949555}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{191BB97F-1F56-4302-8D2F-3B367B608119}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{1DCBD641-858F-4603-B93D-A9F5204347F6}" = lport=5353 | protocol=17 | dir=in | name=bonjour | 

"{22C35255-67E8-4037-B35D-72F42021A19A}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 

"{2390C695-3DD2-4CD6-8D3D-38C9C9ECC31C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{29246363-80F1-4A68-94B8-F6DDD0600C62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{334ADE6D-0B4B-4CA6-927D-C0875B5DE836}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{384A093F-59C4-453C-968F-E1A4A7BB1C83}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{3A9AC520-A1D5-491A-BAE0-F0B88B668AB9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{3DCD8C5E-C23E-41E3-B567-BBDDBE8E5A91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{3FE8540D-C2F9-48DB-B46B-1690002C5B37}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{40E1EC9F-DEA8-4E85-8CEA-892AD04771A3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{43BC1D76-0FAC-43B8-8A5E-9D985D01339B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{43E5BB7A-C55F-48AB-97C9-7CD85F07A31C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{46F269EE-0BF1-4644-86A9-D325FCF37A95}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{4B6B3829-8D09-44AF-8B0C-43F89E277111}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 

"{4B885776-394B-4A1A-ADDA-96067DEBE98B}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | 

"{54AA5A65-ADAB-4553-A6F8-536BBBA14D9A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{565C2363-A69C-4102-A224-7E8BD36682C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{57945A54-5362-4D98-8181-20A4376D1247}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{5C91E23E-5326-4485-B954-B9C471DED6C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{6285F966-5ED7-4919-982F-9F7A573ED802}" = lport=80 | protocol=6 | dir=in | name=@wsmres.dll,-50 | 

"{6528A8A2-4D81-45B9-BDC8-2B72E391ED6F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{69FC29EA-24F4-48BF-8533-9A014DBD598F}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | 

"{741955B4-6B1A-463E-B261-DB5E93E8276A}" = lport=443 | protocol=6 | dir=in | app=system | 

"{76AC1EB3-724D-4DA0-B360-090ADB3D2F97}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{8136E266-2D2D-47D6-A457-F913F520C574}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{81835120-A9BD-461F-B2A9-781FD117E559}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{A458A880-10FD-4893-A16F-A7AF9CEB4108}" = lport=5985 | protocol=6 | dir=in | app=system | 

"{C3A2E10C-5D20-4B8F-814C-86CC21520AF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{C9B0CF4E-5CEB-49F0-B52D-4F4D42DF64E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{CBB6088A-8297-4547-8A5E-62557784CF49}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 

"{CFE48CEE-C95B-4DBA-9E2E-01785C15AC96}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{D25D804E-FFA0-4920-B789-13861689A469}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{E56221CD-17AA-47A8-97AA-40F0EB075EBC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E7359FD8-A8B6-44B5-949D-BCB013CE232F}" = rport=2869 | protocol=6 | dir=out | app=system | 

"{E76F592E-28E6-4A07-8658-F2C1E52F32C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{E8897DD6-4D48-4222-97F3-098502F787C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{F09076C6-CBF9-4908-860E-772FE1B34D12}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{F1CD9DB8-B8D0-4C40-B439-18594050264D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{F3A65183-3796-42B9-9F03-87558B8F86A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{FD6F36EF-1A1C-43AF-9B57-3257F8009D50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{002D24B5-D761-445A-86AD-CFF9C1577FD8}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 

"{03BA453A-8F85-42AF-8113-23B9E2FD1BEF}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 

"{05CEF03D-6CB1-4D47-B1F0-6874FEB9A097}" = protocol=6 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe | 

"{07F49A33-EA1F-4424-A7F8-E5B4EB0481C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 

"{081E0BEB-BD98-4702-9B9F-93B9EBAA2052}" = protocol=6 | dir=in | app=c:\vom netz\sweetimsetup.exe | 

"{10BF542E-1571-4394-9BE1-64929CF01EB9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 

"{129F1FA4-CE62-4BB9-8833-E11C0E448088}" = protocol=17 | dir=in | app=c:\users\svenja\appdata\roaming\dropbox\bin\dropbox.exe | 

"{19C6FEFD-684E-42CC-AFDE-029F9F4B0C21}" = dir=in | app=c:\program files\plex\plex media server\plexscripthost.exe | 

"{1C0EB877-E24E-4010-BDF4-B1599AD213D3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 

"{1F55E9D4-661C-4404-89A0-96008016FE47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{20375182-38E6-4E1C-A8C4-41E9A7B6F62E}" = protocol=6 | dir=out | app=system | 

"{215F590F-5B1C-44DA-AD46-14CE87540024}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{24CFB005-DEE4-46B5-B4EA-03F3FE9C556C}" = protocol=6 | dir=in | app=c:\users\svenja\appdata\local\temp\~osaca.tmp\rlvknlg.exe | 

"{2578E8DE-CFA9-4F3E-A060-16538F446660}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 

"{2687DDAD-A6E2-494A-8F21-099AE7264283}" = protocol=6 | dir=in | app=c:\users\svenja\appdata\local\temp\~os385f.tmp\rlvknlg.exe | 

"{28494D01-0BE9-4C6F-B7EE-61F2616971F9}" = protocol=17 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe | 

"{297E8973-1203-40AC-B77F-6655DE8DC8FC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 

"{2C90699A-3B6A-4223-A8ED-B64F3A95EB74}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{399E14E9-4A2E-4B68-B4E0-C5DA43E8B0C3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{3AFE02E1-51D4-426D-A426-DCE103C2ACFF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{3BC41F96-35EF-48D7-8681-3A7F67D7CD0E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 

"{3D7669BE-0E24-48F3-A1E8-68FE15C11F6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{448C884D-9C3B-4D1F-B56F-A01ABC6A4934}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{47BBE321-0746-4C60-A168-017F9CA2BDAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{47C19629-6E36-49A3-B09D-2EF7784C7155}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{492F6C7B-A171-4F4B-8831-349990E6AE1E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{4ACBDF40-A39E-486B-9B4A-DB81F0837F11}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 

"{5226AFB9-6699-4D4B-97F9-FC5F59FE1FD3}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | 

"{54EBCB13-0808-4BC1-ADCF-DF1D5A5B46A5}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{5A70F94A-105D-40C2-97DE-85A806218C38}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 

"{5D91FFF9-DB47-4DD0-AACE-E2DFD92F105D}" = dir=in | app=c:\program files\plex\plex media server\plex media server.exe | 

"{5DD3E674-A2E7-4906-B5D5-8ED6F33931F4}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{5ED25AF0-5BFE-433B-A303-F847DFE9951A}" = protocol=17 | dir=in | app=c:\users\svenja\desktop\utorrent3.0.25824.exe | 

"{5FD03B99-5C2B-48C0-99E5-53289EF351DE}" = dir=in | app=c:\users\svenja\appdata\local\temp\7zs1335\ojprol7x00_full_14\setup\hpznui01.exe | 

"{6C189DA3-07B1-4E47-AE3E-267C62FE2082}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 

"{729513A1-F720-40D4-A283-547EEBCA323D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 

"{75D77709-406A-4759-AA18-FA7876E8DC8F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{7835158C-35B9-4F64-BCC9-D826A19CCE84}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{7D9C011D-A8A8-47B1-8530-5B6C5393ADD1}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 

"{7E3C3CBF-1760-4AF2-89B5-D46448613695}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe | 

"{7E82C38B-DFF1-4FA7-A2F2-06BC80F07D01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 

"{7EBF7B25-1A03-4C75-97DD-2041A3DF2E0C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 

"{83894BCD-1D1F-4659-9E8C-DDD892D2826E}" = protocol=6 | dir=in | app=c:\users\svenja\appdata\local\temp\~osf5f3.tmp\rlvknlg.exe | 

"{89BA6C3D-FFFB-4C9F-9855-AB259D4C0900}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 

"{95C11D56-245E-4D5E-B00D-E986C8DCAF98}" = protocol=6 | dir=out | app=system | 

"{96BAA83E-5001-4FDD-846A-95CA2488B61E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{9BD233D5-0E5F-448D-8B0B-763AE368F591}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 

"{9D1BB89D-E0CA-44A6-ACD3-BCAA544A5016}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{9D56C2EC-B20D-47AF-A9BA-EA5E616973FA}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 

"{9E275455-F0CE-4B8C-BF56-8D7B5944B7AB}" = protocol=6 | dir=out | app=system | 

"{9E4455D6-E512-4864-92DD-C362ADC62AED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 

"{9E6F4C3F-8D81-43E4-A83E-F376EE5C393C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 

"{A2EE3311-10E7-4BEB-8803-74805BDD7F89}" = protocol=6 | dir=in | app=c:\users\svenja\appdata\roaming\dropbox\bin\dropbox.exe | 

"{A4F37CAD-FA8D-4816-A6E7-7073E2ABE428}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{AA5C34BA-43DD-4EA0-A8DA-21055319EF68}" = dir=in | app=c:\program files\airport\apagent.exe | 

"{B5341F01-70D9-4527-A104-63251064149F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{B6F3C0AC-80E2-464A-B2F0-7A4DA41C5D04}" = protocol=6 | dir=in | app=c:\users\svenja\appdata\local\temp\~os32a1.tmp\rlvknlg.exe | 

"{B79CED2B-4466-4EA4-A927-C2DBE5FDCD96}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 

"{B994362C-93CC-4823-A85C-269A0ECCCDA5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{BD1A823F-1118-4A5A-8C4E-54B985E84861}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{BEE84946-E708-4387-AAE5-FBB10A5DE5A4}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe | 

"{C834180D-9562-4073-A8BB-3002443B98E0}" = protocol=6 | dir=in | app=c:\users\svenja\appdata\local\temp\~os282b.tmp\rlvknlg.exe | 

"{CA307F78-2C9A-45B3-AD66-75FC79FEE0BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CCC29103-CC88-4AB7-B5D4-3E1BC646C809}" = protocol=6 | dir=in | app=c:\users\svenja\desktop\utorrent3.0.25824.exe | 

"{D016C6B1-7A70-444B-A599-652AEB61E077}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{D2B293E2-6212-4685-AD85-B3EECFC415F8}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 

"{D3CDD78D-61B8-44FB-8B96-ECBC88B50208}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 

"{D6B22163-F749-47E0-AE1E-172E3CA51CC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D7EE14DE-CE0F-4D76-8F10-E5465267D7E8}" = dir=in | app=c:\program files\seagate\seagate dashboard\hipservagent\hipservagent.exe | 

"{D8BC3EA4-7995-421E-BB93-319CD5EB069C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 

"{D97F3316-AACF-4A99-88D3-ED0297730B7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{DD4E7253-FFE7-4555-8C13-E208E30BC35E}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | 

"{E0005122-201E-434F-938F-666A6E9AE903}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 

"{E35EA6ED-BC30-42EA-864E-79F98B2224E3}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{E5CD996F-3374-4D72-9033-3BD7B031782F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{E614E50E-1319-47F9-AC9D-DD517481AA3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{E7BCE766-BB13-45B8-B5A8-D8774285AAC4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 

"{E8D1A4BF-5849-4828-8681-7B98B29D36FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{EF4B5ECA-7D4D-4F7B-A177-D0FD682F2085}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 

"{F7C177A1-C38D-4224-9015-089B73C12D61}" = protocol=17 | dir=in | app=c:\vom netz\sweetimsetup.exe | 

"{F853CED2-FB7B-4B50-B6D1-F7901F8508DF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 

"{FF70698A-0B01-4295-B445-36400EB2E276}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"TCP Query User{8835CF19-2F44-4A1E-AA7C-E8EB5735BA13}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe | 

"UDP Query User{C3AFAD26-3FCB-4D31-97B0-A574B39C8029}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager

"{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware

"{04DB9640-A905-456C-96F5-F1EB80FEB5C9}" = ProductContext

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network

"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"{15fba87b-db4b-4c93-a984-ac188ea4b530}" = Nero MediaHome 4 Essentials

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5

"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1

"{24F419C0-0A9A-47A3-9716-97ADDE5A37FA}" = OTClient93

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2E542A61-BE29-5305-219B-08EE4860C238}" = SignageStudio

"{32054443-8E78-423A-8335-D590F40DD5E9}" = Plex Media Server

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works

"{4EF35707-7052-4331-B8FD-549DB3922AD7}" = TMPGEnc DVD Author 3 with DivX Authoring

"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{69fc3b9a-4149-43db-a557-6ed0c8d8ba44}" = Nero MediaHome 4 Help

"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit

"{6D6DC23A-D4EE-4869-94C0-72D9EE288885}" = YouSendIt Desktop App

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7125B6E7-2BC8-4AE6-94FA-30F0C655CBC1}" = OTClient91

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud

"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel

"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax

"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour

"{9615E45B-7670-4D17-9ED5-28B9E936EEDD}" = 7500_7600_7700_Help1

"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2

"{99ef387e-633e-4cfb-bfa3-ab961b685ddf}" = Nero MediaHome 4

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}" = HP OfficeJet L7300/L7500/7600/7700

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B5A4C902-1636-48DB-8E38-F0DB102DDB59}" = MPM

"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BD312050-9D98-4F71-ADCD-25EC037C05FD}" = StarMoney

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard

"{C4CC491B-5E85-4E96-8911-DF425893DF4A}" = L7500

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management

"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade

"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update

"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{EC899917-C880-1017-8CB7-B932BD009007}" = DNE Update

"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F8A9F4D7-4EC8-4E28-9B01-4CF74C812BF2}" = StarMoney

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components

"7-Zip" = 7-Zip 4.65

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AnyDVD" = AnyDVD

"Ashampoo Undeleter_is1" = Ashampoo Undeleter v.1.00

"AudibleManager" = AudibleManager

"AVMFBox" = AVM FRITZ!Box Dokumentation

"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss

"bi_uninstaller" = PDFCreator Uninstaller

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"DD4F47DF-6540-4BDA-BEAD-2B19250B0C48_is1" = FLAC to MP3 Converter 6.1.2

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"DVDx_is1" = DVDx

"E.M. DVD Copy_is1" = E.M. DVD Copy 2.51

"FastStone Image Viewer" = FastStone Image Viewer 4.0

"FileZilla Client" = FileZilla Client 3.2.7.1

"Fotosizer" = Fotosizer 1.29

"FTDICOMM" = SEMC DSS SyncStation Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"HPOCR" = OCR Software by I.R.I.S. 14.0

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"iPhoneSMSExport" = iPhoneSMSExport

"MAGIX Filme für unterwegs 2 D" = MAGIX Filme für unterwegs 2 2.0.0.16 (D)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"medbarri" = Favorit

"Mediencenter Software" = Mediencenter Assistent

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)

"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"N360" = Norton 360

"NBRTWizard" = Norton Bootable Recovery Tool Wizard

"NSS" = Norton Security Scan

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"PunkBusterSvc" = PunkBuster Services

"SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1" = SignageStudio

"SysInfo" = Creative Systeminformationen

"uTorrent" = µTorrent

"VLC media player" = VLC media player 0.9.8a

"WePrint" = WePrint

"XMedia Recode" = XMedia Recode 3.0.6.0

"ZENcast Organizer" = ZENcast Organizer

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

"JoinMe" = join.me

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 20 Event Log Errors ==========

 

[ OSession Events ]

Error - 03.02.2011 12:59:07 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1664215

 seconds with 3300 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 29.11.2012 13:17:03 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der

 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 29.11.2012 13:23:11 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der

 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 29.11.2012 13:28:46 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der

 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 29.11.2012 13:34:51 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der

 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 29.11.2012 13:41:20 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der

 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 29.11.2012 13:47:21 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der

 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 29.11.2012 13:53:10 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der

 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 29.11.2012 13:58:47 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der

 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 29.11.2012 14:04:57 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der

 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

Error - 29.11.2012 14:30:09 | Computer Name = Marcus-PC | Source = netbt | ID = 4321

Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit

 IP-Adresse 169.254.245.224  registriert werden. Der Computer mit IP-Adresse 169.254.1.1

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

 

< End of report >

--- --- ---

OLT Text
OTL Logfile:

Code:

OTL logfile created on: 29.11.2012 20:27:40 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\svenja\Desktop\virenhilfe

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16443)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 34,45% Memory free

4,23 Gb Paging File | 2,29 Gb Available in Paging File | 54,04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 145,29 Gb Total Space | 5,31 Gb Free Space | 3,65% Space Free | Partition Type: NTFS

Drive D: | 931,51 Gb Total Space | 778,58 Gb Free Space | 83,58% Space Free | Partition Type: NTFS

Drive E: | 27,95 Gb Total Space | 5,33 Gb Free Space | 19,08% Space Free | Partition Type: NTFS

Drive G: | 144,99 Gb Total Space | 140,83 Gb Free Space | 97,13% Space Free | Partition Type: NTFS

Drive M: | 2,92 Gb Total Space | 2,52 Gb Free Space | 86,43% Space Free | Partition Type: FAT32

Drive Z: | 25,03 Gb Total Space | 14,32 Gb Free Space | 57,22% Space Free | Partition Type: NTFS

 

Computer Name: MARCUS-PC | User Name: svenja | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\svenja\Desktop\virenhilfe\OTL (1).exe (OldTimer Tools)

PRC - C:\Programme\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

PRC - C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)

PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

PRC - C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)

PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)

PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

PRC - C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\OpenTable\Client_10_1\OTClient.exe (OpenTable)

PRC - C:\Programme\WePrint\WePrint Server.exe (EuroSmartz Ltd)

PRC - C:\Programme\Norton 360\Engine\6.4.0.9\ccsvchst.exe (Symantec Corporation)

PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)

PRC - C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)

PRC - C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)

PRC - C:\Programme\Memeo\AutoBackup\MemeoUpdater.exe (Memeo Inc.)

PRC - C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)

PRC - C:\Programme\Memeo\AutoBackup\InstantBackup.exe ()

PRC - C:\Programme\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

PRC - C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

PRC - C:\Programme\MultiScreen\MultiScreen.exe ()

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()

PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll ()

MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()

MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()

MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()

MOD - C:\OpenTable\Client_10_1\ERBS.dll ()

MOD - C:\Windows\Downloaded Program Files\OTSI.ocx ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Programme\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll ()

MOD - C:\Programme\Memeo\AutoBackup\Memeo.Client.UI.dll ()

MOD - C:\Programme\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()

MOD - C:\Programme\Memeo\AutoBackup\InstantBackup.exe ()

MOD - C:\Programme\DivX\DivX Plus Web Player\libxml2.dll ()

MOD - C:\Programme\Memeo\AutoBackup\sqlite3.dll ()

MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Programme\MultiScreen\MultiScreen.exe ()

MOD - C:\Programme\MultiScreen\MGResGer.dll ()

MOD - C:\Programme\MultiScreen\MultiMon.dll ()

MOD - C:\Programme\MultiScreen\ServiceHook.dll ()

MOD - C:\Acer\Empowering Technology\SysMonitor.exe ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (LMIMaint) -- C:\Programme\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

SRV - (LMIGuardianSvc) -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)

SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (N360) -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe (Symantec Corporation)

SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (MCSWASVR) -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)

SRV - (SeagateDashboardService) -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)

SRV - (MemeoBackgroundService) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)

SRV - (LogMeIn) -- C:\Programme\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)

SRV - (NeroMediaHomeService.4) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found

DRV - (rvtnuun) -- C:\Windows\System32\drivers\lydajwmb.sys ()

DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121106.001\BHDrvx86.sys (Symantec Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121129.003\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121129.003\NAVENG.SYS (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121128.001\IDSvix86.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys (Symantec Corporation)

DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys (Symantec Corporation)

DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)

DRV - (SYMTDIv) -- C:\Windows\System32\drivers\N360\0604000.009\symtdiv.sys (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys (Symantec Corporation)

DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)

DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (LMIInfo) -- C:\Programme\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek Semiconductor Corporation                           )

DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)

DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)

DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)

DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)

DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)

DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)

DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)

DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)

DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)

DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)

DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)

DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)

DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)

DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)

DRV - (FTLUND) -- C:\Windows\System32\drivers\ftlund.sys (FTDI Ltd.)

DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://otanywhere.opentable.de/login.aspx

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://otanywhere.opentable.de/login.asp?dc=1&otaver=9828

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes,DefaultScope = {194C6A87-273C-4675-AFEC-CEED5412A375}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0

FF - prefs.js..extensions.enabledItems: 

FF - prefs.js..extensions.enabledItems: 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_131.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.08.05 15:48:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.11.29 16:46:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.07 13:04:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.07 13:04:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.28 10:34:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.29 17:09:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.19 11:26:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]

 

[2008.06.23 20:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Extensions

[2012.11.28 21:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions

[2010.06.12 19:38:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.05.15 08:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash

[2012.11.15 11:08:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.11.28 11:32:51 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\firefox\profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.11.15 08:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.11.28 10:34:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://google.de/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: hxxp://google.de/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll

CHR - plugin: Perion plugin (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - Extension: DivX HiQ = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\

CHR - Extension: New tab for Chrome\u2122 = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

CHR - Extension: Norton Identity Protection = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\

 

O1 HOSTS File: ([2012.11.29 16:38:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()

O4 - HKLM..\Run: [Acer Tour]  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)

O4 - HKLM..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()

O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found

O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()

O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk = C:\Programme\WePrint\WePrint Server.exe (EuroSmartz Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Domains: fritz.box ([]* in Local intranet)

O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Ranges: Range1 ([*] in Local intranet)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {A378EEF8-4E41-4BC4-8CBC-1ACB8686CC1D} https://otanywhere.opentable.de/download/PlugIn/OTSI.CAB (OTSysInfo Object)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989AD318-57BC-47A0-961F-6C696470C3D7}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010.02.15 05:53:50 | 000,000,027 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2002.08.14 12:42:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{a43d5708-9b6b-11dd-815e-001d92a603f0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe BÜRO_1.vbs

O33 - MountPoints2\{ccf0b438-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe

O33 - MountPoints2\{ccf0b43f-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe

O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun

O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a

O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun

O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.29 17:14:51 | 000,000,000 | ---D | C] -- C:\Users\svenja\Desktop\virenhilfe

[2012.11.29 16:36:12 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.11.28 20:55:29 | 016,363,448 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe

[2012.11.28 11:16:54 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012.11.28 11:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012.11.28 10:56:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Malwarebytes

[2012.11.28 10:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.11.28 10:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.11.28 10:56:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.11.28 10:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.11.28 10:44:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\Macromedia

[2012.11.22 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1

[2012.11.22 11:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\SignageStudio

[2012.11.22 11:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2012.11.22 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\TeamViewer

[2012.11.22 08:30:53 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org

[2012.11.21 20:45:39 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1

[2012.11.21 20:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2012.11.21 11:38:09 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.11.19 11:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.11.19 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

[2012.11.19 11:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.11.19 11:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.11.19 11:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2012.11.19 11:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012.11.15 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\join.me

[2012.11.15 09:04:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.11.15 09:04:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.11.15 09:04:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012.11.15 09:04:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012.11.15 09:04:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.11.15 09:04:44 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012.11.15 09:04:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.11.15 09:04:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.11.15 08:49:07 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012.11.15 08:48:29 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll

[2012.11.15 08:43:22 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\pdfforge

[2012.11.09 10:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator

[2012.11.09 10:13:32 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX

[2012.11.09 10:13:31 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll

[2012.11.09 10:13:30 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL

[2012.11.09 10:13:30 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL

[2012.11.09 10:13:29 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL

[2012.11.09 10:13:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL

[2012.11.09 10:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator

[2012.11.09 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\svenja\Local Settings

[2012.11.09 10:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Perion

[2012.11.09 10:01:21 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll

[2012.11.09 10:01:21 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll

[2012.11.09 10:01:21 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll

[2012.11.08 11:18:57 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\convert

[2012.11.08 10:39:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneSMSExport

[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPhoneSMSExport

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.29 20:20:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000UA.job

[2012.11.29 19:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.11.29 19:53:19 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.11.29 19:20:10 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000Core.job

[2012.11.29 18:44:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.29 18:44:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.29 17:18:40 | 000,002,721 | ---- | M] () -- C:\Users\svenja\Desktop\Microsoft Outlook.lnk

[2012.11.29 17:16:29 | 000,000,099 | ---- | M] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat

[2012.11.29 17:09:08 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lydajwmb.sys

[2012.11.29 16:51:10 | 000,628,524 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.11.29 16:51:10 | 000,595,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.11.29 16:51:10 | 000,103,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.11.29 16:51:09 | 000,126,074 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.11.29 16:45:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.11.29 16:44:25 | 000,326,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.11.29 16:44:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.11.29 16:43:23 | 2146,652,160 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.29 16:38:35 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2012.11.28 20:55:47 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.11.28 20:55:47 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.11.28 20:55:31 | 016,363,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe

[2012.11.28 17:15:09 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for svenja.job

[2012.11.28 12:25:05 | 000,002,090 | ---- | M] () -- C:\Users\svenja\Desktop\Google Chrome.lnk

[2012.11.22 11:07:54 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\SignageStudio.lnk

[2012.11.21 20:45:40 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk

[2012.11.21 19:57:15 | 000,002,623 | ---- | M] () -- C:\Users\svenja\Desktop\Microsoft Word.lnk

[2012.11.19 11:26:25 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012.11.19 11:17:59 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.11.17 21:55:06 | 000,427,829 | ---- | M] () -- C:\Users\svenja\silvestermailing2012.pdf

[2012.11.15 12:29:52 | 000,000,907 | ---- | M] () -- C:\Users\svenja\Desktop\join.me.lnk

[2012.11.15 08:51:09 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.11.09 10:13:39 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk

[2012.11.09 08:19:02 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\OTLauncher.lnk

[2012.11.08 10:52:19 | 000,000,021 | ---- | M] () -- C:\Users\svenja\AppData\Local\mc.pixel.data

[2012.11.07 09:47:35 | 000,083,912 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll

[2012.11.07 09:47:34 | 000,092,072 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll

[2012.11.07 09:47:34 | 000,031,144 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll

[2012.11.05 08:41:45 | 000,000,905 | ---- | M] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.11.29 17:09:08 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lydajwmb.sys

[2012.11.22 11:08:06 | 000,000,099 | ---- | C] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat

[2012.11.22 11:07:54 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SignageStudio.lnk

[2012.11.22 11:07:53 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\SignageStudio.lnk

[2012.11.21 20:45:40 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk

[2012.11.21 11:38:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.11.17 21:55:06 | 000,427,829 | ---- | C] () -- C:\Users\svenja\silvestermailing2012.pdf

[2012.11.15 12:29:52 | 000,000,907 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk

[2012.11.15 12:29:50 | 000,000,907 | ---- | C] () -- C:\Users\svenja\Desktop\join.me.lnk

[2012.11.15 08:51:08 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.11.15 08:51:08 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.11.09 10:13:39 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk

[2012.11.09 08:19:02 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\OTLauncher.lnk

[2012.11.05 08:41:44 | 000,000,905 | ---- | C] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk

[2012.08.25 10:33:41 | 000,003,730 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\wklnhst.dat

[2011.12.18 15:25:02 | 000,094,564 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2011.12.05 18:21:29 | 000,000,600 | ---- | C] () -- C:\Users\svenja\AppData\Local\PUTTY.RND

[2011.11.06 14:23:06 | 000,273,500 | ---- | C] () -- C:\Windows\hpwins05.dat

[2011.11.06 14:23:06 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat

[2011.10.22 23:09:14 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011.10.22 23:09:13 | 000,138,056 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\PnkBstrK.sys

[2011.10.22 23:08:58 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2011.10.22 23:08:41 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2011.09.18 08:46:54 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini

[2011.09.18 08:45:16 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll

[2011.09.18 08:45:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll

[2011.08.15 07:03:39 | 000,274,115 | ---- | C] () -- C:\Windows\hpwins05.dat.temp

[2011.08.15 06:59:15 | 000,000,725 | ---- | C] () -- C:\Windows\wsnk.ini

[2011.08.08 20:28:49 | 000,000,021 | ---- | C] () -- C:\Users\svenja\AppData\Local\mc.pixel.data

[2011.08.01 09:19:15 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp

[2011.05.04 07:35:40 | 000,000,680 | ---- | C] () -- C:\Users\svenja\AppData\Local\d3d9caps.dat

[2011.04.11 18:32:36 | 000,001,940 | ---- | C] () -- C:\Users\svenja\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011.01.17 09:45:42 | 000,498,666 | ---- | C] () -- C:\Users\svenja\Basil 1.mp3

[2010.12.19 19:19:14 | 000,000,054 | ---- | C] () -- C:\Windows\System32\opentable.ini

[2009.06.25 19:49:47 | 000,000,092 | ---- | C] () -- C:\Users\svenja\AppData\Local\cuyyo.bat

[2009.06.02 09:47:50 | 000,024,206 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\UserTile.png

[2009.01.14 18:55:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2008.09.21 12:12:15 | 000,015,872 | ---- | C] () -- C:\Users\svenja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.07.20 15:57:10 | 000,001,891 | ---- | C] () -- C:\Users\svenja\ZENcast Organizer.lnk

[2008.07.20 15:56:45 | 000,000,124 | ---- | C] () -- C:\Users\svenja\ZEN Media Explorer.lnk

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

--- --- ---

OLT Text
OTL Logfile:

Code:

OTL logfile created on: 29.11.2012 20:27:40 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\svenja\Desktop\virenhilfe

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16443)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 34,45% Memory free

4,23 Gb Paging File | 2,29 Gb Available in Paging File | 54,04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 145,29 Gb Total Space | 5,31 Gb Free Space | 3,65% Space Free | Partition Type: NTFS

Drive D: | 931,51 Gb Total Space | 778,58 Gb Free Space | 83,58% Space Free | Partition Type: NTFS

Drive E: | 27,95 Gb Total Space | 5,33 Gb Free Space | 19,08% Space Free | Partition Type: NTFS

Drive G: | 144,99 Gb Total Space | 140,83 Gb Free Space | 97,13% Space Free | Partition Type: NTFS

Drive M: | 2,92 Gb Total Space | 2,52 Gb Free Space | 86,43% Space Free | Partition Type: FAT32

Drive Z: | 25,03 Gb Total Space | 14,32 Gb Free Space | 57,22% Space Free | Partition Type: NTFS

 

Computer Name: MARCUS-PC | User Name: svenja | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\svenja\Desktop\virenhilfe\OTL (1).exe (OldTimer Tools)

PRC - C:\Programme\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

PRC - C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)

PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

PRC - C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)

PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)

PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

PRC - C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\OpenTable\Client_10_1\OTClient.exe (OpenTable)

PRC - C:\Programme\WePrint\WePrint Server.exe (EuroSmartz Ltd)

PRC - C:\Programme\Norton 360\Engine\6.4.0.9\ccsvchst.exe (Symantec Corporation)

PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)

PRC - C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)

PRC - C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)

PRC - C:\Programme\Memeo\AutoBackup\MemeoUpdater.exe (Memeo Inc.)

PRC - C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)

PRC - C:\Programme\Memeo\AutoBackup\InstantBackup.exe ()

PRC - C:\Programme\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

PRC - C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

PRC - C:\Programme\MultiScreen\MultiScreen.exe ()

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()

PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll ()

MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()

MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()

MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()

MOD - C:\OpenTable\Client_10_1\ERBS.dll ()

MOD - C:\Windows\Downloaded Program Files\OTSI.ocx ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Programme\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll ()

MOD - C:\Programme\Memeo\AutoBackup\Memeo.Client.UI.dll ()

MOD - C:\Programme\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()

MOD - C:\Programme\Memeo\AutoBackup\InstantBackup.exe ()

MOD - C:\Programme\DivX\DivX Plus Web Player\libxml2.dll ()

MOD - C:\Programme\Memeo\AutoBackup\sqlite3.dll ()

MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Programme\MultiScreen\MultiScreen.exe ()

MOD - C:\Programme\MultiScreen\MGResGer.dll ()

MOD - C:\Programme\MultiScreen\MultiMon.dll ()

MOD - C:\Programme\MultiScreen\ServiceHook.dll ()

MOD - C:\Acer\Empowering Technology\SysMonitor.exe ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (LMIMaint) -- C:\Programme\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

SRV - (LMIGuardianSvc) -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)

SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (N360) -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe (Symantec Corporation)

SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (MCSWASVR) -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)

SRV - (SeagateDashboardService) -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)

SRV - (MemeoBackgroundService) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)

SRV - (LogMeIn) -- C:\Programme\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)

SRV - (NeroMediaHomeService.4) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found

DRV - (rvtnuun) -- C:\Windows\System32\drivers\lydajwmb.sys ()

DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121106.001\BHDrvx86.sys (Symantec Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121129.003\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121129.003\NAVENG.SYS (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121128.001\IDSvix86.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys (Symantec Corporation)

DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys (Symantec Corporation)

DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)

DRV - (SYMTDIv) -- C:\Windows\System32\drivers\N360\0604000.009\symtdiv.sys (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys (Symantec Corporation)

DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)

DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (LMIInfo) -- C:\Programme\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek Semiconductor Corporation                           )

DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)

DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)

DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)

DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)

DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)

DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)

DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)

DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)

DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)

DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)

DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)

DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)

DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)

DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)

DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)

DRV - (FTLUND) -- C:\Windows\System32\drivers\ftlund.sys (FTDI Ltd.)

DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://otanywhere.opentable.de/login.aspx

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://otanywhere.opentable.de/login.asp?dc=1&otaver=9828

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes,DefaultScope = {194C6A87-273C-4675-AFEC-CEED5412A375}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0

FF - prefs.js..extensions.enabledItems: 

FF - prefs.js..extensions.enabledItems: 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_131.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.08.05 15:48:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.11.29 16:46:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.07 13:04:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.07 13:04:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.28 10:34:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.29 17:09:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.19 11:26:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]

 

[2008.06.23 20:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Extensions

[2012.11.28 21:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions

[2010.06.12 19:38:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.05.15 08:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash

[2012.11.15 11:08:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.11.28 11:32:51 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\firefox\profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.11.15 08:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.11.28 10:34:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://google.de/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: hxxp://google.de/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll

CHR - plugin: Perion plugin (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - Extension: DivX HiQ = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\

CHR - Extension: New tab for Chrome\u2122 = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

CHR - Extension: Norton Identity Protection = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\

 

O1 HOSTS File: ([2012.11.29 16:38:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()

O4 - HKLM..\Run: [Acer Tour]  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)

O4 - HKLM..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()

O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found

O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()

O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()

O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk = C:\Programme\WePrint\WePrint Server.exe (EuroSmartz Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Domains: fritz.box ([]* in Local intranet)

O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Ranges: Range1 ([*] in Local intranet)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {A378EEF8-4E41-4BC4-8CBC-1ACB8686CC1D} https://otanywhere.opentable.de/download/PlugIn/OTSI.CAB (OTSysInfo Object)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989AD318-57BC-47A0-961F-6C696470C3D7}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010.02.15 05:53:50 | 000,000,027 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2002.08.14 12:42:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{a43d5708-9b6b-11dd-815e-001d92a603f0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe BÜRO_1.vbs

O33 - MountPoints2\{ccf0b438-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe

O33 - MountPoints2\{ccf0b43f-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe

O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun

O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a

O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun

O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.29 17:14:51 | 000,000,000 | ---D | C] -- C:\Users\svenja\Desktop\virenhilfe

[2012.11.29 16:36:12 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.11.28 20:55:29 | 016,363,448 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe

[2012.11.28 11:16:54 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012.11.28 11:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012.11.28 10:56:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Malwarebytes

[2012.11.28 10:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.11.28 10:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.11.28 10:56:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.11.28 10:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.11.28 10:44:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\Macromedia

[2012.11.22 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1

[2012.11.22 11:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\SignageStudio

[2012.11.22 11:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2012.11.22 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\TeamViewer

[2012.11.22 08:30:53 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org

[2012.11.21 20:45:39 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1

[2012.11.21 20:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2012.11.21 11:38:09 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.11.19 11:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.11.19 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

[2012.11.19 11:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.11.19 11:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.11.19 11:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2012.11.19 11:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012.11.15 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\join.me

[2012.11.15 09:04:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.11.15 09:04:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.11.15 09:04:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012.11.15 09:04:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012.11.15 09:04:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.11.15 09:04:44 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012.11.15 09:04:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.11.15 09:04:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.11.15 08:49:07 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012.11.15 08:48:29 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll

[2012.11.15 08:43:22 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\pdfforge

[2012.11.09 10:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator

[2012.11.09 10:13:32 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX

[2012.11.09 10:13:31 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll

[2012.11.09 10:13:30 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL

[2012.11.09 10:13:30 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL

[2012.11.09 10:13:29 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL

[2012.11.09 10:13:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL

[2012.11.09 10:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator

[2012.11.09 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\svenja\Local Settings

[2012.11.09 10:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Perion

[2012.11.09 10:01:21 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll

[2012.11.09 10:01:21 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll

[2012.11.09 10:01:21 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll

[2012.11.08 11:18:57 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\convert

[2012.11.08 10:39:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneSMSExport

[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPhoneSMSExport

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.29 20:20:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000UA.job

[2012.11.29 19:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.11.29 19:53:19 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.11.29 19:20:10 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000Core.job

[2012.11.29 18:44:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.29 18:44:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.29 17:18:40 | 000,002,721 | ---- | M] () -- C:\Users\svenja\Desktop\Microsoft Outlook.lnk

[2012.11.29 17:16:29 | 000,000,099 | ---- | M] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat

[2012.11.29 17:09:08 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lydajwmb.sys

[2012.11.29 16:51:10 | 000,628,524 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.11.29 16:51:10 | 000,595,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.11.29 16:51:10 | 000,103,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.11.29 16:51:09 | 000,126,074 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.11.29 16:45:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.11.29 16:44:25 | 000,326,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.11.29 16:44:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.11.29 16:43:23 | 2146,652,160 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.29 16:38:35 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2012.11.28 20:55:47 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.11.28 20:55:47 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.11.28 20:55:31 | 016,363,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe

[2012.11.28 17:15:09 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for svenja.job

[2012.11.28 12:25:05 | 000,002,090 | ---- | M] () -- C:\Users\svenja\Desktop\Google Chrome.lnk

[2012.11.22 11:07:54 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\SignageStudio.lnk

[2012.11.21 20:45:40 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk

[2012.11.21 19:57:15 | 000,002,623 | ---- | M] () -- C:\Users\svenja\Desktop\Microsoft Word.lnk

[2012.11.19 11:26:25 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012.11.19 11:17:59 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.11.17 21:55:06 | 000,427,829 | ---- | M] () -- C:\Users\svenja\silvestermailing2012.pdf

[2012.11.15 12:29:52 | 000,000,907 | ---- | M] () -- C:\Users\svenja\Desktop\join.me.lnk

[2012.11.15 08:51:09 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.11.09 10:13:39 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk

[2012.11.09 08:19:02 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\OTLauncher.lnk

[2012.11.08 10:52:19 | 000,000,021 | ---- | M] () -- C:\Users\svenja\AppData\Local\mc.pixel.data

[2012.11.07 09:47:35 | 000,083,912 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll

[2012.11.07 09:47:34 | 000,092,072 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll

[2012.11.07 09:47:34 | 000,031,144 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll

[2012.11.05 08:41:45 | 000,000,905 | ---- | M] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.11.29 17:09:08 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lydajwmb.sys

[2012.11.22 11:08:06 | 000,000,099 | ---- | C] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat

[2012.11.22 11:07:54 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SignageStudio.lnk

[2012.11.22 11:07:53 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\SignageStudio.lnk

[2012.11.21 20:45:40 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk

[2012.11.21 11:38:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.11.17 21:55:06 | 000,427,829 | ---- | C] () -- C:\Users\svenja\silvestermailing2012.pdf

[2012.11.15 12:29:52 | 000,000,907 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk

[2012.11.15 12:29:50 | 000,000,907 | ---- | C] () -- C:\Users\svenja\Desktop\join.me.lnk

[2012.11.15 08:51:08 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.11.15 08:51:08 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.11.09 10:13:39 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk

[2012.11.09 08:19:02 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\OTLauncher.lnk

[2012.11.05 08:41:44 | 000,000,905 | ---- | C] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk

[2012.08.25 10:33:41 | 000,003,730 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\wklnhst.dat

[2011.12.18 15:25:02 | 000,094,564 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2011.12.05 18:21:29 | 000,000,600 | ---- | C] () -- C:\Users\svenja\AppData\Local\PUTTY.RND

[2011.11.06 14:23:06 | 000,273,500 | ---- | C] () -- C:\Windows\hpwins05.dat

[2011.11.06 14:23:06 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat

[2011.10.22 23:09:14 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011.10.22 23:09:13 | 000,138,056 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\PnkBstrK.sys

[2011.10.22 23:08:58 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2011.10.22 23:08:41 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2011.09.18 08:46:54 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini

[2011.09.18 08:45:16 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll

[2011.09.18 08:45:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll

[2011.08.15 07:03:39 | 000,274,115 | ---- | C] () -- C:\Windows\hpwins05.dat.temp

[2011.08.15 06:59:15 | 000,000,725 | ---- | C] () -- C:\Windows\wsnk.ini

[2011.08.08 20:28:49 | 000,000,021 | ---- | C] () -- C:\Users\svenja\AppData\Local\mc.pixel.data

[2011.08.01 09:19:15 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp

[2011.05.04 07:35:40 | 000,000,680 | ---- | C] () -- C:\Users\svenja\AppData\Local\d3d9caps.dat

[2011.04.11 18:32:36 | 000,001,940 | ---- | C] () -- C:\Users\svenja\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011.01.17 09:45:42 | 000,498,666 | ---- | C] () -- C:\Users\svenja\Basil 1.mp3

[2010.12.19 19:19:14 | 000,000,054 | ---- | C] () -- C:\Windows\System32\opentable.ini

[2009.06.25 19:49:47 | 000,000,092 | ---- | C] () -- C:\Users\svenja\AppData\Local\cuyyo.bat

[2009.06.02 09:47:50 | 000,024,206 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\UserTile.png

[2009.01.14 18:55:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2008.09.21 12:12:15 | 000,015,872 | ---- | C] () -- C:\Users\svenja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.07.20 15:57:10 | 000,001,891 | ---- | C] () -- C:\Users\svenja\ZENcast Organizer.lnk

[2008.07.20 15:56:45 | 000,000,124 | ---- | C] () -- C:\Users\svenja\ZEN Media Explorer.lnk

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

--- --- ---

[/CODE]

Im Log ist aber nichts mehr von Incredi zu sehen....WO GENAU taucht das denn noch auf?

in crome, sobald ich ein neues Fenster öffne.

ich kann ggf. Crome deinstallieren und neu aufspielen! was denkst du ?

So gut kenn ich Chrome nicht, beim Firefox würde das idR nichts bringen, weil solche Sachen im Firefox-Profil hinterlegt legt.

Probiers aus mit Chrome.

Guten Morgen,
habe Crome neu aufgesetzt und jetzt sieht es gut aus!
Startseiten lassen sich wieder erstellen und Encredi bleibt weg.
Denke das war es!
Ich bedanke mich auf diesem Wege noch einmal ganz herzlich bei dir, schöne Vorweihnachtstage und vielleicht bis irgendwann in Berlin in unserem Restaurant,
dann kümmern wir uns um dich!

Lg Marcus
basi´l Berlin - Pasta Nudeln und mehr

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.