Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   Müll (https://www.trojaner-board.de/124643-muell.html)

ortsag 25.09.2012 05:17
Müll
 
OTL logfile created on: 24.09.2012 22:41:26 - Run 2
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Norton\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.58% Memory free
4.24 Gb Paging File | 3.10 Gb Available in Paging File | 73.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.43 Gb Total Space | 50.98 Gb Free Space | 22.61% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 2.52 Gb Free Space | 33.86% Space Free | Partition Type: NTFS

Computer Name: BÜRO-PC | User Name: cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Norton\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - c:\Programme\Bioscrypt\VeriSoft\Bin\asghost.exe (Cognizance Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\ICO.EXE (Primax Electronics Ltd.)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\USB Disk Win98 Driver\Res.exe (ali)
PRC - C:\Programme\A-DATA\USB Flash Disk Utility\PLBkMon.exe (Prolific Technology Inc.)
PRC - C:\Windows\System32\HotFixQ0306270.exe (Prolific Technology Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56ita.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56esp.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56brz.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56kor.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56ger.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56fra.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56dnk.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56jpn.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56cht.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56chs.dll ()


========== Services (SafeList) ==========

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (comHost) -- C:\Programme\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (CLSched) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ASBroker) -- c:\Programme\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ASChannel) -- c:\Programme\Bioscrypt\VeriSoft\Bin\ASChnl.dll (Cognizance Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120924.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120924.002\NAVENG.SYS (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20120919.001\IDSvix86.sys (Symantec Corporation)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (AFS) -- C:\Windows\System32\drivers\AFS.SYS (Oak Technology Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\drivers\symndisv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\drivers\symfw.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\drivers\symdns.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (CO_Mon) -- C:\Windows\System32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (PLFF) -- C:\Windows\System32\drivers\plff.sys (Prolific Technology Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {596F7E93-E60D-444F-A5BF-ECD98AC00052}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{596F7E93-E60D-444F-A5BF-ECD98AC00052}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A0E666EF-42D5-11E1-8CEB-001E37035685}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=%5EAAA&apn_dtid=%5EYYYYYY%5EYY%5ECH&apn_uid=4e266162-f958-4ba9-a090-7fe37ab197c6&apn_sauid=E96B6D23-452F-42F0-A490-0F705CE83B36
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1000\..\SearchScopes\{596F7E93-E60D-444F-A5BF-ECD98AC00052}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A0E666EF-42D5-11E1-8CEB-001E37035685}
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1001\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_EU&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^CH&apn_uid=4e266162-f958-4ba9-a090-7fe37ab197c6&apn_sauid=E96B6D23-452F-42F0-A490-0F705CE83B36
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1001\..\SearchScopes\{596F7E93-E60D-444F-A5BF-ECD98AC00052}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\S-1-5-21-718447124-1030447495-3968581107-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\cindy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\cindy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2010.05.03 19:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cindy\AppData\Roaming\mozilla\Extensions
[2010.05.03 19:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cindy\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

========== Chrome ==========

CHR - homepage: hxxp://home.sweetim.com/?barid={A0E666EF-42D5-11E1-8CEB-001E37035685}
CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A0E666EF-42D5-11E1-8CEB-001E37035685}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://home.sweetim.com/?barid={A0E666EF-42D5-11E1-8CEB-001E37035685}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\cindy\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\cindy\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\cindy\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-718447124-1030447495-3968581107-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-718447124-1030447495-3968581107-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-718447124-1030447495-3968581107-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-718447124-1030447495-3968581107-1001\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-718447124-1030447495-3968581107-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-718447124-1030447495-3968581107-1001\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ADATA_PLUtil] C:\Programme\A-DATA\USB Flash Disk Utility\PLBkMon.exe (Prolific Technology Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PLFFAP] C:\Windows\System32\HotFixQ0306270.exe (Prolific Technology Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2008_PLUS\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Programme\USB Disk Win98 Driver\Res.exe (ali)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-718447124-1030447495-3968581107-1000..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKU\S-1-5-21-718447124-1030447495-3968581107-1000..\Run: [gnzarjuvxdvelkm] C:\ProgramData\gnzarjuv.exe ()
O4 - HKU\S-1-5-21-718447124-1030447495-3968581107-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-718447124-1030447495-3968581107-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-718447124-1030447495-3968581107-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-718447124-1030447495-3968581107-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\cindy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\cindy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-718447124-1030447495-3968581107-1000\..Trusted Domains: hotelgastro.ch ([remote] https in Vertrauenswürdige Sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://remote.hotelgastro.ch/XTSAC.cab (XTSAC Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (Steuerung des DownloadManager )
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.60 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BA914CA-27AE-4720-AAEB-EDE67BA08586}: DhcpNameServer = 62.2.17.60 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F06DC31-5662-41C3-A1F3-0B70652AA0F3}: DhcpNameServer = 62.2.17.60 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Wave.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Wave.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0630849d-50d0-11dd-9acd-001e37035685}\Shell\Auto\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{0630849d-50d0-11dd-9acd-001e37035685}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
O33 - MountPoints2\{c47e9473-6d70-11de-92aa-001e37035685}\Shell\Auto\command - "" = F:\launcher.exe
O33 - MountPoints2\{c47e9473-6d70-11de-92aa-001e37035685}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.23 22:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.09.23 20:47:02 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.23 15:53:15 | 000,000,000 | ---D | C] -- C:\Users\cindy\AppData\Roaming\Malwarebytes
[2012.09.23 15:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.23 15:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.23 15:53:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.23 15:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.23 11:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\fqfazmcjxgaxcct
[2012.09.22 16:08:12 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.22 16:08:12 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.09.22 16:08:12 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 16:08:12 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.09.22 16:08:12 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.09.22 16:08:12 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.09.22 16:08:12 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 16:08:12 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 16:08:12 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.16 10:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.16 10:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.16 10:20:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

========== Files - Modified Within 30 Days ==========

[2012.09.24 22:50:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BC26DC3D-63AD-4136-8FB3-B4FA24DE08C9}.job
[2012.09.24 22:46:25 | 000,628,942 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.24 22:46:25 | 000,596,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.24 22:46:25 | 000,126,460 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.24 22:46:25 | 000,104,270 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.24 22:40:39 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.09.24 22:38:04 | 000,136,860 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.24 22:37:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.24 22:37:50 | 000,136,860 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.09.24 22:37:37 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.24 22:37:37 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.24 22:37:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.24 22:37:30 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.24 22:36:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.24 22:07:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.24 21:57:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718447124-1030447495-3968581107-1000UA.job
[2012.09.23 20:47:02 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.23 18:57:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718447124-1030447495-3968581107-1000Core.job
[2012.09.23 15:53:06 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.23 11:42:01 | 000,096,176 | ---- | M] () -- C:\ProgramData\yejfqvemjtfenxb
[2012.09.23 11:41:32 | 000,087,040 | ---- | M] () -- C:\ProgramData\gnzarjuv.exe
[2012.09.17 21:59:15 | 299,241,889 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.16 10:20:33 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.15 19:05:05 | 000,002,042 | ---- | M] () -- C:\Users\cindy\Desktop\Google Chrome.lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.26 13:29:59 | 000,081,262 | ---- | M] () -- C:\Users\cindy\Desktop\bild 1.JPG

========== Files Created - No Company Name ==========

[2012.09.23 20:53:32 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.23 15:53:06 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.23 11:42:00 | 000,087,040 | ---- | C] () -- C:\ProgramData\gnzarjuv.exe
[2012.09.23 11:41:33 | 000,096,176 | ---- | C] () -- C:\ProgramData\yejfqvemjtfenxb
[2012.09.16 10:20:33 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.26 13:29:53 | 000,081,262 | ---- | C] () -- C:\Users\cindy\Desktop\bild 1.JPG
[2009.12.05 13:08:13 | 000,136,860 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.05 13:08:04 | 000,136,860 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.04.03 20:09:30 | 000,000,000 | ---- | C] () -- C:\Users\cindy\AppData\Roaming\wklnhst.dat
[2008.01.05 11:31:05 | 000,103,589 | ---- | C] () -- C:\Users\cindy\AppData\Roaming\nvModes.001
[2008.01.05 11:31:04 | 000,103,589 | ---- | C] () -- C:\Users\cindy\AppData\Roaming\nvModes.dat
[2007.12.18 20:20:45 | 000,000,368 | ---- | C] () -- C:\Users\cindy\Bilder - Verknüpfung.lnk
[2007.11.17 19:00:55 | 000,000,680 | ---- | C] () -- C:\Users\cindy\AppData\Local\d3d9caps.dat
[2007.11.10 16:41:41 | 000,163,328 | ---- | C] () -- C:\Users\cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.09.12 14:08:24 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\ACD Systems
[2008.08.12 20:12:40 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\CoSoSys
[2010.03.13 17:01:23 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\digital publishing
[2011.08.07 16:21:54 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\DVDVideoSoft
[2011.08.07 16:12:27 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.09 23:15:16 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\ICAClient
[2012.01.24 21:39:15 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\ifolor
[2011.02.20 13:50:58 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\Information Factory
[2009.09.12 13:54:54 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\MAGIX
[2009.09.12 13:51:37 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\MAGIX-Fotobuch
[2009.07.10 21:14:05 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\MPMAN
[2010.05.02 16:02:49 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\Nokia
[2010.05.02 15:38:12 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\PC Suite
[2010.05.02 16:15:41 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\Sony
[2008.04.03 20:09:30 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\Template
[2010.05.03 19:47:41 | 000,000,000 | ---D | M] -- C:\Users\cindy\AppData\Roaming\TomTom

========== Purity Check ==========



< End of report >


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131