Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
mystart.incredibar.com

mystart.incredibar.com


Plagegeister aller Art und deren Bekämpfung: mystart.incredibar.com

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.11.2012, 10:05   #1
annek
 
mystart.incredibar.com - Unglücklich

mystart.incredibar.com


Hallo

Wie viele andere auch, habe ich mir die Mystart Incredibar eingefangen.
In der about:config von Firefox kann ich browser.newtab.url zurücksetzen, aber beim nächsten Systemstart taucht es wieder auf.

Allerdings öffnet sich in einem neuen Tab gar nicht die Mystart...-url die dort angegeben ist. Es öffnet sich immer ganz normal SpeedDial, wie es ja auch sein soll. Der Nervfaktor äußert sich eher darin, dass sich ab und zu mal eine geöffnete Seite in einem neuen Browserfenster öffnet.

Bevor ich da jetzt selber weiter daran rumdoktere, warte ich lieber auf Anweisungen von jemandem, der weiß was er tut

Danke für's Lesen.

Alt 07.11.2012, 16:28   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mystart.incredibar.com - Standard

mystart.incredibar.com


Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Mach bitte einen CustomScan mit OTL .

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________
Alt 07.11.2012, 17:14   #3
annek
 
mystart.incredibar.com - Standard

mystart.incredibar.com


Danke für die schnelle Antwort.
Ich hoffe, dass ist jetzt richtig so.
Allerdings kann es gut möglich sein, dass die Installation schon länger als 30 Tage her ist (weil bei OTL ja was von 30 Tage bei Datei-Alter steht)

Code:
ATTFilter
OTL logfile created on: 07.11.2012 16:39:54 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Netti\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,51 Gb Available Physical Memory | 75,20% Memory free
12,20 Gb Paging File | 10,54 Gb Available in Paging File | 86,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 142,65 Gb Free Space | 47,85% Space Free | Partition Type: NTFS
 
Computer Name: NETTI-PC | User Name: Netti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Netti\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
PRC - C:\Windows\SysWOW64\WTClient.exe (Tablet Driver)
PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\WinRAR\RarExt32.dll ()
MOD - C:\Windows\SysWOW64\WinTab32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinTabService) -- C:\Windows\SysNative\Drivers\WTSRV.EXE (Tablet Driver)
SRV - (NitroDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe (Nitro PDF Software)
SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (CPMService) -- C:\Programme\COMODO\COMODO Programs Manager\CPMservice.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (astcc) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\DRIVERS\cmderd.sys (COMODO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (Evdd) -- C:\Windows\SysNative\drivers\evdd.sys ()
DRV:64bit: - (cumon) -- C:\Windows\SysNative\drivers\cumon.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (UCTblHid) -- C:\Windows\SysNative\DRIVERS\UCTblHid.sys (Tablet Driver)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (dsltestSp5a64) -- C:\Windows\SysNative\Drivers\dsltestSp5a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (PTSimBus) -- C:\Windows\SysNative\DRIVERS\PTSimBus.sys (PenTablet Driver)
DRV:64bit: - (PTSimHid) -- C:\Windows\SysNative\DRIVERS\PTSimHid.sys (PenTablet Driver)
DRV:64bit: - (TClass2k) -- C:\Windows\SysNative\DRIVERS\TClass2k.sys (Tablet Driver)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\vmm.sys (Microsoft Corporation)
DRV:64bit: - (ElbyDelay) -- C:\Windows\SysNative\Drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\DRIVERS\VMNetSrv.sys (Microsoft Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (ElbyDelay) -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys (Elaborate Bytes AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 89 B1 81 0A 89 CD 01  [binary data]
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\..\SearchScopes\{9C75339E-02D6-44D0-98A6-63EC7E2D6767}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledAddons: alarm@gutscheinsammler.de:2.0.3
FF - prefs.js..extensions.enabledAddons: feedly@devhd:10.2
FF - prefs.js..extensions.enabledAddons: isreaditlater@ideashower.com:3.0.0
FF - prefs.js..extensions.enabledAddons: status4evar@caligonstudios.com:2012.07.08.17
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.18
FF - prefs.js..extensions.enabledAddons: {89f8dde0-010a-11da-8cd6-0800200c9a66}:1.0.2
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: extension@zootool.com:0.4
FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7
FF - prefs.js..extensions.enabledAddons: toolbar@qipu.de:1.8.8
FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.8
FF - prefs.js..extensions.enabledAddons: Stylish-Custom@choggi.dyndns.org:0.7.7
FF - prefs.js..extensions.enabledAddons: {45d8ff86-d909-11db-9705-005056c00008}:1.1.0
FF - prefs.js..extensions.enabledAddons: {c0c588b6-b11d-4898-af00-079fed05aa32}:16.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13
FF - prefs.js..extensions.enabledItems: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.3
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {bbfec13d-8cb3-53f3-c852-999eb2a852ca}:0.1.6
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:3.1.6
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.2.0.8
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.6
FF - prefs.js..extensions.enabledItems: classicretweet@jonpierce.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.2
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.6
FF - prefs.js..extensions.enabledItems: {359faf50-e061-11dd-ad8b-0800200c9a66}:2.2.1
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.socks_version: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.20 20:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 18:41:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.29 18:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.31 18:24:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.31 18:24:42 | 000,000,000 | ---D | M]
 
[2011.03.01 17:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Extensions
[2011.03.01 17:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.07 16:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions
[2011.03.01 16:59:31 | 000,000,000 | ---D | M] ("All-in-One Sidebar") -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}(2)
[2011.03.04 12:33:46 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(1790)
[2011.03.01 16:59:31 | 000,000,000 | ---D | M] (FlashGot [de]) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2011.03.01 16:59:31 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}(2)
[2012.10.14 09:18:33 | 000,000,000 | ---D | M] (FT Evo) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{5c8c1470-d247-11e0-9572-0800200c9a66}
[2011.03.01 16:59:34 | 000,000,000 | ---D | M] (SKY) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{6e00410e-1176-11dc-8314-0800200c9a66}(2)
[2011.03.01 16:59:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011.03.01 16:59:34 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
[2012.11.07 09:31:29 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011.03.01 16:59:36 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}(2)
[2011.03.01 16:59:40 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}(2)
[2012.03.04 18:00:00 | 000,000,000 | ---D | M] (Zootool) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\extension@zootool.com
[2011.03.01 16:59:29 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\fastdial@telega.phpnet(2).us
[2011.03.01 16:59:30 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\personas@christopher(52).beard
[2012.10.13 15:17:18 | 000,000,000 | ---D | M] (Stylish-Custom) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\Stylish-Custom@choggi.dyndns.org
[2012.07.25 13:32:54 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\support@lastpass.com
[2011.03.01 16:59:31 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\YoutubeDownloader@PeterOlayev(54).com
[2012.03.04 18:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\extension@zootool.com\__MACOSX
[2012.03.04 18:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\extension@zootool.com\chrome
[2012.03.04 18:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\extension@zootool.com\defaults
[2012.03.28 18:31:52 | 000,018,981 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\alarm@gutscheinsammler.de.xpi
[2012.08.29 13:28:33 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\extension@ciuvo.com.xpi
[2012.06.27 08:37:29 | 000,637,327 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\feedly@devhd.xpi
[2012.07.11 18:04:46 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\isreaditlater@ideashower.com.xpi
[2012.07.16 13:21:43 | 000,004,164 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\old_bookmarks_sidebar@francev_nikolay.xpi
[2012.10.13 15:09:51 | 000,089,559 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\printedit@DW-dev.xpi
[2012.07.10 17:42:37 | 000,163,080 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\status4evar@caligonstudios.com.xpi
[2012.10.13 15:09:51 | 000,091,945 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\toolbar@qipu.de.xpi
[2012.08.27 13:50:09 | 000,455,379 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2012.11.07 16:16:12 | 000,060,243 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi
[2012.09.09 16:51:26 | 000,269,659 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.10.12 15:34:16 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.10.12 15:34:16 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.05.09 17:45:22 | 000,172,465 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}.xpi
[2012.10.14 09:16:44 | 003,193,749 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi
[2012.07.25 19:43:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 10:05:49 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.11.06 10:12:39 | 000,002,511 | ---- | M] () -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\searchplugins\qipu.xml
[2012.10.29 18:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.29 18:41:43 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.21 16:01:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 13:30:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.21 16:01:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 16:01:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 16:01:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 16:01:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.29 10:48:02 | 000,006,258 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-253383300-3489330422-2878657085-1000..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-253383300-3489330422-2878657085-1000..\Run: [VistaStartMenu] C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: C:\Users\Netti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7BEBF18-3807-49D9-8706-B74DFEAC553C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Netti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Netti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: TQ566808 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= -  File not found
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: SolutoService - Service
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: SolutoService - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SolutoService - Service
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SolutoService - Service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.07 16:33:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Netti\Desktop\OTL.exe
[2012.11.02 19:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
[2012.11.02 19:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCapY
[2012.11.02 19:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2012.11.02 19:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2012.10.31 18:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.29 18:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.25 13:59:34 | 000,000,000 | ---D | C] -- C:\Users\Netti\AppData\Roaming\PhotoFiltre
[2012.10.24 19:51:10 | 000,000,000 | ---D | C] -- C:\Users\Netti\AppData\Roaming\Softland
[2012.10.24 19:51:03 | 000,000,000 | ---D | C] -- C:\Users\Netti\AppData\Local\PDF Annotator
[2012.10.21 18:19:12 | 000,000,000 | ---D | C] -- C:\Users\Netti\herbst
[2012.10.21 07:43:37 | 000,000,000 | ---D | C] -- C:\Users\Netti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grafik
[2012.10.20 20:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.10.20 20:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.10.20 11:16:14 | 000,000,000 | ---D | C] -- C:\Users\Netti\AppData\Roaming\vlc
[2012.10.20 11:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.10.20 10:05:32 | 000,000,000 | ---D | C] -- C:\Users\Netti\AppData\Roaming\stickies
[2012.10.20 10:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stickies
[2012.10.14 08:03:34 | 000,000,000 | ---D | C] -- C:\Users\Netti\Application Data
[2012.09.15 13:38:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Netti\HiJackThis204.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.07 16:40:58 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.11.07 16:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.07 16:33:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Netti\Desktop\OTL.exe
[2012.11.07 16:19:07 | 001,560,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.07 16:19:07 | 000,673,126 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.07 16:19:07 | 000,632,854 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.07 16:19:07 | 000,145,334 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.07 16:19:07 | 000,119,480 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.07 16:11:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.07 16:11:09 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 16:11:09 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 16:11:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.07 10:45:33 | 000,027,606 | ---- | M] () -- C:\Windows\CUAppUsage.Dat
[2012.11.07 09:45:00 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.07 09:19:07 | 000,099,840 | ---- | M] () -- C:\Users\Netti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.06 16:41:06 | 001,349,009 | ---- | M] () -- C:\Users\Netti\Holiday-Cards-MCP-BirdDesigns.zip
[2012.11.05 14:46:06 | 000,153,257 | ---- | M] () -- C:\Users\Netti\sky.jpg
[2012.11.04 20:58:12 | 000,000,505 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.11.04 20:51:12 | 002,016,478 | ---- | M] () -- C:\Users\Netti\gifgroup.psd
[2012.11.04 20:51:04 | 000,001,821 | ---- | M] () -- C:\Users\Netti\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.11.04 20:31:07 | 000,000,043 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.11.03 20:08:22 | 000,784,736 | ---- | M] () -- C:\Users\Netti\reandear-christmas-vector-pattern.zip
[2012.11.03 20:08:11 | 000,936,876 | ---- | M] () -- C:\Users\Netti\snowflakes-vector_patterns.zip
[2012.11.02 19:13:46 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
[2012.11.02 19:13:46 | 000,000,199 | ---- | M] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2012.10.28 17:49:22 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.10.22 13:14:30 | 000,177,761 | ---- | M] () -- C:\Users\Netti\Herbst.jpg
[2012.10.21 19:48:57 | 000,000,560 | ---- | M] () -- C:\Windows\PluginSwitch.ini
[2012.10.21 18:26:50 | 000,007,168 | -H-- | M] () -- C:\Users\Netti\photothumb.db
[2012.10.20 20:02:46 | 000,165,376 | ---- | M] () -- C:\Users\Netti\SystemLook_x64.exe
[2012.10.20 10:05:32 | 000,000,900 | ---- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
[2012.10.20 10:05:32 | 000,000,533 | ---- | M] () -- C:\Windows\uninstallstickies.bat
[2012.10.14 15:29:59 | 000,000,132 | ---- | M] () -- C:\Users\Netti\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.10.14 14:48:29 | 005,798,199 | ---- | M] () -- C:\Users\Netti\Unbenannt-1.psd
[2012.10.14 07:11:27 | 000,048,300 | ---- | M] () -- C:\Users\Netti\Documents\Database.kdb
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.06 16:41:00 | 001,349,009 | ---- | C] () -- C:\Users\Netti\Holiday-Cards-MCP-BirdDesigns.zip
[2012.11.05 14:46:04 | 000,153,257 | ---- | C] () -- C:\Users\Netti\sky.jpg
[2012.11.04 20:51:11 | 002,016,478 | ---- | C] () -- C:\Users\Netti\gifgroup.psd
[2012.11.03 20:08:17 | 000,784,736 | ---- | C] () -- C:\Users\Netti\reandear-christmas-vector-pattern.zip
[2012.11.03 20:08:08 | 000,936,876 | ---- | C] () -- C:\Users\Netti\snowflakes-vector_patterns.zip
[2012.11.02 19:13:46 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
[2012.11.02 19:13:46 | 000,000,199 | ---- | C] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2012.10.22 13:14:30 | 000,177,761 | ---- | C] () -- C:\Users\Netti\Herbst.jpg
[2012.10.21 19:48:57 | 000,000,560 | ---- | C] () -- C:\Windows\PluginSwitch.ini
[2012.10.20 20:02:46 | 000,165,376 | ---- | C] () -- C:\Users\Netti\SystemLook_x64.exe
[2012.10.20 10:05:32 | 000,000,533 | ---- | C] () -- C:\Windows\uninstallstickies.bat
[2012.10.20 10:05:31 | 000,000,900 | ---- | C] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
[2012.10.14 14:48:27 | 005,798,199 | ---- | C] () -- C:\Users\Netti\Unbenannt-1.psd
[2012.08.25 08:50:07 | 001,955,075 | ---- | C] () -- C:\Users\Netti\Unbenannt-2.psd
[2012.07.04 18:34:11 | 000,000,132 | ---- | C] () -- C:\Users\Netti\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.05.17 15:14:06 | 000,000,218 | ---- | C] () -- C:\Users\Netti\AppData\Local\recently-used.xbel
[2012.05.12 13:54:45 | 030,940,993 | ---- | C] () -- C:\Users\Netti\Gutschein.psd
[2012.05.04 18:41:51 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012.04.04 17:28:35 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll
[2012.04.04 17:28:35 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2012.04.03 18:43:15 | 000,388,176 | ---- | C] () -- C:\Windows\SysWow64\NxCooking.dll
[2012.03.07 16:47:38 | 000,000,140 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.24 15:49:35 | 000,027,606 | ---- | C] () -- C:\Windows\CUAppUsage.Dat
[2011.12.25 11:43:08 | 000,003,682 | ---- | C] () -- C:\Windows\Tablet8000x6000M.ini
[2011.11.22 18:32:42 | 000,287,515 | ---- | C] () -- C:\Users\Netti\circles pattern.psd
[2011.10.20 13:40:55 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.10.20 13:25:27 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.10.20 08:33:40 | 000,000,378 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.10.20 08:33:40 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.10.20 08:29:52 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011.08.28 17:24:53 | 000,338,724 | ---- | C] () -- C:\Users\Netti\tvdpsd.psd
[2011.08.06 09:20:11 | 000,220,624 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.07.14 17:51:13 | 001,543,162 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.28 15:13:21 | 000,000,079 | ---- | C] () -- C:\Users\Netti\AppData\Local\CrystalDiskMark30.ini
[2011.06.25 10:38:52 | 000,001,708 | ---- | C] () -- C:\Windows\lightworks.ini
[2011.06.25 08:48:21 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.06.18 16:39:54 | 000,000,132 | ---- | C] () -- C:\Users\Netti\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.06.01 18:38:38 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.01 18:37:44 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011.06.01 16:15:06 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.06.01 16:15:05 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.19 09:54:30 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011.05.17 12:11:40 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2011.05.17 12:11:40 | 000,004,151 | ---- | C] () -- C:\Windows\unins000.dat
[2011.03.27 17:08:51 | 000,007,168 | -H-- | C] () -- C:\Users\Netti\photothumb.db
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.10 16:18:37 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.03.10 16:18:36 | 000,000,505 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.03.07 19:20:39 | 000,001,821 | ---- | C] () -- C:\Users\Netti\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.03.06 19:25:33 | 000,000,132 | ---- | C] () -- C:\Users\Netti\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.03.06 10:10:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.03.06 10:10:27 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.03.06 10:10:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.03.04 18:47:10 | 000,017,408 | ---- | C] () -- C:\Users\Netti\AppData\Local\WebpageIcons.db
[2011.03.03 15:59:42 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.03.01 19:32:07 | 000,099,840 | ---- | C] () -- C:\Users\Netti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.01 16:32:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.01 16:14:31 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.03.01 16:14:31 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.03.01 15:49:00 | 000,031,684 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.03.01 15:48:42 | 000,031,364 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.03.01 15:38:25 | 000,000,732 | ---- | C] () -- C:\Users\Netti\AppData\Local\d3d9caps64.dat
[2011.02.15 11:11:48 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2010.01.08 10:44:54 | 001,033,373 | ---- | C] () -- C:\Users\Netti\Unbenannt-2.ai
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.30 21:16:28 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\.purple
[2012.01.22 16:12:19 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Alien Skin
[2011.12.25 11:34:21 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Artweaver
[2012.05.06 08:42:09 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Auslogics
[2011.04.23 17:13:23 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\avidemux
[2012.05.17 15:14:06 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\banshee-1
[2012.07.18 19:01:11 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\becker
[2012.02.26 17:24:31 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\calibre
[2011.06.02 07:38:29 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Canneverbe Limited
[2012.02.26 20:11:43 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Canon
[2011.06.23 14:12:02 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.06.18 15:26:15 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\cryptlib
[2012.06.02 09:25:19 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\CrystalIdea Software
[2011.08.08 18:42:32 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\DAEMON Tools Lite
[2011.08.06 09:23:37 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\de.txptr.googleplus
[2012.04.20 20:26:01 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Downloaded Installations
[2011.06.23 18:58:00 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\FastCopy
[2011.05.17 12:23:27 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\FFSJ
[2011.03.04 12:43:57 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Foxit Software
[2011.05.17 08:54:21 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\FreeCommander
[2012.09.08 15:03:58 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Groovedown_Uninstall
[2012.11.07 09:26:37 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\IrfanView
[2011.03.07 17:36:31 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\KeePass
[2011.05.17 14:01:22 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\LockHunter
[2011.06.23 18:57:33 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Mask Pro 4.0
[2012.11.04 12:10:45 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\MediaMonkey
[2011.06.25 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\MrJobs
[2012.11.07 16:20:52 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Nitro PDF
[2012.10.21 20:18:59 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\onOne Software
[2012.03.30 15:10:15 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\OpenOffice.org
[2011.11.23 14:58:19 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\PC-FAX TX
[2012.10.28 20:10:42 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\PhotoFiltre
[2012.10.13 10:46:10 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\PhotoScape
[2011.10.29 08:42:03 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\ScanSoft
[2012.10.24 19:51:10 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Softland
[2011.03.12 11:28:59 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.11.07 16:35:04 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\stickies
[2011.05.26 14:13:23 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\T-Online
[2012.11.07 09:23:29 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\TeraCopy
[2011.03.01 17:02:00 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Thunderbird
[2012.11.07 08:44:12 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Vista Start Menu
[2011.06.25 10:58:52 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Windows Live Writer
[2012.01.12 19:01:31 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\WinMount
[2012.10.25 14:00:54 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\XnView
[2011.05.01 15:41:20 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\XnViewMP
[2011.03.13 18:00:15 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Zoundry
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.03.01 15:38:57 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.12.15 11:41:15 | 000,000,000 | ---D | M] -- C:\1e41bd802fb056060e369e9c0fa865
[2008.10.20 19:02:49 | 000,000,000 | ---D | M] -- C:\Adabas
[2008.10.18 18:43:23 | 000,000,000 | ---D | M] -- C:\AMD
[2011.03.05 18:38:00 | 000,000,000 | ---D | M] -- C:\ATI
[2011.03.06 15:28:51 | 000,000,000 | -HSD | M] -- C:\Boot
[2008.10.18 20:54:21 | 000,000,000 | ---D | M] -- C:\Brother
[2011.08.26 10:59:38 | 000,000,000 | ---D | M] -- C:\divx
[2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.10.18 18:30:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.01 15:49:13 | 000,000,000 | ---D | M] -- C:\Intel
[2009.11.30 17:05:52 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.10.18 19:13:48 | 000,000,000 | ---D | M] -- C:\Netgear
[2008.10.18 22:28:14 | 000,000,000 | ---D | M] -- C:\profiles
[2012.11.07 09:16:16 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.07 16:15:28 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.07 08:53:40 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.10.18 18:30:51 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.07 16:43:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.10.13 16:13:49 | 000,000,000 | R--D | M] -- C:\Users
[2011.03.06 20:24:52 | 000,000,000 | -H-D | M] -- C:\VritualRoot
[2012.11.07 16:10:58 | 000,000,000 | ---D | M] -- C:\Windows
[2008.10.26 01:22:40 | 000,000,000 | -H-D | M] -- C:\{2426F42A-20BE-4F19-A8A5-640920671123}
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.30 21:16:28 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\.purple
[2012.10.21 17:46:17 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Adobe
[2011.03.12 11:28:59 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Adobe Mini Bridge CS5
[2012.01.22 16:12:19 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Alien Skin
[2012.05.05 16:49:40 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Apple Computer
[2011.12.25 11:34:21 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Artweaver
[2011.03.01 16:33:09 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\ATI
[2012.05.06 08:42:09 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Auslogics
[2011.04.23 17:13:23 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\avidemux
[2012.05.17 15:14:06 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\banshee-1
[2012.07.18 19:01:11 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\becker
[2011.03.03 18:54:54 | 000,000,000 | R--D | M] -- C:\Users\Netti\AppData\Roaming\Brother
[2012.02.26 17:24:31 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\calibre
[2011.06.02 07:38:29 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Canneverbe Limited
[2012.02.26 20:11:43 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Canon
[2012.02.19 16:39:15 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\CANON INC
[2011.06.23 14:12:02 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.16 14:21:50 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Creative
[2011.06.18 15:26:15 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\cryptlib
[2012.06.02 09:25:19 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\CrystalIdea Software
[2011.08.08 18:42:32 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\DAEMON Tools Lite
[2011.08.06 09:23:37 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\de.txptr.googleplus
[2011.06.25 10:38:45 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\DivX
[2011.05.29 08:58:47 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Download Manager
[2012.04.20 20:26:01 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Downloaded Installations
[2011.06.23 18:58:00 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\FastCopy
[2011.05.17 12:23:27 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\FFSJ
[2011.03.04 12:43:57 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Foxit Software
[2011.05.17 08:54:21 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\FreeCommander
[2012.09.08 15:03:58 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Groovedown_Uninstall
[2011.03.01 15:38:39 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Identities
[2011.10.20 13:40:29 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\InstallShield
[2012.11.07 09:26:37 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\IrfanView
[2011.03.07 17:36:31 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\KeePass
[2011.05.17 14:01:22 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\LockHunter
[2011.03.01 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Macromedia
[2012.09.08 18:12:34 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Malwarebytes
[2011.06.23 18:57:33 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Mask Pro 4.0
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Media Center Programs
[2012.11.04 12:10:45 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\MediaMonkey
[2012.10.21 18:00:52 | 000,000,000 | --SD | M] -- C:\Users\Netti\AppData\Roaming\Microsoft
[2011.03.01 16:36:07 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Mozilla
[2011.06.25 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\MrJobs
[2011.03.01 20:00:05 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\NCH Software
[2012.11.07 16:20:52 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Nitro PDF
[2012.10.21 20:18:59 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\onOne Software
[2012.03.30 15:10:15 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\OpenOffice.org
[2011.11.23 14:58:19 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\PC-FAX TX
[2012.10.28 20:10:42 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\PhotoFiltre
[2012.10.13 10:46:10 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\PhotoScape
[2011.10.29 08:42:03 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\ScanSoft
[2012.10.24 19:51:10 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Softland
[2011.03.12 11:28:59 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.11.07 16:35:04 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\stickies
[2011.05.26 14:13:23 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\T-Online
[2012.11.07 09:23:29 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\TeraCopy
[2011.03.01 17:02:00 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Thunderbird
[2012.03.22 19:45:39 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\tor
[2012.11.07 08:44:12 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Vista Start Menu
[2012.11.06 20:09:47 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\vlc
[2011.06.25 10:58:52 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Windows Live Writer
[2012.01.12 19:01:31 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\WinMount
[2011.05.17 13:22:45 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\WinRAR
[2012.10.25 14:00:54 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\XnView
[2011.05.01 15:41:20 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\XnViewMP
[2012.02.26 20:40:44 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\ZoomBrowser EX
[2011.03.13 18:00:15 | 000,000,000 | ---D | M] -- C:\Users\Netti\AppData\Roaming\Zoundry
 
< %APPDATA%\*.exe /s >
[2012.07.18 19:08:46 | 014,223,459 | ---- | M] (NNG Llc.) -- C:\Users\Netti\AppData\Roaming\becker\backup\CK-ZYLT-0D9G-84DV-R8L7\1169071\drive0\ContentManager\Becker_Content_Manager_Setup.exe
[2012.07.18 19:08:46 | 000,090,112 | ---- | M] () -- C:\Users\Netti\AppData\Roaming\becker\backup\CK-ZYLT-0D9G-84DV-R8L7\1169071\drive0\ContentManager\ContentManagerStarter.exe
[2012.07.18 19:08:54 | 009,805,848 | ---- | M] (NNG Kft.) -- C:\Users\Netti\AppData\Roaming\becker\backup\CK-ZYLT-0D9G-84DV-R8L7\1169071\drive0\navigator\navigator.exe
[2012.07.18 19:12:35 | 000,152,088 | ---- | M] () -- C:\Users\Netti\AppData\Roaming\becker\backup\CK-ZYLT-0D9G-84DV-R8L7\1169071\drive0\NNGStart\NNGStart.exe
[2012.07.18 19:02:36 | 015,233,895 | ---- | M] (NNG Llc.) -- C:\Users\Netti\AppData\Roaming\becker\workingdir\download_cache\becker-un\5636\Becker_Content_Manager_Setup.exe
[2012.09.08 15:03:58 | 000,902,656 | ---- | M] () -- C:\Users\Netti\AppData\Roaming\Groovedown_Uninstall\Groovedown_Uninstall.exe
[2011.06.22 19:18:01 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Netti\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.03.07 18:13:29 | 000,003,584 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}\Icon386ED4E3.exe
[2011.03.13 14:50:52 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}\_1D6E5807D62DFE028BBE5B.exe
[2011.03.13 14:50:52 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}\_40FFCDB705A4C9AC1F6D7C.exe
[2011.03.13 14:50:52 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}\_670195DEC28CD25E3F5313.exe
[2011.03.13 14:50:52 | 000,006,006 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}\_6FEFF9B68218417F98F549.exe
[2011.03.13 14:50:52 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}\_75F74C9825686AA86D0DD2.exe
[2011.03.13 14:50:52 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}\_A50E253DBF9AB4F278CAEB.exe
[2011.03.13 15:14:03 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}\_1C77366190B9ED751E3CE3.exe
[2011.03.13 15:14:03 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}\_21293B0C7780E1B07348DA.exe
[2011.03.13 15:14:03 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}\_39FE0601BDCB9436D70ED7.exe
[2011.03.13 15:14:03 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}\_56AE06C7A87A33790ADF05.exe
[2011.03.13 15:14:03 | 000,006,006 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}\_6FEFF9B68218417F98F549.exe
[2011.03.13 15:14:03 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}\_E7DCBFE65F53F52B70A631.exe
[2011.03.05 22:20:47 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{9FDC7042-CB9F-4336-A14C-DF10F53762E2}\_017F992E3047C3F2078605.exe
[2011.03.05 22:20:47 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{9FDC7042-CB9F-4336-A14C-DF10F53762E2}\_03AE333D97B9BBFB638DEF.exe
[2011.03.05 22:20:47 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{9FDC7042-CB9F-4336-A14C-DF10F53762E2}\_0A936FEADBCFCB0B3F13D9.exe
[2011.03.05 22:20:47 | 000,006,006 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{9FDC7042-CB9F-4336-A14C-DF10F53762E2}\_6FEFF9B68218417F98F549.exe
[2011.03.05 22:20:47 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{9FDC7042-CB9F-4336-A14C-DF10F53762E2}\_9DE0B82D76F646FC750FF6.exe
[2011.03.05 22:20:47 | 000,006,006 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{9FDC7042-CB9F-4336-A14C-DF10F53762E2}\_EFD58D023E5C051619B474.exe
[2011.03.13 15:06:32 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{BCFFAF65-50B7-4419-AFCA-A7BA797E2C3D}\_35F8077EB72597CDEC28B6.exe
[2011.03.13 15:06:32 | 000,006,006 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{BCFFAF65-50B7-4419-AFCA-A7BA797E2C3D}\_6FEFF9B68218417F98F549.exe
[2011.03.13 15:06:32 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{BCFFAF65-50B7-4419-AFCA-A7BA797E2C3D}\_72FDBD12D472ECEB287375.exe
[2011.03.13 15:06:32 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{BCFFAF65-50B7-4419-AFCA-A7BA797E2C3D}\_BD206421DF5C935D152983.exe
[2011.03.13 15:06:32 | 000,006,006 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{BCFFAF65-50B7-4419-AFCA-A7BA797E2C3D}\_D586A60B8BC43C8FE510FD.exe
[2011.03.13 15:06:32 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{BCFFAF65-50B7-4419-AFCA-A7BA797E2C3D}\_E49CDBCD2535CCBAF756B9.exe
[2011.03.13 15:01:23 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}\_5358BD179E39556BE30A98.exe
[2011.03.13 15:01:23 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}\_620E7B60437BE23914AFD2.exe
[2011.03.13 15:01:23 | 000,006,006 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}\_6FEFF9B68218417F98F549.exe
[2011.03.13 15:01:23 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}\_AB43058999083A11237355.exe
[2011.03.13 15:01:23 | 000,006,006 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}\_B9240CFA090C1B688F1320.exe
[2011.03.13 15:01:23 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}\_DA977DBF21F53FAFC069B8.exe
[2011.03.01 16:24:44 | 000,009,158 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}\ARPPRODUCTICON.exe
[2011.04.24 18:52:37 | 000,078,187 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}\_002611C093DEED3FF30FFD.exe
[2011.04.24 18:52:37 | 000,078,187 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}\_6FEFF9B68218417F98F549.exe
[2011.04.24 18:52:37 | 000,078,187 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}\_CA3B8DF4C6B4264A4C97ED.exe
[2011.07.23 15:11:20 | 000,010,134 | R--- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.06.25 10:32:10 | 000,222,720 | ---- | M] (Subject iX) -- C:\Users\Netti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Hide.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >

< End of report >
__________________
Alt 07.11.2012, 20:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mystart.incredibar.com - Standard

mystart.incredibar.com


Bis auf die vielen Toolbars/Werbeschrott unauffällig

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.11.2012, 09:21   #5
annek
 
mystart.incredibar.com - Standard

mystart.incredibar.com


Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 08/11/2012 um 09:19:10 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Netti - NETTI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Netti\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default [Profil par défaut]
Datei : C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6OyNpP8tUy&loc=FF_NT");

*************************

AdwCleaner[R8].txt - [853 octets] - [08/11/2012 09:19:10]

########## EOF - C:\AdwCleaner[R8].txt - [912 octets] ##########
Das hab ich allerdings schon hinter mir. Wenn ich jetzt auf Löschen ginge, hätte ich bei der nächsten Sitzung meine Ruhe, aber bei der übernächsten wär Incredibar wieder da. Hab nur leider die alten Logs nicht mehr.


Alt 08.11.2012, 13:43   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mystart.incredibar.com - Standard

mystart.incredibar.com


adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
--> mystart.incredibar.com

Alt 08.11.2012, 15:14   #7
annek
 
mystart.incredibar.com - Standard

mystart.incredibar.com


adw
Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 08/11/2012 um 14:47:15 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Netti - NETTI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Netti\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default [Profil par défaut]
Datei : C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\prefs.js

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6OyNpP8tUy&loc=FF_NT");

*************************

AdwCleaner[R8].txt - [980 octets] - [08/11/2012 09:19:10]
AdwCleaner[S3].txt - [914 octets] - [08/11/2012 14:47:15]

########## EOF - C:\AdwCleaner[S3].txt - [973 octets] ##########
OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.11.2012 14:52:44 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Netti\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,38 Gb Available Physical Memory | 72,96% Memory free
12,11 Gb Paging File | 10,45 Gb Available in Paging File | 86,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 142,98 Gb Free Space | 47,96% Space Free | Partition Type: NTFS
 
Computer Name: NETTI-PC | User Name: Netti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Netti\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinTabService) -- C:\Windows\SysNative\Drivers\WTSRV.EXE (Tablet Driver)
SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (CPMService) -- C:\Programme\COMODO\COMODO Programs Manager\CPMservice.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (astcc) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\DRIVERS\cmderd.sys (COMODO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (Evdd) -- C:\Windows\SysNative\drivers\evdd.sys ()
DRV:64bit: - (cumon) -- C:\Windows\SysNative\drivers\cumon.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (UCTblHid) -- C:\Windows\SysNative\DRIVERS\UCTblHid.sys (Tablet Driver)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (dsltestSp5a64) -- C:\Windows\SysNative\Drivers\dsltestSp5a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (PTSimBus) -- C:\Windows\SysNative\DRIVERS\PTSimBus.sys (PenTablet Driver)
DRV:64bit: - (PTSimHid) -- C:\Windows\SysNative\DRIVERS\PTSimHid.sys (PenTablet Driver)
DRV:64bit: - (TClass2k) -- C:\Windows\SysNative\DRIVERS\TClass2k.sys (Tablet Driver)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\vmm.sys (Microsoft Corporation)
DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\DRIVERS\VMNetSrv.sys (Microsoft Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 89 B1 81 0A 89 CD 01  [binary data]
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\..\SearchScopes\{9C75339E-02D6-44D0-98A6-63EC7E2D6767}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-253383300-3489330422-2878657085-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledAddons: alarm@gutscheinsammler.de:2.0.3
FF - prefs.js..extensions.enabledAddons: feedly@devhd:10.2
FF - prefs.js..extensions.enabledAddons: isreaditlater@ideashower.com:3.0.0
FF - prefs.js..extensions.enabledAddons: status4evar@caligonstudios.com:2012.07.08.17
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.18
FF - prefs.js..extensions.enabledAddons: {89f8dde0-010a-11da-8cd6-0800200c9a66}:1.0.2
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: extension@zootool.com:0.4
FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7
FF - prefs.js..extensions.enabledAddons: toolbar@qipu.de:1.8.8
FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.8
FF - prefs.js..extensions.enabledAddons: Stylish-Custom@choggi.dyndns.org:0.7.7
FF - prefs.js..extensions.enabledAddons: {45d8ff86-d909-11db-9705-005056c00008}:1.1.0
FF - prefs.js..extensions.enabledAddons: {c0c588b6-b11d-4898-af00-079fed05aa32}:16.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13
FF - prefs.js..extensions.enabledItems: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.3
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {bbfec13d-8cb3-53f3-c852-999eb2a852ca}:0.1.6
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:3.1.6
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.2.0.8
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.6
FF - prefs.js..extensions.enabledItems: classicretweet@jonpierce.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.2
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.6
FF - prefs.js..extensions.enabledItems: {359faf50-e061-11dd-ad8b-0800200c9a66}:2.2.1
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.socks_version: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.20 20:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 18:41:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.29 18:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.31 18:24:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.31 18:24:42 | 000,000,000 | ---D | M]
 
[2011.03.01 17:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Extensions
[2011.03.01 17:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.07 16:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions
[2011.03.01 16:59:31 | 000,000,000 | ---D | M] ("All-in-One Sidebar") -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}(2)
[2011.03.04 12:33:46 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(1790)
[2011.03.01 16:59:31 | 000,000,000 | ---D | M] (FlashGot [de]) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2011.03.01 16:59:31 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}(2)
[2012.10.14 09:18:33 | 000,000,000 | ---D | M] (FT Evo) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{5c8c1470-d247-11e0-9572-0800200c9a66}
[2011.03.01 16:59:34 | 000,000,000 | ---D | M] (SKY) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{6e00410e-1176-11dc-8314-0800200c9a66}(2)
[2011.03.01 16:59:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011.03.01 16:59:34 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
[2012.11.07 09:31:29 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011.03.01 16:59:36 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}(2)
[2011.03.01 16:59:40 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}(2)
[2012.03.04 18:00:00 | 000,000,000 | ---D | M] (Zootool) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\extension@zootool.com
[2011.03.01 16:59:29 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\fastdial@telega.phpnet(2).us
[2011.03.01 16:59:30 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\personas@christopher(52).beard
[2012.10.13 15:17:18 | 000,000,000 | ---D | M] (Stylish-Custom) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\Stylish-Custom@choggi.dyndns.org
[2012.07.25 13:32:54 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\support@lastpass.com
[2011.03.01 16:59:31 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\YoutubeDownloader@PeterOlayev(54).com
[2012.03.04 18:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\extension@zootool.com\__MACOSX
[2012.03.04 18:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\extension@zootool.com\chrome
[2012.03.04 18:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\extension@zootool.com\defaults
[2012.03.28 18:31:52 | 000,018,981 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\alarm@gutscheinsammler.de.xpi
[2012.08.29 13:28:33 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\extension@ciuvo.com.xpi
[2012.06.27 08:37:29 | 000,637,327 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\feedly@devhd.xpi
[2012.07.11 18:04:46 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\isreaditlater@ideashower.com.xpi
[2012.07.16 13:21:43 | 000,004,164 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\old_bookmarks_sidebar@francev_nikolay.xpi
[2012.10.13 15:09:51 | 000,089,559 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\printedit@DW-dev.xpi
[2012.07.10 17:42:37 | 000,163,080 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\status4evar@caligonstudios.com.xpi
[2012.10.13 15:09:51 | 000,091,945 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\toolbar@qipu.de.xpi
[2012.08.27 13:50:09 | 000,455,379 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2012.11.07 16:16:12 | 000,060,243 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi
[2012.09.09 16:51:26 | 000,269,659 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.10.12 15:34:16 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.10.12 15:34:16 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.05.09 17:45:22 | 000,172,465 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}.xpi
[2012.10.14 09:16:44 | 003,193,749 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi
[2012.07.25 19:43:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 10:05:49 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.11.06 10:12:39 | 000,002,511 | ---- | M] () -- C:\Users\Netti\AppData\Roaming\Mozilla\Firefox\Profiles\lboyljjd.default\searchplugins\qipu.xml
[2012.10.29 18:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.29 18:41:43 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.21 16:01:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 13:30:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.21 16:01:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 16:01:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 16:01:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 16:01:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.29 10:48:02 | 000,006,258 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-253383300-3489330422-2878657085-1000..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-253383300-3489330422-2878657085-1000..\Run: [VistaStartMenu] C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: C:\Users\Netti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7BEBF18-3807-49D9-8706-B74DFEAC553C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Netti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Netti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.07 16:33:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Netti\Desktop\OTL.exe
[2012.11.02 19:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
[2012.11.02 19:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCapY
[2012.11.02 19:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2012.11.02 19:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2012.10.31 18:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.29 18:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.25 13:59:34 | 000,000,000 | ---D | C] -- C:\Users\Netti\AppData\Roaming\PhotoFiltre
[2012.10.24 19:51:10 | 000,000,000 | ---D | C] -- C:\Users\Netti\AppData\Roaming\Softland
[2012.10.24 19:51:06 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2012.10.24 19:51:03 | 000,000,000 | ---D | C] -- C:\Users\Netti\AppData\Local\PDF Annotator
[2012.10.21 18:19:12 | 000,000,000 | ---D | C] -- C:\Users\Netti\herbst
[2012.10.21 07:43:37 | 000,000,000 | ---D | C] -- C:\Users\Netti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grafik
[2012.10.20 20:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.10.20 20:08:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.10.20 20:08:04 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.10.20 20:08:04 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.10.20 20:08:04 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.10.20 20:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.10.20 11:16:14 | 000,000,000 | ---D | C] -- C:\Users\Netti\AppData\Roaming\vlc
[2012.10.20 11:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.10.20 10:05:32 | 000,000,000 | ---D | C] -- C:\Users\Netti\AppData\Roaming\stickies
[2012.10.20 10:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stickies
[2012.10.14 08:03:34 | 000,000,000 | ---D | C] -- C:\Users\Netti\Application Data
[2012.10.10 14:04:29 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 14:04:26 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 14:04:26 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.10 14:04:24 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.09.15 13:38:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Netti\HiJackThis204.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.08 14:58:30 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.11.08 14:56:22 | 001,560,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.08 14:56:22 | 000,673,126 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.08 14:56:22 | 000,632,854 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.08 14:56:22 | 000,145,334 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.08 14:56:22 | 000,119,480 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.08 14:48:52 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.08 14:48:39 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.08 14:48:39 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.08 14:48:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.08 14:47:53 | 000,027,606 | ---- | M] () -- C:\Windows\CUAppUsage.Dat
[2012.11.08 14:40:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.08 09:17:24 | 000,541,569 | ---- | M] () -- C:\Users\Netti\Desktop\adwcleaner.exe
[2012.11.07 16:33:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Netti\Desktop\OTL.exe
[2012.11.07 09:45:00 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.07 09:26:20 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.07 09:26:19 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.07 09:19:07 | 000,099,840 | ---- | M] () -- C:\Users\Netti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.06 16:41:06 | 001,349,009 | ---- | M] () -- C:\Users\Netti\Holiday-Cards-MCP-BirdDesigns.zip
[2012.11.05 14:46:06 | 000,153,257 | ---- | M] () -- C:\Users\Netti\sky.jpg
[2012.11.04 20:58:12 | 000,000,505 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.11.04 20:51:12 | 002,016,478 | ---- | M] () -- C:\Users\Netti\gifgroup.psd
[2012.11.04 20:31:07 | 000,000,043 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.11.03 20:08:22 | 000,784,736 | ---- | M] () -- C:\Users\Netti\reandear-christmas-vector-pattern.zip
[2012.11.03 20:08:11 | 000,936,876 | ---- | M] () -- C:\Users\Netti\snowflakes-vector_patterns.zip
[2012.11.02 19:13:46 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
[2012.11.02 19:13:46 | 000,000,199 | ---- | M] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2012.10.28 17:49:22 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.10.22 13:14:30 | 000,177,761 | ---- | M] () -- C:\Users\Netti\Herbst.jpg
[2012.10.21 19:48:57 | 000,000,560 | ---- | M] () -- C:\Windows\PluginSwitch.ini
[2012.10.21 18:26:50 | 000,007,168 | -H-- | M] () -- C:\Users\Netti\photothumb.db
[2012.10.20 20:07:49 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.10.20 20:07:48 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.10.20 20:07:48 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.10.20 20:07:48 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.10.20 20:07:48 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.10.20 20:07:48 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.10.20 20:02:46 | 000,165,376 | ---- | M] () -- C:\Users\Netti\SystemLook_x64.exe
[2012.10.20 10:05:32 | 000,000,900 | ---- | M] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
[2012.10.20 10:05:32 | 000,000,533 | ---- | M] () -- C:\Windows\uninstallstickies.bat
[2012.10.14 15:29:59 | 000,000,132 | ---- | M] () -- C:\Users\Netti\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.10.14 14:48:29 | 005,798,199 | ---- | M] () -- C:\Users\Netti\Unbenannt-1.psd
[2012.10.14 07:11:27 | 000,048,300 | ---- | M] () -- C:\Users\Netti\Documents\Database.kdb
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.08 09:17:23 | 000,541,569 | ---- | C] () -- C:\Users\Netti\Desktop\adwcleaner.exe
[2012.11.06 16:41:00 | 001,349,009 | ---- | C] () -- C:\Users\Netti\Holiday-Cards-MCP-BirdDesigns.zip
[2012.11.05 14:46:04 | 000,153,257 | ---- | C] () -- C:\Users\Netti\sky.jpg
[2012.11.04 20:51:11 | 002,016,478 | ---- | C] () -- C:\Users\Netti\gifgroup.psd
[2012.11.03 20:08:17 | 000,784,736 | ---- | C] () -- C:\Users\Netti\reandear-christmas-vector-pattern.zip
[2012.11.03 20:08:08 | 000,936,876 | ---- | C] () -- C:\Users\Netti\snowflakes-vector_patterns.zip
[2012.11.02 19:23:45 | 000,152,944 | ---- | C] () -- C:\Users\Netti\Kokosmakronen Konditorrezept.pdf
[2012.11.02 19:13:46 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
[2012.11.02 19:13:46 | 000,000,199 | ---- | C] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2012.10.22 13:14:30 | 000,177,761 | ---- | C] () -- C:\Users\Netti\Herbst.jpg
[2012.10.21 19:48:57 | 000,000,560 | ---- | C] () -- C:\Windows\PluginSwitch.ini
[2012.10.20 20:02:46 | 000,165,376 | ---- | C] () -- C:\Users\Netti\SystemLook_x64.exe
[2012.10.20 10:05:32 | 000,000,533 | ---- | C] () -- C:\Windows\uninstallstickies.bat
[2012.10.20 10:05:31 | 000,000,900 | ---- | C] () -- C:\Users\Netti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
[2012.10.14 14:48:27 | 005,798,199 | ---- | C] () -- C:\Users\Netti\Unbenannt-1.psd
[2012.08.25 08:50:07 | 001,955,075 | ---- | C] () -- C:\Users\Netti\Unbenannt-2.psd
[2012.07.04 18:34:11 | 000,000,132 | ---- | C] () -- C:\Users\Netti\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.05.17 15:14:06 | 000,000,218 | ---- | C] () -- C:\Users\Netti\AppData\Local\recently-used.xbel
[2012.05.12 13:54:45 | 030,940,993 | ---- | C] () -- C:\Users\Netti\Gutschein.psd
[2012.05.04 18:41:51 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012.04.04 17:28:35 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll
[2012.04.04 17:28:35 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2012.04.03 18:43:15 | 000,388,176 | ---- | C] () -- C:\Windows\SysWow64\NxCooking.dll
[2012.03.07 16:47:38 | 000,000,140 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.24 15:49:35 | 000,027,606 | ---- | C] () -- C:\Windows\CUAppUsage.Dat
[2011.12.25 11:43:08 | 000,003,682 | ---- | C] () -- C:\Windows\Tablet8000x6000M.ini
[2011.11.22 18:32:42 | 000,287,515 | ---- | C] () -- C:\Users\Netti\circles pattern.psd
[2011.10.20 13:40:55 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.10.20 13:25:27 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.10.20 08:33:40 | 000,000,378 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.10.20 08:33:40 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.10.20 08:29:52 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011.08.28 17:24:53 | 000,338,724 | ---- | C] () -- C:\Users\Netti\tvdpsd.psd
[2011.08.06 09:20:11 | 000,220,624 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.07.14 17:51:13 | 001,543,162 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.28 15:13:21 | 000,000,079 | ---- | C] () -- C:\Users\Netti\AppData\Local\CrystalDiskMark30.ini
[2011.06.25 10:38:52 | 000,001,708 | ---- | C] () -- C:\Windows\lightworks.ini
[2011.06.25 08:48:21 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.06.18 16:39:54 | 000,000,132 | ---- | C] () -- C:\Users\Netti\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.06.01 18:38:38 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.01 18:37:44 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011.06.01 16:15:06 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.06.01 16:15:05 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.19 09:54:30 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011.05.17 12:11:40 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2011.05.17 12:11:40 | 000,004,151 | ---- | C] () -- C:\Windows\unins000.dat
[2011.03.27 17:08:51 | 000,007,168 | -H-- | C] () -- C:\Users\Netti\photothumb.db
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.10 16:18:37 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.03.10 16:18:36 | 000,000,505 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.03.07 19:20:39 | 000,001,821 | ---- | C] () -- C:\Users\Netti\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.03.06 19:25:33 | 000,000,132 | ---- | C] () -- C:\Users\Netti\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.03.06 10:10:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.03.06 10:10:27 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.03.06 10:10:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.03.04 18:47:10 | 000,017,408 | ---- | C] () -- C:\Users\Netti\AppData\Local\WebpageIcons.db
[2011.03.03 15:59:42 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.03.01 19:32:07 | 000,099,840 | ---- | C] () -- C:\Users\Netti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.01 16:32:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.01 16:14:31 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.03.01 16:14:31 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.03.01 15:49:00 | 000,031,684 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.03.01 15:48:42 | 000,031,364 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.03.01 15:38:25 | 000,000,732 | ---- | C] () -- C:\Users\Netti\AppData\Local\d3d9caps64.dat
[2011.02.15 11:11:48 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll
[2010.01.08 10:44:54 | 001,033,373 | ---- | C] () -- C:\Users\Netti\Unbenannt-2.ai
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---


Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.11.2012 14:52:44 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Netti\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,38 Gb Available Physical Memory | 72,96% Memory free
12,11 Gb Paging File | 10,45 Gb Available in Paging File | 86,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 142,98 Gb Free Space | 47,96% Space Free | Partition Type: NTFS
 
Computer Name: NETTI-PC | User Name: Netti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-253383300-3489330422-2878657085-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = ED DE CB D6 0A DC CB 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-253383300-3489330422-2878657085-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0091BE9A-8B0C-45A3-9802-58BD3ED7CC4C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1E132962-F21D-4BDC-A806-E011B5CB7453}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4BF6D2A0-8E34-4FE3-8C08-7002216EE586}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 | 
"{4FFFF8A6-A6CC-4FF9-BA93-F5572B407E12}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{514BC070-CE3F-4981-B41B-A16CD931BE07}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A4975BA2-647C-45CE-A701-D1548C9E91A3}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 | 
"{AD8547D0-FE29-40DD-A727-E87A1BB75202}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B14AFE3F-6D17-4953-8CD4-CF1943656667}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B9897BE7-B40C-4FE4-9F40-74695D83E2DC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BEC4B85C-C55C-4048-9FBC-36B0CDEF32E0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C8669D89-E32C-415B-9E8A-C9048442BDD8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D1815B4F-C6AA-45EA-837A-A25999883BE9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E548DDDB-0510-40C3-B5BD-66B13463C98E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EE5C8631-280A-4B15-AB4C-20F5666F3EBF}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C36B552-13B3-4475-9AEC-9DF8B690933E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{30648F47-BAFC-4E02-AEF3-02AA9BD15540}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{487176C7-92E2-46D1-8DE4-DE839AE6155A}" = dir=in | app=c:\program files (x86)\rapidsolution\audials 9\audials.exe | 
"{579824EA-0E6F-4DAC-92DF-CDA8A35F1E3A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5B4F5C9C-C3E8-4456-9E17-901B21DC4D57}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5D7B78E7-443E-46A9-8DFE-1FE518EA5CD5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{7267AC23-D581-4209-9DF2-D9C2D4D359BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{740F0EE7-5E46-4F43-BA5A-D8C11E4B5DFB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7A308C8D-91E7-49CE-A751-2F1C33ABB202}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7EE93760-7444-4F77-8848-F053CF84C35A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{87B0A5A3-E801-43EB-8B18-171419A6EDB4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D8E77E15-CF7D-402A-A74F-88B3B5154B16}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{4BB3E992-DE48-4396-AFE6-B46F2AD65A1A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{A9688734-3357-4899-BC6E-31B549F4B1A1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{18E12084-AD08-4E7E-9C01-165CE2C8121B}" = Nitro PDF Reader 2
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1" = Adobe Reader 64-bit fixes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{883F56F3-B9E7-4B07-8F6D-2BEF6291DF16}" = Oracle VM VirtualBox 4.1.22
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{D968E920-3A49-48EB-BA1D-8964DCDF0CA9}" = COMODO Programs Manager
"{ED321628-843E-4319-8C6D-CB3C919323AC}" = MysticThumbs
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image  (02/11/2010 )
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Recuva" = Recuva
"TeraCopy_is1" = TeraCopy 2.12
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{09E46892-D189-410F-AE52-72D620247182}" = calibre
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = Catalyst Control Center
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"Content Manager 2" = Content Manager 2
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"Debut" = Debut Video Capture Software
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"FormatFactory" = FormatFactory 2.96
"FreeCommander_is1" = FreeCommander 2009.02b
"KeePass Password Safe_is1" = KeePass Password Safe 1.18
"LastFM_is1" = Last.fm 1.5.4.27091
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Pidgin" = Pidgin
"Plants vs. Zombies" = Plants vs. Zombies
"POIbase_is1" = POIbase 1.041
"Rainlendar2" = Rainlendar2 (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.94
"Rezeptbuch_is1" = Rezeptbuch 2.2
"TabletDriver" = Trust Tablet Driver
"ThumbView_Lite 1.0" = ThumbView_Lite 1.0
"Vista Start Menu_is1" = Vista Start Menu 3.88
"XnView_is1" = XnView 1.99
"xplorer2l" = xplorer² lite 32 bit
"Xvid Video Codec 1.3.0" = Xvid Video Codec
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zattoo4" = Zattoo4 4.0.5
"ZhornStickies" = Stickies 7.1d
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-253383300-3489330422-2878657085-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.11.2012 05:11:55 | Computer Name = Netti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 07.11.2012 05:13:56 | Computer Name = Netti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 07.11.2012 05:16:59 | Computer Name = Netti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 07.11.2012 05:19:13 | Computer Name = Netti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 07.11.2012 11:12:45 | Computer Name = Netti-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.11.2012 11:19:06 | Computer Name = Netti-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.11.2012 11:43:00 | Computer Name = Netti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 08.11.2012 04:02:30 | Computer Name = Netti-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.11.2012 09:31:22 | Computer Name = Netti-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.11.2012 09:50:18 | Computer Name = Netti-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 01.03.2012 13:44:10 | Computer Name = Netti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.11.2012 04:38:59 | Computer Name = Netti-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.11.2012 04:44:40 | Computer Name = Netti-PC | Source = Ntfs | ID = 262281
Description = Der Transaktionsressourcen-Manager auf Volume "ComodoEvdd" konnte 
aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode
 ist in den Daten enthalten.
 
Error - 07.11.2012 05:45:04 | Computer Name = Netti-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 07.11.2012 11:12:46 | Computer Name = Netti-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.11.2012 13:35:50 | Computer Name = Netti-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 08.11.2012 04:02:30 | Computer Name = Netti-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 08.11.2012 07:16:24 | Computer Name = Netti-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 08.11.2012 09:31:22 | Computer Name = Netti-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 08.11.2012 09:47:27 | Computer Name = Netti-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 08.11.2012 09:50:19 | Computer Name = Netti-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

Alt 08.11.2012, 16:23   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mystart.incredibar.com - Standard

mystart.incredibar.com


Sieht ok aus. Wir sollten fast durch sein. Incredibar ist soweit weg?

Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.11.2012, 18:00   #9
annek
 
mystart.incredibar.com - Standard

mystart.incredibar.com


Leider ist die Incredibar immer noch in der about:config von Firefox und kommt auch nach wie vor immer wieder.
Wie im meinem vorletzten Post geschrieben, hatte ich schon selber mal mit dem adwcleaner gesäubert. In der folgenden Sitzung ist dann Ruhe, aber beim übernächsten Mal ist sie jeweils wieder da. Das ist ja mein Dilemma

Der Malwarebytes-Scan sieht so aus
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.08.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Netti :: NETTI-PC [Administrator]

08.11.2012 17:41:17
mbam-log-2012-11-08 (17-41-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201929
Laufzeit: 3 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Ich werd dann jetzt noch mal ESET drüber laufen lassen.

ESET Log
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d9be136e6101b54280f14141a0ac3a60
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-08 06:46:17
# local_time=2012-11-08 07:46:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 71 3655 28076689 0 0
# compatibility_mode=5892 16776574 100 45 53137855 189918179 0 0
# compatibility_mode=8192 67108863 100 0 3822 3822 0 0
# scanned=210594
# found=0
# cleaned=0
# scan_time=6104

Alt 08.11.2012, 20:22   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mystart.incredibar.com - Standard

mystart.incredibar.com


Geh mal in die Adresszeile vom Firefox und tipp ein about:config - dann aufrufen
Warnhinweis, dass du vorsichtig bist, abnicken

Da auch bitte wirklich vorsichtig sein!!

Suche dann mal nach browser.newtab.url - diese Eigenschaft sollte auf about:newtab gesetzt sein, so wie hier:

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.11.2012, 08:53   #11
annek
 
mystart.incredibar.com - Standard

mystart.incredibar.com


Wie schon geschrieben taucht dort die Incredibar:
browser.newtab.url;hxxp://mystart.incredibar.com/mb178?a=6OyNpP8tUy&loc=FF_NT auf
Ich kann es zwar zurücksetzen auf about:newtab, aber beim nächsten Start ist dann die olle Incredibar-Adresse wieder da.

Alt 09.11.2012, 19:22   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mystart.incredibar.com - Standard

mystart.incredibar.com


Erstell dir mal ein neues Profil und teste => Firefox-Profile erstellen und löschen | Hilfe zu Firefox
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.11.2012, 11:29   #13
annek
 
mystart.incredibar.com - Standard

mystart.incredibar.com


Bis jetzt sieht es gut aus
Das war jetzt nicht wirklich so simpel?

Vielen lieben Dank!

Alt 11.11.2012, 20:30   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mystart.incredibar.com - Standard

mystart.incredibar.com


Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu mystart.incredibar.com
about, andere, angegeben, browserfenster, config, firefox, geöffnete, incredibar, jemandem, lieber, mystart, mystart incredibar, mystart.incredibar.com, neue, neuen, seite, systems, systemstart, taucht, zurücksetzen, öffnet


« Trojaner vom "Bundesministerium für Sicherheit" mit WebCam | Mystart.incredibar.com aus Chrome entfernen »


Ähnliche Themen: mystart.incredibar.com


  1. MyStart/Incredibar
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (9)
  2. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 06.05.2013 (11)
  3. MyStart by IncrediBar.com
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (9)
  4. MyStart by IncrediBar.com
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (18)
  5. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 18.10.2012 (1)
  6. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 14.10.2012 (17)
  7. Mystart.Incredibar
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (37)
  8. mystart.incredibar.com
    Log-Analyse und Auswertung - 29.09.2012 (2)
  9. Mystart.Incredibar
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (3)
  10. mystart incredibar
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  11. MyStart @ Incredibar und MyStart Search trotz Deinstallation des Programms
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  12. MySTart by Incredibar
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (1)
  13. MyStart incredibar
    Log-Analyse und Auswertung - 23.07.2012 (1)
  14. Mystart Incredibar
    Log-Analyse und Auswertung - 20.07.2012 (32)
  15. Mystart Incredibar
    Log-Analyse und Auswertung - 16.07.2012 (7)
  16. MyStart Incredibar
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  17. Mystart by incredibar
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema mystart.incredibar.com - Hallo Wie viele andere auch, habe ich mir die Mystart Incredibar eingefangen. In der about :config von Firefox kann ich browser.newtab.url zurücksetzen, aber beim nächsten Systemstart taucht es wieder auf. - mystart.incredibar.com...
Archiv
Du betrachtest: mystart.incredibar.com auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55