Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ad.adserverplus erscheint immer wieder

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.11.2012, 20:21   #16
ryder
/// TB-Ausbilder
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



Du kannst sie anschliessen und nochmal mit ESET drüber scannen. Ganz easy

Schön, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 13.11.2012, 14:18   #17
ryder
/// TB-Ausbilder
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



Dann machen wir mal weiter:

Kontrollscan mit OTL
  • Starte bitte OTL.exe
  • Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!
  • Drücke den Quick Scan Button.
  • Poste die OTL.txt hier in deinen Thread.
__________________

__________________

Alt 13.11.2012, 16:42   #18
Julia.M
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



Danke das du mir weiterhin hilfst!

Hier der die OTL.txt:
Code:
ATTFilter
OTL logfile created on: 13.11.2012 16:08:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 62,48% Memory free
7,73 Gb Paging File | 5,57 Gb Available in Paging File | 72,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 18,88 Gb Free Space | 32,23% Space Free | Partition Type: NTFS
Drive E: | 224,81 Gb Total Space | 82,63 Gb Free Space | 36,76% Space Free | Partition Type: NTFS
Drive Y: | 14,65 Gb Total Space | 9,30 Gb Free Space | 63,46% Space Free | Partition Type: NTFS
 
Computer Name: ISIS | User Name: Eliza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.13 16:07:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
PRC - [2012.11.13 15:55:06 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.30 12:42:53 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.30 12:42:38 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.09 23:30:34 | 000,421,776 | ---- | M] (Apple Inc.) -- E:\Downloads\iTunesHelper.exe
PRC - [2012.07.03 02:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eliza.Isis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Eliza.Isis\AppData\Roaming\BrowserCompanion\tbhcn.exe
PRC - [2012.02.09 12:43:14 | 000,160,840 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\pdf24\pdf24.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.01.29 15:18:50 | 000,330,696 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\wtgservice.exe
PRC - [2010.08.20 21:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2010.07.21 16:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2009.11.23 12:59:40 | 000,965,592 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe
PRC - [2009.11.23 12:58:44 | 000,376,456 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009.11.23 12:54:56 | 004,386,472 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
PRC - [2009.10.15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009.07.22 15:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009.06.25 03:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009.06.24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009.06.09 17:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Eliza.Isis\AppData\Roaming\BrowserCompanion\tbhcn.exe
MOD - [2012.05.11 20:34:45 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 20:34:38 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 20:34:19 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.07.21 16:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2010.07.21 16:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010.07.21 16:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010.07.21 16:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010.07.21 16:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010.07.21 16:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010.07.21 16:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010.07.21 16:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
MOD - [2009.10.15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009.07.22 15:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.12.14 06:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.09.08 16:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.17 02:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009.03.02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe -- (AESTFilters)
SRV - [2012.11.12 08:48:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.30 12:42:53 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.30 12:42:38 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.28 11:28:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.01.29 15:18:50 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\wtgservice.exe -- (WTGService)
SRV - [2010.08.20 21:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.14 06:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe -- (STacSV)
SRV - [2009.11.23 12:58:54 | 000,829,088 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009.08.18 04:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.23 23:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.09 17:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009.03.02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.13 15:56:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.13 15:56:52 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.05 12:00:37 | 001,581,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\tdrpm174.sys -- (tdrpman174)
DRV:64bit: - [2011.01.05 12:00:36 | 000,926,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.01.05 12:00:28 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\snman380.sys -- (snapman380)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.07 13:17:41 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.14 06:28:54 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.10.12 12:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.08 17:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.24 04:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.23 03:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.08.20 17:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.24 07:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009.07.23 19:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009.07.17 02:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.07.17 02:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 10:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.04 12:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009.07.02 01:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009.07.01 11:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009.07.01 05:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 05:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 05:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.25 10:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 09:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 09:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2006.11.01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.07.24 10:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{73F473C6-8D47-47B0-936C-4F375FD57F58}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{5A71B0E6-D10A-44DC-B731-1B64DF92271A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/
IE - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7IRFC_de
IE - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/?p=us"
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Downloads\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.29 08:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 11:28:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.10 20:45:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 11:28:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.10 20:45:46 | 000,000,000 | ---D | M]
 
[2012.03.05 13:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Extensions
[2012.11.01 15:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions
[2012.04.26 05:27:31 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.11.01 15:41:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.28 14:24:56 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com
[2012.09.20 11:01:11 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions\ich@maltegoetz.de
[2012.06.25 10:23:17 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.09.28 21:20:19 | 000,010,449 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.08.30 18:20:19 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.07.26 10:48:11 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.05 13:50:46 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.11.10 00:32:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012.11.12 17:46:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012.11.12 17:46:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012.11.13 15:55:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire
[2012.11.10 00:32:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012.11.13 15:55:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire
[2012.11.13 15:56:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire
[2012.11.13 15:55:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2012.11.12 17:46:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire
[2012.11.12 17:46:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire
[2012.11.12 17:46:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e72174145ae7671ff95578a2089c26b2_expire
[2012.11.12 17:46:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012.11.12 17:46:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire
[2012.11.12 17:46:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012.11.10 00:32:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012.11.10 00:32:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012.10.28 11:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.28 11:28:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.28 11:28:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.03 17:07:32 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.07.19 10:50:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.14 08:27:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.19 10:50:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.19 10:50:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.19 10:50:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.19 10:50:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.10 12:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe (Seagate)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BlackArmorBackupMonitor.exe] C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe (Seagate)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] E:\Downloads\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Eliza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Eliza.Isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Eliza.Isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eliza.Isis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Eliza.Isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Eliza.Isis\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77E33041-8CEA-4356-B7DD-820C5FDFBCC8}: NameServer = 172.17.25.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCE05F12-FB08-474C-8FEA-A07183AC047A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk Y:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.13 16:06:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Desktop\OTL.exe
[2012.11.11 17:35:57 | 000,000,000 | ---D | C] -- E:\Desktop\Neuer Ordner
[2012.11.10 20:46:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.10 14:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.10 14:06:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.10 14:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.10 12:50:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.10 12:39:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.10 12:09:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.09 12:33:52 | 000,000,000 | ---D | C] -- C:\Users\Eliza.Isis\AppData\Roaming\Malwarebytes
[2012.11.09 12:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.09 11:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012.11.09 11:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012.11.09 11:02:14 | 000,000,000 | ---D | C] -- E:\Desktop\wichtige datein
[2012.11.09 10:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.09 10:12:05 | 000,000,000 | ---D | C] -- C:\Users\Eliza.Isis\AppData\Local\Programs
[2012.11.09 09:58:57 | 000,000,000 | ---D | C] -- C:\Users\Eliza.Isis\AppData\Roaming\TeamViewer
[2012.10.28 11:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.28 10:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.10.28 10:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.10.28 10:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.10.28 10:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.10.28 10:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.10.28 10:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.10.27 08:34:35 | 000,000,000 | ---D | C] -- C:\Users\Eliza.Isis\AppData\Roaming\Avira
[2012.10.27 08:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.27 08:28:49 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.27 08:28:49 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.27 08:28:49 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.27 08:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.27 08:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[1 E:\Desktop\*.tmp files -> E:\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.13 16:07:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
[2012.11.13 16:06:31 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.13 15:56:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.13 15:56:52 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.13 15:54:41 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.13 15:54:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.13 15:54:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.12 21:31:10 | 000,000,159 | ---- | M] () -- E:\Desktop\Screen Cap.ini
[2012.11.12 19:39:39 | 002,581,873 | ---- | M] () -- E:\Desktop\SDC10635.JPG
[2012.11.12 09:12:17 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.12 09:12:17 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 18:19:35 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.11 18:19:35 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.11 18:19:35 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.11 18:19:35 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.11 18:19:35 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.11 18:04:56 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.10 14:06:02 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.10 12:21:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.09 11:38:05 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012.11.07 11:50:44 | 000,389,744 | ---- | M] () -- E:\Desktop\Letter Ana.jpeg
[2012.10.27 08:29:03 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[1 E:\Desktop\*.tmp files -> E:\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.12 19:22:31 | 002,581,873 | ---- | C] () -- E:\Desktop\SDC10635.JPG
[2012.11.12 08:48:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.10 14:06:02 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.09 11:38:05 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012.11.07 11:51:04 | 000,389,744 | ---- | C] () -- E:\Desktop\Letter Ana.jpeg
[2012.10.27 08:29:03 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.07 15:10:09 | 000,099,341 | ---- | C] () -- C:\Users\Eliza.Isis\wetter ohne don.jpg
[2012.07.14 10:10:03 | 001,806,123 | ---- | C] () -- C:\Users\Eliza.Isis\Weekly Daily Planner.pdf
[2012.06.20 17:44:19 | 000,197,611 | ---- | C] () -- C:\Users\Eliza.Isis\4395587_460s.jpg
[2012.06.20 17:44:19 | 000,170,759 | ---- | C] () -- C:\Users\Eliza.Isis\4472701_460s.jpg
[2012.06.20 17:44:19 | 000,108,953 | ---- | C] () -- C:\Users\Eliza.Isis\4435726_460s_v1.jpg
[2012.04.22 15:18:43 | 000,389,063 | ---- | C] () -- C:\Users\Eliza.Isis\SDC121103.jpg
[2012.03.27 07:28:35 | 000,020,598 | ---- | C] () -- C:\Users\Eliza.Isis\cover.jpg
[2011.05.13 05:57:27 | 000,000,000 | ---- | C] () -- C:\Users\Eliza.Isis\AppData\Local\{4E6CB673-BA92-4B87-A86A-E2AD62042B4C}
[2011.05.13 05:55:27 | 000,000,000 | ---- | C] () -- C:\Users\Eliza.Isis\AppData\Local\{0D31CC79-8B85-4980-89DB-B55FE8BD0BD3}
[2010.12.30 16:14:24 | 000,005,120 | ---- | C] () -- C:\Users\Eliza.Isis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.14 22:39:34 | 367,005,696 | ---- | C] () -- C:\Users\Eliza.Isis\SN 509.avi
[2010.08.17 18:40:55 | 004,115,805 | ---- | C] () -- C:\Users\Eliza.Isis\Unbenannte Muster.pat
[2010.08.17 18:40:51 | 098,571,661 | ---- | C] () -- C:\Users\Eliza.Isis\Unbenannte Werkzeugspitzen.abr
[2010.07.16 09:51:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\WINDOWS\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.13 16:14:40 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\BrowserCompanion
[2012.03.04 10:07:52 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\calibre
[2010.07.26 18:48:54 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Crayon Physics Deluxe
[2012.11.11 18:06:09 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Dropbox
[2010.07.03 17:08:21 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Foxit
[2010.07.03 17:08:21 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Foxit Software
[2012.04.26 20:12:16 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\IrfanView
[2010.08.13 00:24:29 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\KeePass
[2011.01.05 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Leadertech
[2010.11.06 12:47:16 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Scan2PDF
[2011.01.05 16:50:07 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Seagate
[2012.11.09 09:58:57 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\TeamViewer
[2011.01.29 15:18:52 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Verbindungsassistent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 176 bytes -> E:\Desktop\Letter Ana.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
         
__________________

Alt 13.11.2012, 16:51   #19
ryder
/// TB-Ausbilder
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



Jetzt brauche ich doch mal eine extras.txt

Öffne OTL. Klicke NICHTS. Benutze SafeList für Extras-Registrierung und dann Scan.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 13.11.2012, 18:24   #20
Julia.M
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



Hier ist das Ergebnis (extra.txt):
Code:
ATTFilter
OTL Extras logfile created on: 13.11.2012 17:56:48 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 62,69% Memory free
7,73 Gb Paging File | 5,70 Gb Available in Paging File | 73,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 18,88 Gb Free Space | 32,22% Space Free | Partition Type: NTFS
Drive E: | 224,81 Gb Total Space | 82,63 Gb Free Space | 36,76% Space Free | Partition Type: NTFS
Drive Y: | 14,65 Gb Total Space | 9,30 Gb Free Space | 63,46% Space Free | Partition Type: NTFS
 
Computer Name: ISIS | User Name: Eliza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DFAA3D6-3C64-4A3A-A885-B935507F01EE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F43B929-71B7-4D12-A2B0-1010785CE7F8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{11410AEC-B8C4-4175-8DF8-7F2C461BCF7D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1422E90B-EA40-4282-B026-AAFACE969955}" = lport=137 | protocol=17 | dir=in | app=system | 
"{18B25757-B1E8-4DCB-B2F6-A32B4EF611FD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1CCDF7F8-B7EA-4A1C-98B8-2598ECEE397C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E5932F4-83B8-49BC-92F7-C9CF5C34ACC7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{31440806-F7D9-4F25-B56F-3C65B53BC74B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{41EBEFFC-A748-4868-943E-C9243F8760AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{474D854D-926F-4414-B638-E33E3B63DFBA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4C09879B-591E-4E65-90DC-F879EACF70A2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{59638518-93CA-42D0-89F9-FA95425351F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{5CEE0239-2404-431E-8028-752E21894DE3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5DD99EFC-E999-4130-A0A5-E72D17770DAE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{64B3A1B1-E039-4976-A1D2-97486EA13D95}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7393EB88-730C-4613-BAFE-F9A510595A1D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9764FCC5-D2A2-4ADB-81F6-8895EABE1D0B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{98987C17-F50B-4BFB-B9D9-D40D3597B9D6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9E6B9E64-B246-4971-9AC4-B84F18871E89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A3DF8D3E-1439-4AAD-881F-5A3220EB30D3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B62104DE-2D26-4703-8C00-5346217A4331}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B93C4606-E50B-4283-AB12-9BB19F32CCA8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C0225C6F-2E9C-41E9-B6B7-C92BF006967F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CE62978B-C7E7-4F4A-A58A-BD64714D6B97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D75A7EDF-4D36-4181-84D1-E5ADD67AA829}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E0377C4E-4203-4FBF-82A9-6AF73AE9B3DF}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0223CB7D-B816-466B-A938-5F1918415402}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{06BA8643-0E48-46FE-985E-2174BC987DAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{17B4E55A-AEC8-478D-B12D-140335C3EAA6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{21542B87-1C14-4971-83E4-5179D25CBA22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{258C29DB-2379-4798-9A33-081456C534A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{359D3EE3-A5E9-4E7D-8640-3D2DC2116778}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B2FCB6D-75E7-437F-9B58-09DD04270011}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{418615BD-2AD8-41A3-85B3-075822E0A859}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{499D3905-4CBE-49C5-B0CB-A100E5393606}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{594BC4FD-341D-4937-A06C-43AA00CF5504}" = dir=in | app=e:\downloads\itunes.exe | 
"{67040752-E2AC-4B17-8A31-5D8194A61982}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{69543D8C-FC3D-4F44-BA0C-998D5BE1D8C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{75B2E4CB-5540-4B68-88D2-E6257D5B67BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{75BE2917-0F11-4D23-98B1-44ACE60907E4}" = protocol=6 | dir=in | app=c:\users\eliza.isis\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7C2E0048-BB74-4FFB-9F90-BF154A5C297C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{803943B7-C309-4AFB-B5F7-8562017164D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | 
"{8FE652E0-8410-4E49-B486-0178D71C75DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{934C0547-2348-49BF-A1C6-D384B86E5B30}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9B280B53-5ECF-45DF-93A0-61A3654044EE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{ABE6ABF6-593E-4C79-A4AE-54AB42586A46}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{ACD578D7-73AE-4283-9960-6AECC91B5660}" = protocol=17 | dir=in | app=c:\users\eliza.isis\appdata\roaming\dropbox\bin\dropbox.exe | 
"{ADC74CBE-8D44-43C5-9691-C4DCCB6605D7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{AE1368F3-1E0F-48B8-B03A-45619D45A1F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B21B8F96-862C-4A81-803B-46F2799D42AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B58DDC15-1F2C-4CDC-B81B-953855D7367E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{BA65CEE5-A9DE-4439-81A3-17F203F3C34C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C3F28538-1863-4FBB-850D-C82149DD4E9A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{C5F6F75D-0BD7-4C3B-BD3E-400CD277302F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C7453F46-B30D-45A1-B658-4CD4317C6BAC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{C9212C47-6016-44D8-BB19-FDA69036674F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CA2EFB08-0F22-41FD-ADDC-58AD9C19DEFA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CC4C55FA-4ADF-43EB-A400-81DB05E7A9B0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D08F9D37-500D-4243-8261-0769E4F36917}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{D2611056-0856-475A-B414-B6B9D646DAC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{D46F6E0F-98D8-429F-B0D1-C5F02662EE59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA579AFA-A658-4041-A7EA-82EA283D365E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E3E3C211-6695-4212-88F6-5B7E3967DD1E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E46F9E96-1E77-4D7B-92F4-DB3115E1AFB8}" = protocol=6 | dir=out | app=system | 
"{E4E6F992-79B4-4B6C-AA7C-EFE174E98725}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{EDF94A9E-2353-4E50-AEFC-1A20CC5825CE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{F4090000-E91D-4855-86A3-2FDC0ED145A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{F8AAC7C8-0B58-4DCD-8AF7-E85B34F3B38D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{FB3440ED-2FB4-4A04-9E7A-0B7629E9626B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FB34C2BF-83C3-4F0E-A085-F8DDF28C3721}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1F1A2DA2-261D-44E5-9F36-C4BCDE252226}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{43837C8A-26F9-446B-8AF0-BF0C7EC7F96A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{96F17C6A-EF62-474D-BCF7-A2C0D1184130}C:\users\eliza.isis\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\eliza.isis\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{AD5F30DC-C00D-4F99-8F36-A2F02094D368}C:\program files (x86)\seagate\blackarmorbackup\blackarmorbackup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\blackarmorbackup\blackarmorbackup.exe | 
"TCP Query User{B405318D-CB9A-4FD4-BC79-A983F710C050}C:\program files (x86)\seagate\blackarmor discovery\blackarmor discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\blackarmor discovery\blackarmor discovery.exe | 
"TCP Query User{EDE2DFAE-C107-45E3-94A4-B48844890482}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"UDP Query User{1A793E9F-2C58-454F-8BE8-F58166DC905B}C:\users\eliza.isis\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\eliza.isis\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{2DA390AC-8731-40F6-A159-95BFA0421CBC}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{68F90340-D54A-428A-970F-9B7A4685015F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{B05E1AFB-5102-4B8C-8B2A-CF67012A3EAA}C:\program files (x86)\seagate\blackarmorbackup\blackarmorbackup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\blackarmorbackup\blackarmorbackup.exe | 
"UDP Query User{CBEC6E6B-136B-47AA-9C47-2454BF3DD8AF}C:\program files (x86)\seagate\blackarmor discovery\blackarmor discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\blackarmor discovery\blackarmor discovery.exe | 
"UDP Query User{EA86BD00-3D99-4C4B-9751-96EE2A958A09}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1EB2596D-80B0-4D55-AC31-6FCFE757081E}" = HP Officejet 4500 G510a-f
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82D5414E-1890-9EB6-4D70-71D99F2303BA}" = ccc-utility64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Dell Touchpad
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0E180A03-2496-E90A-23A6-351B6301E912}" = CCC Help German
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18E3C363-681E-42C0-B22B-8F1B1BAD239B}" = Basismodul Fachdidaktik Deutsch 2
"{1BCB3F87-B53D-9DFD-199E-004EDBFEE40B}" = Catalyst Control Center Graphics Previews Vista
"{1E9A0A9C-DC61-A431-5E84-F63E16963D1D}" = CCC Help Dutch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F52BCA8-7C47-7895-035D-8E1951F94CE5}" = CCC Help English
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BC1E54D-4FA8-B37B-1FB1-38D8F3B32A66}" = CCC Help Korean
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BB88993-8444-18CE-679A-5D2108EAECFA}" = CCC Help Swedish
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40E4CF35-FF4C-4876-F16B-9E4773003D84}" = CCC Help Italian
"{41357C72-23AD-440C-9538-3350AF076253}" = calibre
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{47397909-5132-A6F0-D580-6A6F4D213D60}" = CCC Help French
"{48E977AA-E281-45BD-A175-76AC8AF244B4}" = finfin90seger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52DBCA-CDFE-4265-B0AF-7E243C2DA997}" = Catalyst Control Center InstallProxy
"{4FAAF7D0-CB15-292D-886B-96FE2A069A7E}" = Catalyst Control Center Graphics Previews Common
"{5067214A-A9D2-8925-9270-BF149913DB99}" = CCC Help Japanese
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56E09BFC-D4A4-7FE4-02A9-A919D02B488D}" = Skins
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D9A0559-63B8-33AA-ADAC-30E0D45F738E}" = Catalyst Control Center Graphics Light
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6EC756AA-7AEB-7CCB-7129-CCD7E54E8D0F}" = ccc-core-static
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CF7645-BFAD-4431-A59E-FBF273AE8B7C}" = Catalyst Control Center Core Implementation
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.4.0
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{97154923-423C-C470-6E18-ABED08732DFD}" = CCC Help Russian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDEEA5A-1B5E-A242-24FF-DC594DC3733D}" = CCC Help Chinese Traditional
"{9DF6EC22-733E-4EDC-AC88-54CAD4BF4E7B}" = BlackArmor Backup
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9352913-9B23-D26A-3D98-9181239731C7}" = CCC Help Norwegian
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B52480BF-CCED-4DD4-8DC2-28BB750D703E}" = BlackArmor Discovery
"{B5EDDAAD-6F46-A2F8-2B51-860F0D8D609E}" = CCC Help Portuguese
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFF24FDB-41F2-8123-0F52-DE29F34F46FA}" = CCC Help Finnish
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help_Web
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CA4F7074-8A0D-6D4F-D5C1-90A1B57F8CEC}" = Catalyst Control Center Graphics Full Existing
"{CED8F7BC-8477-2948-F52A-08C5F75FBA9A}" = Catalyst Control Center Graphics Full New
"{D15ED9D4-341E-3A0C-98AB-A695015B5648}" = Catalyst Control Center Localization All
"{D570918C-A2FB-4C61-34F9-74BA6A472263}" = CCC Help Spanish
"{D637ED44-FE11-9C9C-815D-11ADE2D7E8A0}" = CCC Help Danish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E8DF86C9-499B-4B30-8EC1-94D7D73D7FC1}" = Basismodul Fachdidaktik Deutsch 1
"{EC2F135B-48ED-4682-A90B-54846218C1F3}" = 4500G510af_web
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F67D89A1-3081-9DBB-D1EB-758A06F79539}" = CCC Help Chinese Standard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Arensus Crossword Puzzle Editor_is1" = Arensus Crossword Puzzle Editor 1.1.8
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Budenberg Software Win" = Budenberg Software Windows-Version
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 53
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"finfin90seger" = finfin90seger
"Foxit Reader" = Foxit Reader
"Guild Wars" = GUILD WARS
"InstallShield_{B52480BF-CCED-4DD4-8DC2-28BB750D703E}" = BlackArmor Discovery
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Scan2PDF_is1" = Scan2PDF 1.6
"Scratch" = Scratch
"ULTIMATER" = Microsoft Office Ultimate 2007
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.11.2012 19:26:34 | Computer Name = Isis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2153
 
Error - 12.11.2012 19:26:35 | Computer Name = Isis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.11.2012 19:26:35 | Computer Name = Isis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3198
 
Error - 12.11.2012 19:26:35 | Computer Name = Isis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3198
 
Error - 12.11.2012 19:26:36 | Computer Name = Isis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.11.2012 19:26:36 | Computer Name = Isis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4243
 
Error - 12.11.2012 19:26:36 | Computer Name = Isis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4243
 
Error - 12.11.2012 19:26:37 | Computer Name = Isis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.11.2012 19:26:37 | Computer Name = Isis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5335
 
Error - 12.11.2012 19:26:37 | Computer Name = Isis | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5335
 
[ Dell Events ]
Error - 26.10.2012 12:34:59 | Computer Name = Isis | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.11.2012 06:53:43 | Computer Name = Isis | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.11.2012 06:53:43 | Computer Name = Isis | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.11.2012 06:55:58 | Computer Name = Isis | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.11.2012 06:55:58 | Computer Name = Isis | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 10.11.2012 09:54:00 | Computer Name = Isis | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 10.11.2012 09:54:00 | Computer Name = Isis | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 11.11.2012 12:54:07 | Computer Name = Isis | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 11.11.2012 12:54:07 | Computer Name = Isis | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 11.11.2012 13:17:24 | Computer Name = Isis | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ Media Center Events ]
Error - 26.10.2010 07:50:27 | Computer Name = Isis | Source = MCUpdate | ID = 0
Description = 13:50:27 - Fehler beim Herstellen der Internetverbindung.  13:50:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.10.2010 07:50:36 | Computer Name = Isis | Source = MCUpdate | ID = 0
Description = 13:50:32 - Fehler beim Herstellen der Internetverbindung.  13:50:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.08.2012 03:21:07 | Computer Name = Isis | Source = MCUpdate | ID = 0
Description = 09:21:06 - Fehler beim Herstellen der Internetverbindung.  09:21:06 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 30.05.2011 06:41:24 | Computer Name = Isis | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 3665 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.11.2012 07:21:40 | Computer Name = Isis | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 10.11.2012 07:51:10 | Computer Name = Isis | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 10.11.2012 15:11:03 | Computer Name = Isis | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 10.11.2012 15:53:08 | Computer Name = Isis | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 10.11.2012 15:53:08 | Computer Name = Isis | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 11.11.2012 15:09:11 | Computer Name = Isis | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 172.17.25.46  registriert werden. Der Computer mit IP-Adresse 172.17.25.35
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 12.11.2012 16:00:17 | Computer Name = Isis | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 172.17.25.46  registriert werden. Der Computer mit IP-Adresse 172.17.25.35
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 13.11.2012 11:21:16 | Computer Name = Isis | Source = bowser | ID = 8003
Description = 
 
Error - 13.11.2012 11:33:18 | Computer Name = Isis | Source = bowser | ID = 8003
Description = 
 
Error - 13.11.2012 11:45:19 | Computer Name = Isis | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         


Alt 13.11.2012, 19:23   #21
ryder
/// TB-Ausbilder
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



Gut, dann probieren wir es nochmal:

Schritt 1:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2:
Fix mit OTL

Zitat:
Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
[2012.07.28 14:24:56 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com
O4 - Startup: C:\Users\Eliza.Isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Eliza.Isis\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
[2012.11.13 16:14:40 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\BrowserCompanion
@Alternate Data Stream - 176 bytes -> E:\Desktop\Letter Ana.jpeg:3or4kl4x13tuuug3Byamue2s4b
[2012.11.10 00:32:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012.11.12 17:46:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012.11.12 17:46:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012.11.13 15:55:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire
[2012.11.10 00:32:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012.11.13 15:55:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire
[2012.11.13 15:56:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire
[2012.11.13 15:55:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2012.11.12 17:46:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire
[2012.11.12 17:46:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire
[2012.11.12 17:46:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e72174145ae7671ff95578a2089c26b2_expire
[2012.11.12 17:46:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012.11.12 17:46:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire
[2012.11.12 17:46:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012.11.10 00:32:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012.11.10 00:32:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
  • Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein!

__________________
--> ad.adserverplus erscheint immer wieder

Alt 13.11.2012, 19:42   #22
Julia.M
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



Hier ist die Logdatei zu Schritt 1:
Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 13/11/2012 um 19:27:23 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Eliza - ISIS
# Bootmodus : Normal
# Ausgeführt unter : E:\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

*************************

AdwCleaner[S1].txt - [586 octets] - [13/11/2012 19:27:23]

########## EOF - C:\AdwCleaner[S1].txt - [645 octets] ##########
         
Und hier die Logdatei zu Schritt 2:
Code:
ATTFilter
========== OTL ==========
Prefs.js: bbrs_002@blabbers.com:1.0.5 removed from extensions.enabledAddons
C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\components folder moved successfully.
C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache folder moved successfully.
C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content folder moved successfully.
C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome folder moved successfully.
C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com folder moved successfully.
C:\Users\Eliza.Isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk moved successfully.
File move failed. C:\Users\Eliza.Isis\AppData\Roaming\BrowserCompanion\tbhcn.exe scheduled to be moved on reboot.
Folder move failed. C:\Users\Eliza.Isis\AppData\Roaming\BrowserCompanion scheduled to be moved on reboot.
ADS E:\Desktop\Letter Ana.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e72174145ae7671ff95578a2089c26b2_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire not found.
File C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 11132012_193448

Files\Folders moved on Reboot...
C:\Users\Eliza.Isis\AppData\Roaming\BrowserCompanion\tbhcn.exe moved successfully.
C:\Users\Eliza.Isis\AppData\Roaming\BrowserCompanion folder moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 13.11.2012, 19:44   #23
ryder
/// TB-Ausbilder
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



Das ist gut.

Tritt das Problem jetzt noch auf?

Kontrollscan mit OTL
  • Starte bitte OTL.exe
  • Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!
  • Drücke den Quick Scan Button.
  • Poste die OTL.txt hier in deinen Thread.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 13.11.2012, 20:11   #24
Julia.M
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



Kann ich dir jetzt noch nicht sagen. Das Fenster poppt nicht in gleichmäßigen Abständen auf. Es ist zwischendurch auch mal 3 Stunden lang nicht aufgetaucht und in der nachfolgenden Stunde 5 Mal. Von dem her kann ich dir das wohl erst morgen sicher sagen.

Hier aber erstmal das Log:
Code:
ATTFilter
OTL logfile created on: 13.11.2012 19:49:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 67,65% Memory free
7,73 Gb Paging File | 6,03 Gb Available in Paging File | 78,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 19,06 Gb Free Space | 32,53% Space Free | Partition Type: NTFS
Drive E: | 224,81 Gb Total Space | 82,63 Gb Free Space | 36,76% Space Free | Partition Type: NTFS
 
Computer Name: ISIS | User Name: Eliza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.13 16:07:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
PRC - [2012.11.13 15:55:06 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.30 12:42:53 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.30 12:42:38 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.09 23:30:34 | 000,421,776 | ---- | M] (Apple Inc.) -- E:\Downloads\iTunesHelper.exe
PRC - [2012.07.03 02:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eliza.Isis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.02.09 12:43:14 | 000,160,840 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\pdf24\pdf24.exe
PRC - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.01.29 15:18:50 | 000,330,696 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\wtgservice.exe
PRC - [2010.08.20 21:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2010.07.21 16:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2009.11.23 12:59:40 | 000,965,592 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe
PRC - [2009.11.23 12:58:44 | 000,376,456 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009.11.23 12:54:56 | 004,386,472 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
PRC - [2009.10.15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009.07.22 15:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009.06.25 03:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009.06.24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009.06.09 17:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.05.11 20:34:45 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 20:34:38 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 20:34:19 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.07.21 16:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2010.07.21 16:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010.07.21 16:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010.07.21 16:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010.07.21 16:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010.07.21 16:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010.07.21 16:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010.07.21 16:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
MOD - [2009.10.15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009.07.22 15:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.12.14 06:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.09.08 16:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.17 02:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009.03.02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe -- (AESTFilters)
SRV - [2012.11.12 08:48:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.30 12:42:53 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.30 12:42:38 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.28 11:28:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.01.29 15:18:50 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\wtgservice.exe -- (WTGService)
SRV - [2010.08.20 21:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.14 06:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe -- (STacSV)
SRV - [2009.11.23 12:58:54 | 000,829,088 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009.08.18 04:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.23 23:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.09 17:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009.03.02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.13 15:56:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.13 15:56:52 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.05 12:00:37 | 001,581,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\tdrpm174.sys -- (tdrpman174)
DRV:64bit: - [2011.01.05 12:00:36 | 000,926,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.01.05 12:00:28 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\snman380.sys -- (snapman380)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.07 13:17:41 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.14 06:28:54 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.10.12 12:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.08 17:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.24 04:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.23 03:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.08.20 17:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.24 07:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009.07.23 19:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009.07.17 02:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.07.17 02:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 10:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.04 12:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009.07.02 01:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009.07.01 11:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009.07.01 05:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 05:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 05:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.25 10:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 09:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 09:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2006.11.01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.07.24 10:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{73F473C6-8D47-47B0-936C-4F375FD57F58}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{5A71B0E6-D10A-44DC-B731-1B64DF92271A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/
IE - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7IRFC_de
IE - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/?p=us"
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Downloads\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.29 08:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 11:28:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.10 20:45:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 11:28:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.10 20:45:46 | 000,000,000 | ---D | M]
 
[2012.03.05 13:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Extensions
[2012.11.01 15:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions
[2012.04.26 05:27:31 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.11.01 15:41:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.20 11:01:11 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\Firefox\Profiles\y103kx4v.default\extensions\ich@maltegoetz.de
[2012.06.25 10:23:17 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.09.28 21:20:19 | 000,010,449 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.08.30 18:20:19 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.07.26 10:48:11 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.05 13:50:46 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Eliza.Isis\AppData\Roaming\mozilla\firefox\profiles\y103kx4v.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.10.28 11:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.28 11:28:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.28 11:28:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.03 17:07:32 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.07.19 10:50:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.14 08:27:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.19 10:50:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.19 10:50:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.19 10:50:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.19 10:50:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.10 12:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe (Seagate)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BlackArmorBackupMonitor.exe] C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe (Seagate)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] E:\Downloads\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Eliza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Eliza.Isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Eliza.Isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eliza.Isis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2997508001-3045223707-2186418640-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77E33041-8CEA-4356-B7DD-820C5FDFBCC8}: NameServer = 172.17.25.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCE05F12-FB08-474C-8FEA-A07183AC047A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.13 16:06:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Desktop\OTL.exe
[2012.11.11 17:35:57 | 000,000,000 | ---D | C] -- E:\Desktop\Neuer Ordner
[2012.11.10 20:46:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.10 14:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.10 14:06:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.10 14:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.10 12:50:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.10 12:39:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.10 12:09:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.09 12:33:52 | 000,000,000 | ---D | C] -- C:\Users\Eliza.Isis\AppData\Roaming\Malwarebytes
[2012.11.09 12:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.09 11:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012.11.09 11:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012.11.09 11:02:14 | 000,000,000 | ---D | C] -- E:\Desktop\wichtige datein
[2012.11.09 10:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.09 10:12:05 | 000,000,000 | ---D | C] -- C:\Users\Eliza.Isis\AppData\Local\Programs
[2012.11.09 09:58:57 | 000,000,000 | ---D | C] -- C:\Users\Eliza.Isis\AppData\Roaming\TeamViewer
[2012.10.28 11:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.28 10:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.10.28 10:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.10.28 10:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.10.28 10:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.10.28 10:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.10.28 10:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.10.27 08:34:35 | 000,000,000 | ---D | C] -- C:\Users\Eliza.Isis\AppData\Roaming\Avira
[2012.10.27 08:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.27 08:28:49 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.27 08:28:49 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.27 08:28:49 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.27 08:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.27 08:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[1 E:\Desktop\*.tmp files -> E:\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.13 19:44:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.13 19:44:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.13 19:41:54 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.13 19:41:54 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.13 19:41:54 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.13 19:41:54 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.13 19:41:54 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.13 19:37:26 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.13 19:36:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.13 19:36:16 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.13 19:31:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.13 19:26:26 | 000,541,569 | ---- | M] () -- E:\Desktop\adwcleaner.exe
[2012.11.13 19:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.13 16:07:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
[2012.11.13 15:56:53 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.13 15:56:52 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.12 21:31:10 | 000,000,159 | ---- | M] () -- E:\Desktop\Screen Cap.ini
[2012.11.12 19:39:39 | 002,581,873 | ---- | M] () -- E:\Desktop\SDC10635.JPG
[2012.11.10 14:06:02 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.10 12:21:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.09 11:38:05 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012.11.07 11:50:44 | 000,389,744 | ---- | M] () -- E:\Desktop\Letter Ana.jpeg
[2012.10.27 08:29:03 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[1 E:\Desktop\*.tmp files -> E:\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.13 19:26:18 | 000,541,569 | ---- | C] () -- E:\Desktop\adwcleaner.exe
[2012.11.12 19:22:31 | 002,581,873 | ---- | C] () -- E:\Desktop\SDC10635.JPG
[2012.11.12 08:48:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.10 14:06:02 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.09 11:38:05 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012.11.07 11:51:04 | 000,389,744 | ---- | C] () -- E:\Desktop\Letter Ana.jpeg
[2012.10.27 08:29:03 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.07 15:10:09 | 000,099,341 | ---- | C] () -- C:\Users\Eliza.Isis\wetter ohne don.jpg
[2012.07.14 10:10:03 | 001,806,123 | ---- | C] () -- C:\Users\Eliza.Isis\Weekly Daily Planner.pdf
[2012.06.20 17:44:19 | 000,197,611 | ---- | C] () -- C:\Users\Eliza.Isis\4395587_460s.jpg
[2012.06.20 17:44:19 | 000,170,759 | ---- | C] () -- C:\Users\Eliza.Isis\4472701_460s.jpg
[2012.06.20 17:44:19 | 000,108,953 | ---- | C] () -- C:\Users\Eliza.Isis\4435726_460s_v1.jpg
[2012.04.22 15:18:43 | 000,389,063 | ---- | C] () -- C:\Users\Eliza.Isis\SDC121103.jpg
[2012.03.27 07:28:35 | 000,020,598 | ---- | C] () -- C:\Users\Eliza.Isis\cover.jpg
[2011.05.13 05:57:27 | 000,000,000 | ---- | C] () -- C:\Users\Eliza.Isis\AppData\Local\{4E6CB673-BA92-4B87-A86A-E2AD62042B4C}
[2011.05.13 05:55:27 | 000,000,000 | ---- | C] () -- C:\Users\Eliza.Isis\AppData\Local\{0D31CC79-8B85-4980-89DB-B55FE8BD0BD3}
[2010.12.30 16:14:24 | 000,005,120 | ---- | C] () -- C:\Users\Eliza.Isis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.14 22:39:34 | 367,005,696 | ---- | C] () -- C:\Users\Eliza.Isis\SN 509.avi
[2010.08.17 18:40:55 | 004,115,805 | ---- | C] () -- C:\Users\Eliza.Isis\Unbenannte Muster.pat
[2010.08.17 18:40:51 | 098,571,661 | ---- | C] () -- C:\Users\Eliza.Isis\Unbenannte Werkzeugspitzen.abr
[2010.07.16 09:51:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\WINDOWS\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.04 10:07:52 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\calibre
[2010.07.26 18:48:54 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Crayon Physics Deluxe
[2012.11.13 19:38:56 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Dropbox
[2010.07.03 17:08:21 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Foxit
[2010.07.03 17:08:21 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Foxit Software
[2012.04.26 20:12:16 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\IrfanView
[2010.08.13 00:24:29 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\KeePass
[2011.01.05 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Leadertech
[2010.11.06 12:47:16 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Scan2PDF
[2011.01.05 16:50:07 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Seagate
[2012.11.09 09:58:57 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\TeamViewer
[2011.01.29 15:18:52 | 000,000,000 | ---D | M] -- C:\Users\Eliza.Isis\AppData\Roaming\Verbindungsassistent
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 13.11.2012, 20:15   #25
ryder
/// TB-Ausbilder
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



In Ordnung. Gibst du mir bitte morgen, übermorgen bescheid?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 13.11.2012, 20:26   #26
Julia.M
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



Natürlich!
Danke nochmal für deine Hilfe!

Alt 13.11.2012, 20:30   #27
ryder
/// TB-Ausbilder
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



Kein Problem
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 15.11.2012, 11:18   #28
ryder
/// TB-Ausbilder
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



Schön, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 15.11.2012, 14:20   #29
Julia.M
 
ad.adserverplus erscheint immer wieder - Standard

ad.adserverplus erscheint immer wieder



Wollte gerade schreiben: Es ist nicht nocheinmal aufgetaucht, von dem her ist jetzt wohl wirklich wieder alles gut.
Danke nochmal!!

Antwort

Themen zu ad.adserverplus erscheint immer wieder
anhang, bereits, brauche, erschein, erscheint, fenst, google, googlen, immer wieder, inter, interne, internet, log, malwarebyte, neues, systemscan, tagen, troja, trojaner, vollständige, wirklich, öffnet




Ähnliche Themen: ad.adserverplus erscheint immer wieder


  1. trivia games - nervendes fenster erscheint immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.11.2015 (22)
  2. update.exe erscheint immer wieder und ich kann es nicht löschen.
    Plagegeister aller Art und deren Bekämpfung - 15.08.2015 (20)
  3. Windows 8.1: Fenster blinken und bei Videos erscheint immer wieder die Playleiste trotz keiner Mausbewegung
    Log-Analyse und Auswertung - 03.05.2015 (6)
  4. Continue Live Installation erscheint immer wieder...
    Log-Analyse und Auswertung - 12.04.2015 (11)
  5. pop.optinal.globalupdate.a wird von malewarebytes gefunden, aber erscheint immer wieder
    Plagegeister aller Art und deren Bekämpfung - 13.08.2014 (15)
  6. TR/Trash.Gen erscheint immer wieder mit neuem Nummern-Anhängsel
    Plagegeister aller Art und deren Bekämpfung - 17.06.2014 (8)
  7. TR Trash Gen wir jede Stunde gefunden und in Quarantäne verschoben. Erscheint immer wieder
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (5)
  8. ad.adserverplus.. erscheint ständig ;Windows7 ; avira meldet nichts
    Plagegeister aller Art und deren Bekämpfung - 15.09.2013 (3)
  9. ad.adserverplus.com - Fenster erscheint auf diversen Seiten
    Log-Analyse und Auswertung - 23.07.2012 (41)
  10. http://ad.adserverplus.com/ erscheint beim Besuchen diverser Webseits!
    Log-Analyse und Auswertung - 05.07.2012 (7)
  11. Spyware: Wie lösche ich Troj/ZAccess-AH? Erscheint immer wieder!
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (1)
  12. Viren erscheint nach Neustart immer wieder (setup.....)
    Plagegeister aller Art und deren Bekämpfung - 21.05.2011 (41)
  13. AV Security Suite erscheint trotz MalewareBytes immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (6)
  14. Antivirus 2009 fenster erscheint immer wieder
    Mülltonne - 07.01.2009 (1)
  15. iexplore.exe erscheint immer wieder im Task-Manager
    Log-Analyse und Auswertung - 10.08.2008 (3)
  16. Gefixter Eintrag erscheint immer wieder
    Log-Analyse und Auswertung - 24.04.2007 (8)
  17. Gefixter HJT-Eintrag erscheint immer wieder!?
    Log-Analyse und Auswertung - 04.12.2005 (13)

Zum Thema ad.adserverplus erscheint immer wieder - Du kannst sie anschliessen und nochmal mit ESET drüber scannen. Ganz easy Schön, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das - ad.adserverplus erscheint immer wieder...
Archiv
Du betrachtest: ad.adserverplus erscheint immer wieder auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.