| |
| |||||||
Log-Analyse und Auswertung: Incredibar lässt sich nicht entfernen!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
29.11.2012, 20:44
| #16 |
 |  Incredibar lässt sich nicht entfernen! Danke für Antworten: Hier scan 1: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.11.2012 20:27:40 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\svenja\Desktop\virenhilfe
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 34,45% Memory free
4,23 Gb Paging File | 2,29 Gb Available in Paging File | 54,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145,29 Gb Total Space | 5,31 Gb Free Space | 3,65% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 778,58 Gb Free Space | 83,58% Space Free | Partition Type: NTFS
Drive E: | 27,95 Gb Total Space | 5,33 Gb Free Space | 19,08% Space Free | Partition Type: NTFS
Drive G: | 144,99 Gb Total Space | 140,83 Gb Free Space | 97,13% Space Free | Partition Type: NTFS
Drive M: | 2,92 Gb Total Space | 2,52 Gb Free Space | 86,43% Space Free | Partition Type: FAT32
Drive Z: | 25,03 Gb Total Space | 14,32 Gb Free Space | 57,22% Space Free | Partition Type: NTFS
Computer Name: MARCUS-PC | User Name: svenja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08536DB8-EFED-45FC-A02D-20D09B949555}" = rport=10243 | protocol=6 | dir=out | app=system |
"{191BB97F-1F56-4302-8D2F-3B367B608119}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1DCBD641-858F-4603-B93D-A9F5204347F6}" = lport=5353 | protocol=17 | dir=in | name=bonjour |
"{22C35255-67E8-4037-B35D-72F42021A19A}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{2390C695-3DD2-4CD6-8D3D-38C9C9ECC31C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29246363-80F1-4A68-94B8-F6DDD0600C62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{334ADE6D-0B4B-4CA6-927D-C0875B5DE836}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{384A093F-59C4-453C-968F-E1A4A7BB1C83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3A9AC520-A1D5-491A-BAE0-F0B88B668AB9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3DCD8C5E-C23E-41E3-B567-BBDDBE8E5A91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3FE8540D-C2F9-48DB-B46B-1690002C5B37}" = lport=10243 | protocol=6 | dir=in | app=system |
"{40E1EC9F-DEA8-4E85-8CEA-892AD04771A3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{43BC1D76-0FAC-43B8-8A5E-9D985D01339B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{43E5BB7A-C55F-48AB-97C9-7CD85F07A31C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46F269EE-0BF1-4644-86A9-D325FCF37A95}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4B6B3829-8D09-44AF-8B0C-43F89E277111}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{4B885776-394B-4A1A-ADDA-96067DEBE98B}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{54AA5A65-ADAB-4553-A6F8-536BBBA14D9A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{565C2363-A69C-4102-A224-7E8BD36682C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{57945A54-5362-4D98-8181-20A4376D1247}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5C91E23E-5326-4485-B954-B9C471DED6C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6285F966-5ED7-4919-982F-9F7A573ED802}" = lport=80 | protocol=6 | dir=in | name=@wsmres.dll,-50 |
"{6528A8A2-4D81-45B9-BDC8-2B72E391ED6F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{69FC29EA-24F4-48BF-8533-9A014DBD598F}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{741955B4-6B1A-463E-B261-DB5E93E8276A}" = lport=443 | protocol=6 | dir=in | app=system |
"{76AC1EB3-724D-4DA0-B360-090ADB3D2F97}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8136E266-2D2D-47D6-A457-F913F520C574}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81835120-A9BD-461F-B2A9-781FD117E559}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A458A880-10FD-4893-A16F-A7AF9CEB4108}" = lport=5985 | protocol=6 | dir=in | app=system |
"{C3A2E10C-5D20-4B8F-814C-86CC21520AF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9B0CF4E-5CEB-49F0-B52D-4F4D42DF64E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CBB6088A-8297-4547-8A5E-62557784CF49}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{CFE48CEE-C95B-4DBA-9E2E-01785C15AC96}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D25D804E-FFA0-4920-B789-13861689A469}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E56221CD-17AA-47A8-97AA-40F0EB075EBC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7359FD8-A8B6-44B5-949D-BCB013CE232F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{E76F592E-28E6-4A07-8658-F2C1E52F32C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E8897DD6-4D48-4222-97F3-098502F787C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F09076C6-CBF9-4908-860E-772FE1B34D12}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1CD9DB8-B8D0-4C40-B439-18594050264D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F3A65183-3796-42B9-9F03-87558B8F86A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD6F36EF-1A1C-43AF-9B57-3257F8009D50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002D24B5-D761-445A-86AD-CFF9C1577FD8}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{03BA453A-8F85-42AF-8113-23B9E2FD1BEF}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{05CEF03D-6CB1-4D47-B1F0-6874FEB9A097}" = protocol=6 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"{07F49A33-EA1F-4424-A7F8-E5B4EB0481C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{081E0BEB-BD98-4702-9B9F-93B9EBAA2052}" = protocol=6 | dir=in | app=c:\vom netz\sweetimsetup.exe |
"{10BF542E-1571-4394-9BE1-64929CF01EB9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{129F1FA4-CE62-4BB9-8833-E11C0E448088}" = protocol=17 | dir=in | app=c:\users\svenja\appdata\roaming\dropbox\bin\dropbox.exe |
"{19C6FEFD-684E-42CC-AFDE-029F9F4B0C21}" = dir=in | app=c:\program files\plex\plex media server\plexscripthost.exe |
"{1C0EB877-E24E-4010-BDF4-B1599AD213D3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1F55E9D4-661C-4404-89A0-96008016FE47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20375182-38E6-4E1C-A8C4-41E9A7B6F62E}" = protocol=6 | dir=out | app=system |
"{215F590F-5B1C-44DA-AD46-14CE87540024}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24CFB005-DEE4-46B5-B4EA-03F3FE9C556C}" = protocol=6 | dir=in | app=c:\users\svenja\appdata\local\temp\~osaca.tmp\rlvknlg.exe |
"{2578E8DE-CFA9-4F3E-A060-16538F446660}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{2687DDAD-A6E2-494A-8F21-099AE7264283}" = protocol=6 | dir=in | app=c:\users\svenja\appdata\local\temp\~os385f.tmp\rlvknlg.exe |
"{28494D01-0BE9-4C6F-B7EE-61F2616971F9}" = protocol=17 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"{297E8973-1203-40AC-B77F-6655DE8DC8FC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{2C90699A-3B6A-4223-A8ED-B64F3A95EB74}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{399E14E9-4A2E-4B68-B4E0-C5DA43E8B0C3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3AFE02E1-51D4-426D-A426-DCE103C2ACFF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3BC41F96-35EF-48D7-8681-3A7F67D7CD0E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{3D7669BE-0E24-48F3-A1E8-68FE15C11F6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{448C884D-9C3B-4D1F-B56F-A01ABC6A4934}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{47BBE321-0746-4C60-A168-017F9CA2BDAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{47C19629-6E36-49A3-B09D-2EF7784C7155}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{492F6C7B-A171-4F4B-8831-349990E6AE1E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{4ACBDF40-A39E-486B-9B4A-DB81F0837F11}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{5226AFB9-6699-4D4B-97F9-FC5F59FE1FD3}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{54EBCB13-0808-4BC1-ADCF-DF1D5A5B46A5}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5A70F94A-105D-40C2-97DE-85A806218C38}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{5D91FFF9-DB47-4DD0-AACE-E2DFD92F105D}" = dir=in | app=c:\program files\plex\plex media server\plex media server.exe |
"{5DD3E674-A2E7-4906-B5D5-8ED6F33931F4}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5ED25AF0-5BFE-433B-A303-F847DFE9951A}" = protocol=17 | dir=in | app=c:\users\svenja\desktop\utorrent3.0.25824.exe |
"{5FD03B99-5C2B-48C0-99E5-53289EF351DE}" = dir=in | app=c:\users\svenja\appdata\local\temp\7zs1335\ojprol7x00_full_14\setup\hpznui01.exe |
"{6C189DA3-07B1-4E47-AE3E-267C62FE2082}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{729513A1-F720-40D4-A283-547EEBCA323D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{75D77709-406A-4759-AA18-FA7876E8DC8F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{7835158C-35B9-4F64-BCC9-D826A19CCE84}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7D9C011D-A8A8-47B1-8530-5B6C5393ADD1}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{7E3C3CBF-1760-4AF2-89B5-D46448613695}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{7E82C38B-DFF1-4FA7-A2F2-06BC80F07D01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{7EBF7B25-1A03-4C75-97DD-2041A3DF2E0C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{83894BCD-1D1F-4659-9E8C-DDD892D2826E}" = protocol=6 | dir=in | app=c:\users\svenja\appdata\local\temp\~osf5f3.tmp\rlvknlg.exe |
"{89BA6C3D-FFFB-4C9F-9855-AB259D4C0900}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{95C11D56-245E-4D5E-B00D-E986C8DCAF98}" = protocol=6 | dir=out | app=system |
"{96BAA83E-5001-4FDD-846A-95CA2488B61E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9BD233D5-0E5F-448D-8B0B-763AE368F591}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{9D1BB89D-E0CA-44A6-ACD3-BCAA544A5016}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9D56C2EC-B20D-47AF-A9BA-EA5E616973FA}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{9E275455-F0CE-4B8C-BF56-8D7B5944B7AB}" = protocol=6 | dir=out | app=system |
"{9E4455D6-E512-4864-92DD-C362ADC62AED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{9E6F4C3F-8D81-43E4-A83E-F376EE5C393C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{A2EE3311-10E7-4BEB-8803-74805BDD7F89}" = protocol=6 | dir=in | app=c:\users\svenja\appdata\roaming\dropbox\bin\dropbox.exe |
"{A4F37CAD-FA8D-4816-A6E7-7073E2ABE428}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AA5C34BA-43DD-4EA0-A8DA-21055319EF68}" = dir=in | app=c:\program files\airport\apagent.exe |
"{B5341F01-70D9-4527-A104-63251064149F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B6F3C0AC-80E2-464A-B2F0-7A4DA41C5D04}" = protocol=6 | dir=in | app=c:\users\svenja\appdata\local\temp\~os32a1.tmp\rlvknlg.exe |
"{B79CED2B-4466-4EA4-A927-C2DBE5FDCD96}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B994362C-93CC-4823-A85C-269A0ECCCDA5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BD1A823F-1118-4A5A-8C4E-54B985E84861}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BEE84946-E708-4387-AAE5-FBB10A5DE5A4}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{C834180D-9562-4073-A8BB-3002443B98E0}" = protocol=6 | dir=in | app=c:\users\svenja\appdata\local\temp\~os282b.tmp\rlvknlg.exe |
"{CA307F78-2C9A-45B3-AD66-75FC79FEE0BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCC29103-CC88-4AB7-B5D4-3E1BC646C809}" = protocol=6 | dir=in | app=c:\users\svenja\desktop\utorrent3.0.25824.exe |
"{D016C6B1-7A70-444B-A599-652AEB61E077}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D2B293E2-6212-4685-AD85-B3EECFC415F8}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{D3CDD78D-61B8-44FB-8B96-ECBC88B50208}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{D6B22163-F749-47E0-AE1E-172E3CA51CC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7EE14DE-CE0F-4D76-8F10-E5465267D7E8}" = dir=in | app=c:\program files\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{D8BC3EA4-7995-421E-BB93-319CD5EB069C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{D97F3316-AACF-4A99-88D3-ED0297730B7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD4E7253-FFE7-4555-8C13-E208E30BC35E}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{E0005122-201E-434F-938F-666A6E9AE903}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{E35EA6ED-BC30-42EA-864E-79F98B2224E3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E5CD996F-3374-4D72-9033-3BD7B031782F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E614E50E-1319-47F9-AC9D-DD517481AA3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7BCE766-BB13-45B8-B5A8-D8774285AAC4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E8D1A4BF-5849-4828-8681-7B98B29D36FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EF4B5ECA-7D4D-4F7B-A177-D0FD682F2085}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{F7C177A1-C38D-4224-9015-089B73C12D61}" = protocol=17 | dir=in | app=c:\vom netz\sweetimsetup.exe |
"{F853CED2-FB7B-4B50-B6D1-F7901F8508DF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{FF70698A-0B01-4295-B445-36400EB2E276}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{8835CF19-2F44-4A1E-AA7C-E8EB5735BA13}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{C3AFAD26-3FCB-4D31-97B0-A574B39C8029}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager
"{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware
"{04DB9640-A905-456C-96F5-F1EB80FEB5C9}" = ProductContext
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15fba87b-db4b-4c93-a984-ac188ea4b530}" = Nero MediaHome 4 Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{24F419C0-0A9A-47A3-9716-97ADDE5A37FA}" = OTClient93
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2E542A61-BE29-5305-219B-08EE4860C238}" = SignageStudio
"{32054443-8E78-423A-8335-D590F40DD5E9}" = Plex Media Server
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EF35707-7052-4331-B8FD-549DB3922AD7}" = TMPGEnc DVD Author 3 with DivX Authoring
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69fc3b9a-4149-43db-a557-6ed0c8d8ba44}" = Nero MediaHome 4 Help
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6D6DC23A-D4EE-4869-94C0-72D9EE288885}" = YouSendIt Desktop App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7125B6E7-2BC8-4AE6-94FA-30F0C655CBC1}" = OTClient91
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9615E45B-7670-4D17-9ED5-28B9E936EEDD}" = 7500_7600_7700_Help1
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{99ef387e-633e-4cfb-bfa3-ab961b685ddf}" = Nero MediaHome 4
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}" = HP OfficeJet L7300/L7500/7600/7700
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5A4C902-1636-48DB-8E38-F0DB102DDB59}" = MPM
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD312050-9D98-4F71-ADCD-25EC037C05FD}" = StarMoney
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C4CC491B-5E85-4E96-8911-DF425893DF4A}" = L7500
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC899917-C880-1017-8CB7-B932BD009007}" = DNE Update
"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9F4D7-4EC8-4E28-9B01-4CF74C812BF2}" = StarMoney
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"Ashampoo Undeleter_is1" = Ashampoo Undeleter v.1.00
"AudibleManager" = AudibleManager
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"bi_uninstaller" = PDFCreator Uninstaller
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DD4F47DF-6540-4BDA-BEAD-2B19250B0C48_is1" = FLAC to MP3 Converter 6.1.2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDx_is1" = DVDx
"E.M. DVD Copy_is1" = E.M. DVD Copy 2.51
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"FileZilla Client" = FileZilla Client 3.2.7.1
"Fotosizer" = Fotosizer 1.29
"FTDICOMM" = SEMC DSS SyncStation Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"iPhoneSMSExport" = iPhoneSMSExport
"MAGIX Filme für unterwegs 2 D" = MAGIX Filme für unterwegs 2 2.0.0.16 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"medbarri" = Favorit
"Mediencenter Software" = Mediencenter Assistent
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1" = SignageStudio
"SysInfo" = Creative Systeminformationen
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.8a
"WePrint" = WePrint
"XMedia Recode" = XMedia Recode 3.0.6.0
"ZENcast Organizer" = ZENcast Organizer
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"JoinMe" = join.me
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ OSession Events ]
Error - 03.02.2011 12:59:07 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1664215
seconds with 3300 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.11.2012 13:17:03 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 29.11.2012 13:23:11 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 29.11.2012 13:28:46 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 29.11.2012 13:34:51 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 29.11.2012 13:41:20 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 29.11.2012 13:47:21 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 29.11.2012 13:53:10 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 29.11.2012 13:58:47 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 29.11.2012 14:04:57 | Computer Name = Marcus-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00064F6562DB zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%121. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 29.11.2012 14:30:09 | Computer Name = Marcus-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 169.254.245.224 registriert werden. Der Computer mit IP-Adresse 169.254.1.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
< End of report >
OLT Text OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.11.2012 20:27:40 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\svenja\Desktop\virenhilfe
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 34,45% Memory free
4,23 Gb Paging File | 2,29 Gb Available in Paging File | 54,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145,29 Gb Total Space | 5,31 Gb Free Space | 3,65% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 778,58 Gb Free Space | 83,58% Space Free | Partition Type: NTFS
Drive E: | 27,95 Gb Total Space | 5,33 Gb Free Space | 19,08% Space Free | Partition Type: NTFS
Drive G: | 144,99 Gb Total Space | 140,83 Gb Free Space | 97,13% Space Free | Partition Type: NTFS
Drive M: | 2,92 Gb Total Space | 2,52 Gb Free Space | 86,43% Space Free | Partition Type: FAT32
Drive Z: | 25,03 Gb Total Space | 14,32 Gb Free Space | 57,22% Space Free | Partition Type: NTFS
Computer Name: MARCUS-PC | User Name: svenja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\svenja\Desktop\virenhilfe\OTL (1).exe (OldTimer Tools)
PRC - C:\Programme\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\OpenTable\Client_10_1\OTClient.exe (OpenTable)
PRC - C:\Programme\WePrint\WePrint Server.exe (EuroSmartz Ltd)
PRC - C:\Programme\Norton 360\Engine\6.4.0.9\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)
PRC - C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
PRC - C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Programme\Memeo\AutoBackup\MemeoUpdater.exe (Memeo Inc.)
PRC - C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
PRC - C:\Programme\Memeo\AutoBackup\InstantBackup.exe ()
PRC - C:\Programme\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\MultiScreen\MultiScreen.exe ()
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\OpenTable\Client_10_1\ERBS.dll ()
MOD - C:\Windows\Downloaded Program Files\OTSI.ocx ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll ()
MOD - C:\Programme\Memeo\AutoBackup\Memeo.Client.UI.dll ()
MOD - C:\Programme\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()
MOD - C:\Programme\Memeo\AutoBackup\InstantBackup.exe ()
MOD - C:\Programme\DivX\DivX Plus Web Player\libxml2.dll ()
MOD - C:\Programme\Memeo\AutoBackup\sqlite3.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\MultiScreen\MultiScreen.exe ()
MOD - C:\Programme\MultiScreen\MGResGer.dll ()
MOD - C:\Programme\MultiScreen\MultiMon.dll ()
MOD - C:\Programme\MultiScreen\ServiceHook.dll ()
MOD - C:\Acer\Empowering Technology\SysMonitor.exe ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (LMIMaint) -- C:\Programme\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe (Symantec Corporation)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (MCSWASVR) -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
SRV - (SeagateDashboardService) -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (MemeoBackgroundService) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (LogMeIn) -- C:\Programme\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (NeroMediaHomeService.4) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (rvtnuun) -- C:\Windows\System32\drivers\lydajwmb.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121106.001\BHDrvx86.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121129.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121129.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121128.001\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\N360\0604000.009\symtdiv.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys (Symantec Corporation)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Programme\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek Semiconductor Corporation )
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTLUND) -- C:\Windows\System32\drivers\ftlund.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://otanywhere.opentable.de/login.aspx
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://otanywhere.opentable.de/login.asp?dc=1&otaver=9828
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes,DefaultScope = {194C6A87-273C-4675-AFEC-CEED5412A375}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_131.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.08.05 15:48:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.11.29 16:46:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.07 13:04:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.07 13:04:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.28 10:34:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.29 17:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.19 11:26:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]
[2008.06.23 20:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Extensions
[2012.11.28 21:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions
[2010.06.12 19:38:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.15 08:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2012.11.15 11:08:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.11.28 11:32:51 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\firefox\profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.15 08:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.28 10:34:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: DivX HiQ = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
O1 HOSTS File: ([2012.11.29 16:38:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk = C:\Programme\WePrint\WePrint Server.exe (EuroSmartz Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {A378EEF8-4E41-4BC4-8CBC-1ACB8686CC1D} https://otanywhere.opentable.de/download/PlugIn/OTSI.CAB (OTSysInfo Object)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989AD318-57BC-47A0-961F-6C696470C3D7}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.02.15 05:53:50 | 000,000,027 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2002.08.14 12:42:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a43d5708-9b6b-11dd-815e-001d92a603f0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe BÜRO_1.vbs
O33 - MountPoints2\{ccf0b438-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe
O33 - MountPoints2\{ccf0b43f-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe
O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun
O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun
O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.29 17:14:51 | 000,000,000 | ---D | C] -- C:\Users\svenja\Desktop\virenhilfe
[2012.11.29 16:36:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.28 20:55:29 | 016,363,448 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012.11.28 11:16:54 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.11.28 11:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.11.28 10:56:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Malwarebytes
[2012.11.28 10:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.28 10:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.28 10:56:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.28 10:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.28 10:44:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\Macromedia
[2012.11.22 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1
[2012.11.22 11:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\SignageStudio
[2012.11.22 11:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.11.22 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\TeamViewer
[2012.11.22 08:30:53 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org
[2012.11.21 20:45:39 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.11.21 20:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.11.21 11:38:09 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.19 11:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.19 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012.11.19 11:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.19 11:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.19 11:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.11.19 11:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.11.15 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\join.me
[2012.11.15 09:04:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.15 09:04:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.15 09:04:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.15 09:04:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.15 09:04:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.15 09:04:44 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.15 09:04:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.15 09:04:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.15 08:49:07 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.15 08:48:29 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.15 08:43:22 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\pdfforge
[2012.11.09 10:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.11.09 10:13:32 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012.11.09 10:13:31 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.11.09 10:13:30 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2012.11.09 10:13:30 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2012.11.09 10:13:29 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2012.11.09 10:13:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2012.11.09 10:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.11.09 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\svenja\Local Settings
[2012.11.09 10:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.11.09 10:01:21 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2012.11.09 10:01:21 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2012.11.09 10:01:21 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2012.11.08 11:18:57 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\convert
[2012.11.08 10:39:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneSMSExport
[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPhoneSMSExport
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.29 20:20:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000UA.job
[2012.11.29 19:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.29 19:53:19 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.29 19:20:10 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000Core.job
[2012.11.29 18:44:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 18:44:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 17:18:40 | 000,002,721 | ---- | M] () -- C:\Users\svenja\Desktop\Microsoft Outlook.lnk
[2012.11.29 17:16:29 | 000,000,099 | ---- | M] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat
[2012.11.29 17:09:08 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lydajwmb.sys
[2012.11.29 16:51:10 | 000,628,524 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.29 16:51:10 | 000,595,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.29 16:51:10 | 000,103,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.29 16:51:09 | 000,126,074 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.29 16:45:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.29 16:44:25 | 000,326,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.29 16:44:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.29 16:43:23 | 2146,652,160 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.29 16:38:35 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.11.28 20:55:47 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.28 20:55:47 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.28 20:55:31 | 016,363,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012.11.28 17:15:09 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for svenja.job
[2012.11.28 12:25:05 | 000,002,090 | ---- | M] () -- C:\Users\svenja\Desktop\Google Chrome.lnk
[2012.11.22 11:07:54 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\SignageStudio.lnk
[2012.11.21 20:45:40 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.11.21 19:57:15 | 000,002,623 | ---- | M] () -- C:\Users\svenja\Desktop\Microsoft Word.lnk
[2012.11.19 11:26:25 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.11.19 11:17:59 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.17 21:55:06 | 000,427,829 | ---- | M] () -- C:\Users\svenja\silvestermailing2012.pdf
[2012.11.15 12:29:52 | 000,000,907 | ---- | M] () -- C:\Users\svenja\Desktop\join.me.lnk
[2012.11.15 08:51:09 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.09 10:13:39 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.09 08:19:02 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\OTLauncher.lnk
[2012.11.08 10:52:19 | 000,000,021 | ---- | M] () -- C:\Users\svenja\AppData\Local\mc.pixel.data
[2012.11.07 09:47:35 | 000,083,912 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012.11.07 09:47:34 | 000,092,072 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012.11.07 09:47:34 | 000,031,144 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2012.11.05 08:41:45 | 000,000,905 | ---- | M] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.29 17:09:08 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lydajwmb.sys
[2012.11.22 11:08:06 | 000,000,099 | ---- | C] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat
[2012.11.22 11:07:54 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SignageStudio.lnk
[2012.11.22 11:07:53 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\SignageStudio.lnk
[2012.11.21 20:45:40 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.11.21 11:38:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.17 21:55:06 | 000,427,829 | ---- | C] () -- C:\Users\svenja\silvestermailing2012.pdf
[2012.11.15 12:29:52 | 000,000,907 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
[2012.11.15 12:29:50 | 000,000,907 | ---- | C] () -- C:\Users\svenja\Desktop\join.me.lnk
[2012.11.15 08:51:08 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.15 08:51:08 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.09 10:13:39 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.09 08:19:02 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\OTLauncher.lnk
[2012.11.05 08:41:44 | 000,000,905 | ---- | C] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk
[2012.08.25 10:33:41 | 000,003,730 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\wklnhst.dat
[2011.12.18 15:25:02 | 000,094,564 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.12.05 18:21:29 | 000,000,600 | ---- | C] () -- C:\Users\svenja\AppData\Local\PUTTY.RND
[2011.11.06 14:23:06 | 000,273,500 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011.11.06 14:23:06 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011.10.22 23:09:14 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.10.22 23:09:13 | 000,138,056 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\PnkBstrK.sys
[2011.10.22 23:08:58 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.10.22 23:08:41 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.09.18 08:46:54 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2011.09.18 08:45:16 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2011.09.18 08:45:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2011.08.15 07:03:39 | 000,274,115 | ---- | C] () -- C:\Windows\hpwins05.dat.temp
[2011.08.15 06:59:15 | 000,000,725 | ---- | C] () -- C:\Windows\wsnk.ini
[2011.08.08 20:28:49 | 000,000,021 | ---- | C] () -- C:\Users\svenja\AppData\Local\mc.pixel.data
[2011.08.01 09:19:15 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp
[2011.05.04 07:35:40 | 000,000,680 | ---- | C] () -- C:\Users\svenja\AppData\Local\d3d9caps.dat
[2011.04.11 18:32:36 | 000,001,940 | ---- | C] () -- C:\Users\svenja\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.01.17 09:45:42 | 000,498,666 | ---- | C] () -- C:\Users\svenja\Basil 1.mp3
[2010.12.19 19:19:14 | 000,000,054 | ---- | C] () -- C:\Windows\System32\opentable.ini
[2009.06.25 19:49:47 | 000,000,092 | ---- | C] () -- C:\Users\svenja\AppData\Local\cuyyo.bat
[2009.06.02 09:47:50 | 000,024,206 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\UserTile.png
[2009.01.14 18:55:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.21 12:12:15 | 000,015,872 | ---- | C] () -- C:\Users\svenja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.20 15:57:10 | 000,001,891 | ---- | C] () -- C:\Users\svenja\ZENcast Organizer.lnk
[2008.07.20 15:56:45 | 000,000,124 | ---- | C] () -- C:\Users\svenja\ZEN Media Explorer.lnk
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
|
|
29.11.2012, 20:47
| #17 |
| | Incredibar lässt sich nicht entfernen! OLT Text
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.11.2012 20:27:40 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\svenja\Desktop\virenhilfe
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 34,45% Memory free
4,23 Gb Paging File | 2,29 Gb Available in Paging File | 54,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145,29 Gb Total Space | 5,31 Gb Free Space | 3,65% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 778,58 Gb Free Space | 83,58% Space Free | Partition Type: NTFS
Drive E: | 27,95 Gb Total Space | 5,33 Gb Free Space | 19,08% Space Free | Partition Type: NTFS
Drive G: | 144,99 Gb Total Space | 140,83 Gb Free Space | 97,13% Space Free | Partition Type: NTFS
Drive M: | 2,92 Gb Total Space | 2,52 Gb Free Space | 86,43% Space Free | Partition Type: FAT32
Drive Z: | 25,03 Gb Total Space | 14,32 Gb Free Space | 57,22% Space Free | Partition Type: NTFS
Computer Name: MARCUS-PC | User Name: svenja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\svenja\Desktop\virenhilfe\OTL (1).exe (OldTimer Tools)
PRC - C:\Programme\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\OpenTable\Client_10_1\OTClient.exe (OpenTable)
PRC - C:\Programme\WePrint\WePrint Server.exe (EuroSmartz Ltd)
PRC - C:\Programme\Norton 360\Engine\6.4.0.9\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)
PRC - C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
PRC - C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Programme\Memeo\AutoBackup\MemeoUpdater.exe (Memeo Inc.)
PRC - C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
PRC - C:\Programme\Memeo\AutoBackup\InstantBackup.exe ()
PRC - C:\Programme\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\MultiScreen\MultiScreen.exe ()
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\OpenTable\Client_10_1\ERBS.dll ()
MOD - C:\Windows\Downloaded Program Files\OTSI.ocx ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll ()
MOD - C:\Programme\Memeo\AutoBackup\Memeo.Client.UI.dll ()
MOD - C:\Programme\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()
MOD - C:\Programme\Memeo\AutoBackup\InstantBackup.exe ()
MOD - C:\Programme\DivX\DivX Plus Web Player\libxml2.dll ()
MOD - C:\Programme\Memeo\AutoBackup\sqlite3.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\MultiScreen\MultiScreen.exe ()
MOD - C:\Programme\MultiScreen\MGResGer.dll ()
MOD - C:\Programme\MultiScreen\MultiMon.dll ()
MOD - C:\Programme\MultiScreen\ServiceHook.dll ()
MOD - C:\Acer\Empowering Technology\SysMonitor.exe ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (LMIMaint) -- C:\Programme\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe (Symantec Corporation)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (MCSWASVR) -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
SRV - (SeagateDashboardService) -- C:\Programme\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (MemeoBackgroundService) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (LogMeIn) -- C:\Programme\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (NeroMediaHomeService.4) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (rvtnuun) -- C:\Windows\System32\drivers\lydajwmb.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121106.001\BHDrvx86.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121129.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121129.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121128.001\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\N360\0604000.009\symtdiv.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys (Symantec Corporation)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Programme\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek Semiconductor Corporation )
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTLUND) -- C:\Windows\System32\drivers\ftlund.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://otanywhere.opentable.de/login.aspx
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://otanywhere.opentable.de/login.asp?dc=1&otaver=9828
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes,DefaultScope = {194C6A87-273C-4675-AFEC-CEED5412A375}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{194C6A87-273C-4675-AFEC-CEED5412A375}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\SearchScopes\{B7529384-941F-4339-A249-A18443C2B985}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_131.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\svenja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.08.05 15:48:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.11.29 16:46:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.07 13:04:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.07 13:04:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.28 10:34:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.29 17:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.19 11:26:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.19 19:35:05 | 000,000,000 | ---D | M]
[2008.06.23 20:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Extensions
[2012.11.28 21:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions
[2010.06.12 19:38:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.15 08:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2012.11.15 11:08:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\svenja\AppData\Roaming\mozilla\Firefox\Profiles\ty77o4ho.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.11.28 11:32:51 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\svenja\AppData\Roaming\mozilla\firefox\profiles\ty77o4ho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.15 08:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.28 10:34:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: DivX HiQ = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\svenja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
O1 HOSTS File: ([2012.11.29 16:38:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1003..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
O4 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1004..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\svenja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk = C:\Programme\WePrint\WePrint Server.exe (EuroSmartz Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-1101760962-3014260797-1857789441-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {A378EEF8-4E41-4BC4-8CBC-1ACB8686CC1D} https://otanywhere.opentable.de/download/PlugIn/OTSI.CAB (OTSysInfo Object)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989AD318-57BC-47A0-961F-6C696470C3D7}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.02.15 05:53:50 | 000,000,027 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2002.08.14 12:42:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a43d5708-9b6b-11dd-815e-001d92a603f0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe BÜRO_1.vbs
O33 - MountPoints2\{ccf0b438-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe
O33 - MountPoints2\{ccf0b43f-0b87-11e0-91f8-001d92a603f0}\Shell\AutoRun\command - "" = install.exe
O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun
O33 - MountPoints2\{f0dd29ad-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell - "" = AutoRun
O33 - MountPoints2\{f0dd29cb-70db-11de-b6a2-001d92a603f0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.29 17:14:51 | 000,000,000 | ---D | C] -- C:\Users\svenja\Desktop\virenhilfe
[2012.11.29 16:36:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.28 20:55:29 | 016,363,448 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012.11.28 11:16:54 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.11.28 11:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.11.28 10:56:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Malwarebytes
[2012.11.28 10:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.28 10:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.28 10:56:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.28 10:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.28 10:44:25 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\Macromedia
[2012.11.22 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1
[2012.11.22 11:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\SignageStudio
[2012.11.22 11:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.11.22 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\TeamViewer
[2012.11.22 08:30:53 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\OpenOffice.org
[2012.11.21 20:45:39 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.11.21 20:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.11.21 11:38:09 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.19 11:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.19 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012.11.19 11:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.19 11:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.19 11:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.11.19 11:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.11.15 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Local\join.me
[2012.11.15 09:04:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.15 09:04:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.15 09:04:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.15 09:04:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.15 09:04:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.15 09:04:44 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.15 09:04:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.15 09:04:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.15 08:49:07 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.15 08:48:29 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.15 08:43:22 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\pdfforge
[2012.11.09 10:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.11.09 10:13:32 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012.11.09 10:13:31 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.11.09 10:13:30 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2012.11.09 10:13:30 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2012.11.09 10:13:29 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2012.11.09 10:13:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2012.11.09 10:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.11.09 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\svenja\Local Settings
[2012.11.09 10:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.11.09 10:01:21 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2012.11.09 10:01:21 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2012.11.09 10:01:21 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2012.11.08 11:18:57 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\convert
[2012.11.08 10:39:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneSMSExport
[2012.11.05 08:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPhoneSMSExport
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.29 20:20:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000UA.job
[2012.11.29 19:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.29 19:53:19 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.29 19:20:10 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1101760962-3014260797-1857789441-1000Core.job
[2012.11.29 18:44:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 18:44:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 17:18:40 | 000,002,721 | ---- | M] () -- C:\Users\svenja\Desktop\Microsoft Outlook.lnk
[2012.11.29 17:16:29 | 000,000,099 | ---- | M] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat
[2012.11.29 17:09:08 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lydajwmb.sys
[2012.11.29 16:51:10 | 000,628,524 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.29 16:51:10 | 000,595,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.29 16:51:10 | 000,103,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.29 16:51:09 | 000,126,074 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.29 16:45:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.29 16:44:25 | 000,326,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.29 16:44:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.29 16:43:23 | 2146,652,160 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.29 16:38:35 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.11.28 20:55:47 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.28 20:55:47 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.28 20:55:31 | 016,363,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012.11.28 17:15:09 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for svenja.job
[2012.11.28 12:25:05 | 000,002,090 | ---- | M] () -- C:\Users\svenja\Desktop\Google Chrome.lnk
[2012.11.22 11:07:54 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\SignageStudio.lnk
[2012.11.21 20:45:40 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.11.21 19:57:15 | 000,002,623 | ---- | M] () -- C:\Users\svenja\Desktop\Microsoft Word.lnk
[2012.11.19 11:26:25 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.11.19 11:17:59 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.17 21:55:06 | 000,427,829 | ---- | M] () -- C:\Users\svenja\silvestermailing2012.pdf
[2012.11.15 12:29:52 | 000,000,907 | ---- | M] () -- C:\Users\svenja\Desktop\join.me.lnk
[2012.11.15 08:51:09 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.09 10:13:39 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.09 08:19:02 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\OTLauncher.lnk
[2012.11.08 10:52:19 | 000,000,021 | ---- | M] () -- C:\Users\svenja\AppData\Local\mc.pixel.data
[2012.11.07 09:47:35 | 000,083,912 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012.11.07 09:47:34 | 000,092,072 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012.11.07 09:47:34 | 000,031,144 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2012.11.05 08:41:45 | 000,000,905 | ---- | M] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.29 17:09:08 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lydajwmb.sys
[2012.11.22 11:08:06 | 000,000,099 | ---- | C] () -- C:\Users\svenja\Desktop\SignageStudioDebug.bat
[2012.11.22 11:07:54 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SignageStudio.lnk
[2012.11.22 11:07:53 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\SignageStudio.lnk
[2012.11.21 20:45:40 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.11.21 11:38:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.17 21:55:06 | 000,427,829 | ---- | C] () -- C:\Users\svenja\silvestermailing2012.pdf
[2012.11.15 12:29:52 | 000,000,907 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
[2012.11.15 12:29:50 | 000,000,907 | ---- | C] () -- C:\Users\svenja\Desktop\join.me.lnk
[2012.11.15 08:51:08 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.15 08:51:08 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.09 10:13:39 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.09 08:19:02 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\OTLauncher.lnk
[2012.11.05 08:41:44 | 000,000,905 | ---- | C] () -- C:\Users\svenja\Desktop\iPhone SMS Export.lnk
[2012.08.25 10:33:41 | 000,003,730 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\wklnhst.dat
[2011.12.18 15:25:02 | 000,094,564 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.12.05 18:21:29 | 000,000,600 | ---- | C] () -- C:\Users\svenja\AppData\Local\PUTTY.RND
[2011.11.06 14:23:06 | 000,273,500 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011.11.06 14:23:06 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011.10.22 23:09:14 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.10.22 23:09:13 | 000,138,056 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\PnkBstrK.sys
[2011.10.22 23:08:58 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.10.22 23:08:41 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.09.18 08:46:54 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2011.09.18 08:45:16 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2011.09.18 08:45:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2011.08.15 07:03:39 | 000,274,115 | ---- | C] () -- C:\Windows\hpwins05.dat.temp
[2011.08.15 06:59:15 | 000,000,725 | ---- | C] () -- C:\Windows\wsnk.ini
[2011.08.08 20:28:49 | 000,000,021 | ---- | C] () -- C:\Users\svenja\AppData\Local\mc.pixel.data
[2011.08.01 09:19:15 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp
[2011.05.04 07:35:40 | 000,000,680 | ---- | C] () -- C:\Users\svenja\AppData\Local\d3d9caps.dat
[2011.04.11 18:32:36 | 000,001,940 | ---- | C] () -- C:\Users\svenja\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.01.17 09:45:42 | 000,498,666 | ---- | C] () -- C:\Users\svenja\Basil 1.mp3
[2010.12.19 19:19:14 | 000,000,054 | ---- | C] () -- C:\Windows\System32\opentable.ini
[2009.06.25 19:49:47 | 000,000,092 | ---- | C] () -- C:\Users\svenja\AppData\Local\cuyyo.bat
[2009.06.02 09:47:50 | 000,024,206 | ---- | C] () -- C:\Users\svenja\AppData\Roaming\UserTile.png
[2009.01.14 18:55:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.21 12:12:15 | 000,015,872 | ---- | C] () -- C:\Users\svenja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.20 15:57:10 | 000,001,891 | ---- | C] () -- C:\Users\svenja\ZENcast Organizer.lnk
[2008.07.20 15:56:45 | 000,000,124 | ---- | C] () -- C:\Users\svenja\ZEN Media Explorer.lnk
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
[/CODE] |
|
29.11.2012, 22:23
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Incredibar lässt sich nicht entfernen! Im Log ist aber nichts mehr von Incredi zu sehen....WO GENAU taucht das denn noch auf?
__________________
__________________ |
|
29.11.2012, 22:51
| #19 |
| | Incredibar lässt sich nicht entfernen! in crome, sobald ich ein neues Fenster öffne. ich kann ggf. Crome deinstallieren und neu aufspielen! was denkst du ? |
|
29.11.2012, 23:04
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar lässt sich nicht entfernen! So gut kenn ich Chrome nicht, beim Firefox würde das idR nichts bringen, weil solche Sachen im Firefox-Profil hinterlegt legt. Probiers aus mit Chrome.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.11.2012, 11:09
| #21 |
| | Incredibar lässt sich nicht entfernen! Guten Morgen, habe Crome neu aufgesetzt und jetzt sieht es gut aus! Startseiten lassen sich wieder erstellen und Encredi bleibt weg. Denke das war es! Ich bedanke mich auf diesem Wege noch einmal ganz herzlich bei dir, schöne Vorweihnachtstage und vielleicht bis irgendwann in Berlin in unserem Restaurant, dann kümmern wir uns um dich! Lg Marcus basi´l Berlin - Pasta Nudeln und mehr |
|
30.11.2012, 12:24
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar lässt sich nicht entfernen! Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Incredibar lässt sich nicht entfernen! |
| adobe, bho, bonjour, defender, entfernen, excel, flash player, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, lässt sich nicht entfernen, mozilla, nvidia update, object, performance, plug-in, pop-up-blocker, popup, problem, rundll, senden, software, symantec, system, vista, windows |
Linear-Darstellung
