| |
| |||||||
Log-Analyse und Auswertung: Google öffnet unerwünschte SeitenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.12.2012, 17:52
| #1 |
| |  Google öffnet unerwünschte Seiten Hallo erstmal! Ich bin noch ziemlich neu hier aber hoffe trotzdem, das ich das richtige Forum dafür erwischt habe. Nun zum Problem: Ich habe seit gestern das Problem das Google mir ständig unerwünschte Seiten öffnet wie z.B. Pornoseiten, Versicherungsseiten und solch ein Kram. Es ist egal auf welche Seite ich gehen möchte, wie z.B. Ebay, Spieletipps oder sogar Postbank, ich werde immer wieder weitergeleitet. Ich habe mich auch seit gestern nirgends mehr angemeldet, weil ich natürlich Angst um meine Passwörter habe. Darauf hin habe ich mich ein wenig schlau gemacht und bin dann auf das Programm "HijackThis" aufmerksam geworden. Ich habe dort mal alles gut durchgelesen und habe beschlossen mein Logfile hier zu posten, in der Hoffnung das jemand etwas finden kann. Hier das Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:25:10, on 29.12.2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Acer\Empowering Technology\SysMonitor.exe C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\WTClient.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Steam\Steam.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Users\JenniferBäcker\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6a92db81000000000000002268075273&tlver=1.4.19.19&affID=17159 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (file missing) O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (file missing) O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\system32\Msdxm6.ocx O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (file missing) O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (file missing) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [WTClient] WTClient.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Procaster] "C:\Program Files\Livestream Procaster\Procaster.exe" -autorun O4 - HKLM\..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [Anktlhfdq] rundll32 "C:\Windows\system32\perftsx.dll",Ayulc O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: RocketDock.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Y'z Shadow.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Update Service (gupdate1c9a0c944d9725f) (gupdate1c9a0c944d9725f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE |
|
29.12.2012, 18:23
| #2 |
| /// Malware-holic   | Google öffnet unerwünschte Seiten Hi
__________________das nächste mal, sei so gut, und lies die angepinnten Themen, HJT logs will eig keiner mehr sehen :-) Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
29.12.2012, 19:05
| #3 |
| | Google öffnet unerwünschte Seiten Erstmal Danke für die schnelle Antwort! (:
__________________Ist ganz schön viel krams... Hier die Extras.Txt : Code:
ATTFilter OTL Extras logfile created on: 29.12.2012 18:35:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JenniferBäcker\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,21% Memory free
6,21 Gb Paging File | 4,70 Gb Available in Paging File | 75,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 233,79 Gb Total Space | 63,42 Gb Free Space | 27,13% Space Free | Partition Type: NTFS
Drive D: | 350,66 Gb Total Space | 350,17 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
Computer Name: JENNYB | User Name: JenniferBäcker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14CEF469-9619-4F6A-A863-DCCEB2AE6C3E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{36E0A786-7804-4B9C-9CF7-F1C607665221}" = rport=137 | protocol=17 | dir=out | app=system |
"{415C0B0D-CF58-44AD-BD58-34D726A67B49}" = lport=139 | protocol=6 | dir=in | app=system |
"{6BD1B4AB-FDFA-4A76-AA64-D4593B60707A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92CCF2B9-6F0A-486F-924F-AB5B64C2E651}" = rport=139 | protocol=6 | dir=out | app=system |
"{A061B8E9-A6F1-4F64-BFB0-275EE8686E4F}" = lport=445 | protocol=6 | dir=in | app=system |
"{CBC8CBC1-8624-46D2-AFD7-BA2C84465BF7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D2B25105-0C7B-4AF7-9D47-C8EED793FC77}" = lport=138 | protocol=17 | dir=in | app=system |
"{D71615AA-F15F-48FE-B47C-147831A972BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1C93E08-12E9-4CAC-93B1-E29ABAA1B926}" = rport=138 | protocol=17 | dir=out | app=system |
"{F18B72E0-4794-4BFB-B591-F999F9CBDB9B}" = lport=137 | protocol=17 | dir=in | app=system |
"{F71D736D-EF6F-4137-9620-C3BC08940F0E}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F5667E-C0B9-4A18-B478-B5A888D6D523}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{0360D87C-A087-4FE3-8C72-5BE4A16161A4}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{044345C8-C362-4F9A-B2D3-5BB13ABCC462}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{04DC932E-FC53-4A39-B19C-19E3D60C75F8}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{07AE7439-AEFE-45EC-970D-D9A5362DD2C8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{12C675BC-478E-4EC0-A622-1B862B3947E2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{1ADF6CFF-E6B2-4B5E-AB5A-063BEE9AF0AB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{1F614A90-6957-4909-B11E-322220A6AC97}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{20FB5BF1-850C-428A-8050-5E6C457557BA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{21647019-063E-4945-BB6F-4C30D8B7F5E3}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{23AD8B61-02A4-4393-973A-8C105C71A9F2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{372EA25D-D82A-4779-985E-3687F66D5714}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{37AC062B-6333-4141-B011-E8C6490402FC}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{3A650B37-B94C-46E5-8D4F-BD01E5AE0D94}" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"{3D9BD45F-9600-4035-BDA3-BC53C2E37CEA}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{3F6C379A-6674-4326-8FD9-2D832673204C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{43CC4A50-2A9D-4202-94F6-D8E183B19E49}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{46096364-B33E-4A26-80EB-4B12B70CCDB2}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{5C1DE0C6-4C39-4E41-A47E-42E189BD8D30}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{614096D8-B776-4150-9142-5C15073EC1F1}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{6207687F-FE96-4A07-8FFE-0BAE17476E0D}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{64A52372-1FD9-4440-9BA7-61D3BE265F94}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{69AAB61C-0180-4105-9088-16FF20D09F29}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{6A33C1E6-2D72-4E38-A9AA-76F4D5B2CAA2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6CEBCE0A-952D-4BBB-82A0-B763CB7CD407}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{6FCCD595-2510-4D7F-B030-923783EDB95A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{707F5179-2255-46C8-A857-B552BCC3F83A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7AE54199-A377-4275-9306-DE38583EC780}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{7D64ACEB-5050-4302-91AF-91BC8AE4E1B4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7E37BAD3-BA62-4BA3-93A3-C0AC3148A397}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{834B1D06-0E32-44E2-A03D-1D5BA8ED970E}" = protocol=6 | dir=in | app=c:\users\jenniferbäcker\appdata\local\temp\update_8bbf.exe |
"{8A382E69-BEC5-434B-91A2-1C7FC9F6A0EF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8B76192E-BBFC-41C6-AD09-78A265A26890}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{92835B57-D3AE-4C58-8011-7096CDE4835A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{98EEB72D-CD86-4C51-A70F-7C59C1DD4168}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{9C21BFE9-C21D-4146-9E48-FA2499D28C7D}" = protocol=17 | dir=in | app=c:\users\jenniferbäcker\appdata\local\temp\update_8bbf.exe |
"{9F3BD9D2-BA84-4239-9C64-E285125243B2}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{A89A2F54-8A5E-4AB8-B216-9C98ABA39CE8}" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"{AD384ADF-0B7E-48A4-B542-15FB10E2E023}" = protocol=17 | dir=in | app=c:\users\jenniferbäcker\downloads\pdf_reader_setup.exe |
"{AFA3ABF2-1C08-4AFA-A284-5BAAED59F6A7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B0083FCC-BDE3-4650-BEC9-1EF6B6DA85CC}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{B76114AA-65E6-45FF-92DC-4C41FAF20C0C}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{BDC7C81F-3122-419F-B443-F51735C01687}" = protocol=6 | dir=in | app=c:\users\jenniferbäcker\downloads\pdf_reader_setup.exe |
"{BE077AB2-6B4A-41F2-AFFE-8FA8E1A0C824}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{BF3C507D-D25D-462A-9D2E-CE4FBAF7047D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{C3EB4E95-52CA-4AFB-B8B3-453DC4FA4DE2}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{C61199BB-AC2C-4543-A729-E9A937DCEDA5}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C8D03E7C-C1A4-48EF-B4D3-731BF14D7508}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{CB7DB70E-CEE9-41C9-B660-39FE67C5BD04}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{DE646053-28B7-4A7B-AA66-46ADFD5363E4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E9CF4757-A377-481B-844D-ACD14B87DE97}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{EE8D3ADC-5ABD-49E5-90BD-7D8EAEBF3ED4}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{FA2771D3-FB28-49DC-80DF-8E8731C50C8A}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{FE3C3DF2-23EC-4B4A-8115-07CFF1ED6227}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = Die Sims™ 3 Jahreszeiten
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C7F547E-DDE3-51BF-1D2E-04816F30AD66}" = ATI Catalyst Install Manager
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2008
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{809A3BCA-2B18-4B8D-A0DB-3AE01BCFAB4F}" = Hama Whitestorm Pad
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PhotoScape" = PhotoScape
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.1
"RocketDock_is1" = RocketDock 1.3.5
"ScreenshotCaptor_is1" = Screenshot Captor 2.56.01
"smqaiqw" = Favorit
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 550" = Left 4 Dead 2
"SystemRequirementsLab" = System Requirements Lab
"TabletDriver" = Tablet Driver V5.02
"Uplay" = Uplay
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-DC Universe Online Live" = DC Universe Online Live
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.12.2012 15:42:20 | Computer Name = JennyB | Source = Windows Search Service | ID = 3013
Description =
Error - 25.12.2012 15:42:22 | Computer Name = JennyB | Source = Windows Search Service | ID = 3013
Description =
Error - 25.12.2012 19:23:47 | Computer Name = JennyB | Source = Windows Search Service | ID = 3013
Description =
Error - 26.12.2012 04:41:14 | Computer Name = JennyB | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 05:29:55 | Computer Name = JennyB | Source = WinMgmt | ID = 10
Description =
Error - 27.12.2012 07:34:09 | Computer Name = JennyB | Source = Windows Search Service | ID = 3013
Description =
Error - 27.12.2012 09:52:06 | Computer Name = JennyB | Source = Windows Search Service | ID = 3013
Description =
Error - 28.12.2012 04:28:44 | Computer Name = JennyB | Source = WinMgmt | ID = 10
Description =
Error - 28.12.2012 07:13:42 | Computer Name = JennyB | Source = WinMgmt | ID = 10
Description =
Error - 28.12.2012 10:52:22 | Computer Name = JennyB | Source = Windows Search Service | ID = 3013
Description =
Error - 29.12.2012 05:44:30 | Computer Name = JennyB | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 28.12.2012 07:13:42 | Computer Name = JennyB | Source = Service Control Manager | ID = 7026
Description =
Error - 28.12.2012 11:19:51 | Computer Name = JennyB | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 28.12.2012 11:19:51 | Computer Name = JennyB | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 28.12.2012 11:19:51 | Computer Name = JennyB | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Error - 29.12.2012 05:44:30 | Computer Name = JennyB | Source = Service Control Manager | ID = 7026
Description =
Error - 29.12.2012 05:59:34 | Computer Name = JennyB | Source = BROWSER | ID = 8032
Description =
Error - 29.12.2012 13:01:22 | Computer Name = JennyB | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 29.12.2012 13:01:25 | Computer Name = JennyB | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 29.12.2012 13:42:27 | Computer Name = JennyB | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 29.12.2012 13:42:29 | Computer Name = JennyB | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
< End of report >
Und die OTL.Txt : Code:
ATTFilter OTL logfile created on: 29.12.2012 18:35:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JenniferBäcker\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,21% Memory free 6,21 Gb Paging File | 4,70 Gb Available in Paging File | 75,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 233,79 Gb Total Space | 63,42 Gb Free Space | 27,13% Space Free | Partition Type: NTFS Drive D: | 350,66 Gb Total Space | 350,17 Gb Free Space | 99,86% Space Free | Partition Type: NTFS Computer Name: JENNYB | User Name: JenniferBäcker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.29 18:34:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JenniferBäcker\Desktop\OTL.exe PRC - [2012.10.28 20:29:04 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Programme\Common Files\Steam\SteamService.exe PRC - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.04 10:20:24 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe PRC - [2010.06.01 20:46:26 | 000,073,728 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe PRC - [2009.10.30 19:19:22 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\Windows\System32\WTClient.exe PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.09.30 16:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2008.09.30 16:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.07.29 17:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.06.02 09:26:38 | 000,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\SysMonitor.exe PRC - [2008.06.02 09:26:22 | 000,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe PRC - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.05.20 17:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2008.05.20 11:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2012.11.15 10:22:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll MOD - [2012.11.15 09:13:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll MOD - [2012.11.15 09:13:29 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll MOD - [2012.11.15 09:12:21 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll MOD - [2012.11.15 09:11:36 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll MOD - [2012.10.28 20:29:02 | 020,317,008 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll MOD - [2012.10.28 20:28:59 | 000,902,480 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll MOD - [2012.10.28 20:28:57 | 000,123,232 | ---- | M] () -- C:\Programme\Steam\bin\avutil-51.dll MOD - [2012.10.28 20:28:55 | 000,190,816 | ---- | M] () -- C:\Programme\Steam\bin\avformat-53.dll MOD - [2012.10.28 20:28:53 | 001,099,616 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-53.dll MOD - [2010.09.28 20:00:56 | 000,217,088 | ---- | M] () -- C:\Windows\System32\WinTab32.dll MOD - [2010.05.14 00:03:42 | 000,232,960 | ---- | M] () -- C:\Windows\System32\MyDrawLineWindowDll.dll MOD - [2008.12.24 23:56:12 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3009.0__739b31b1908c49e5\Framework.UIComponent.dll MOD - [2008.12.24 23:56:12 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2008.12.24 23:56:12 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll MOD - [2008.12.24 23:56:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll MOD - [2008.12.24 23:56:11 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll MOD - [2008.07.29 17:52:38 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2008.07.29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2008.06.02 09:26:38 | 000,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\SysMonitor.exe MOD - [2008.06.02 09:26:22 | 000,319,488 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe MOD - [2008.06.02 09:25:36 | 000,013,824 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.Presenter.dll MOD - [2008.06.02 09:25:02 | 000,005,120 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\de\Framework.AppBar.resources.dll MOD - [2008.06.02 09:25:00 | 001,822,720 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Framework.AppBar.dll MOD - [2008.04.23 10:56:34 | 000,020,480 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eSettings\eSettings.QuickMenu.dll MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll MOD - [2004.08.03 18:31:38 | 000,121,344 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2012.12.11 19:21:45 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.07 19:01:14 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.28 20:29:04 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS) SRV - [2010.06.01 20:46:26 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\drivers\WTSrv.exe -- (WinTabService) SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.05.20 17:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm) DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\tclondrv.sys -- (tclondrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Tablet2k.sys -- (Tablet2k) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\SMR162.SYS -- (SMR162) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio) DRV - [2012.10.24 00:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20121130.005\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.09.13 20:43:45 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121228.023\NAVEX15.SYS -- (NAVEX15) DRV - [2012.09.13 20:43:45 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121228.023\NAVENG.SYS -- (NAVENG) DRV - [2012.09.01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121228.001\IDSvix86.sys -- (IDSVix86) DRV - [2012.08.12 11:22:18 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.12 11:22:18 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP) DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS) DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA) DRV - [2012.04.18 03:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symtdiv.sys -- (SYMTDIv) DRV - [2012.04.18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON) DRV - [2012.04.05 19:59:46 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.08.15 23:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS) DRV - [2009.12.09 02:36:26 | 000,017,120 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid) DRV - [2009.09.03 21:07:04 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.10.17 09:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt) DRV - [2008.10.17 09:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr) DRV - [2008.09.08 23:10:24 | 000,014,848 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid) DRV - [2008.06.02 09:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.02.25 16:29:24 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport) DRV - [2008.02.25 16:29:24 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport) DRV - [2007.12.19 07:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2007.10.12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) DRV - [2007.06.08 02:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus) DRV - [2007.04.24 00:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k) DRV - [2006.10.30 04:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2006.08.11 14:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) DRV - [2006.07.05 13:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a) DRV - [2006.06.14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2004.04.08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.04.08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003.09.06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6a92db81000000000000002268075273&tlver=1.4.19.19&affID=17159 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms} IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=kwtb&component=&c=GNKIW29197&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b27a9fab0-caaf-4517-90f8-9ad850dafdff%7d&q={searchTerms} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.bing.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\InprocServer32 File not found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{07ADD379-B5C1-4124-9825-1B6A2BBA0671}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms} IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=kwtb&component=&c=GNKIW29197&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7b27a9fab0-caaf-4517-90f8-9ad850dafdff%7d&q={searchTerms} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=6a92db81000000000000002268075273 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?cbid=LS&said={D72C1780-13C1-4BA7-8AC2-00659AB7D6FE}&q={searchTerms}&crm=1&sads=1 IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6a92db81000000000000002268075273&tlver=1.4.19.19&affID=17159 IE - HKCU\..\SearchScopes\{1F811A20-6353-4E18-B336-7A76A6B77185}: "URL" = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{40098A72-690E-40C1-AFAB-64D132FA3F7C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_deDE307 IE - HKCU\..\SearchScopes\{78205594-7442-4042-81D7-F34BCE9A05DA}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18 IE - HKCU\..\SearchScopes\{BA205791-59D5-4528-ACFE-57C66ED61C8E}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{DE2F5134-024B-4655-9C57-EEFE2A7C9B95}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.order.2: "WEB.DE Suche" FF - prefs.js..browser.search.order.3: "1und1 Suche" FF - prefs.js..browser.search.order.4: "amazon.de" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: finder%40meingutscheincode.de:3.0.3 FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.26 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.9 FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81b1}:2.2 FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.4 FF - prefs.js..extensions.enabledItems: {da7f40f0-8675-11db-b606-0800200c9a66}:3.04 FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0 FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=6a92db81000000000000002268075273&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.04.05 20:04:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.12.29 10:43:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.29 17:07:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 19:01:09 | 000,000,000 | ---D | M] [2009.03.30 08:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Extensions [2012.11.21 11:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions [2010.04.29 06:48:54 | 000,000,000 | ---D | M] (Vista on XP) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1} [2010.04.29 06:48:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.24 19:32:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.18 12:47:27 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.04.09 17:16:45 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2009.11.26 09:41:10 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} [2011.03.30 19:09:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\engine@conduit.com [2012.10.12 18:29:30 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\info@djzig.com [2009.09.25 23:14:20 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\moveplayer@movenetworks.com [2009.07.23 17:10:13 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\NPDyyno@dyyno.com [2011.03.13 11:53:00 | 000,000,000 | ---D | M] (Personas) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\Firefox\Profiles\gp34144l.default\extensions\personas@christopher.beard [2012.11.18 01:27:46 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\extensions\compatibility@addons.mozilla.org.xpi [2011.09.24 21:20:14 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\extensions\finder@meingutscheincode.de.xpi [2012.02.19 17:22:34 | 000,562,656 | ---- | M] () (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\extensions\redshift_V2@shift-themes.com.xpi [2011.08.21 09:15:25 | 000,553,072 | ---- | M] () (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}.xpi [2012.10.18 22:13:18 | 001,379,887 | ---- | M] () (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\extensions\{da7f40f0-8675-11db-b606-0800200c9a66}.xpi [2012.11.21 11:53:10 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.12.29 00:40:17 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-11.xml [2010.07.28 16:45:46 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-12.xml [2010.10.22 11:18:42 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-13.xml [2010.10.29 13:53:12 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-14.xml [2010.12.11 12:08:06 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-15.xml [2009.12.18 14:19:29 | 000,000,961 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-2.xml [2010.01.15 18:17:15 | 000,000,961 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-3.xml [2010.02.13 18:45:14 | 000,000,961 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-4.xml [2010.03.25 12:26:26 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-5.xml [2010.04.03 11:33:54 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-6.xml [2010.05.03 11:46:42 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-7.xml [2010.06.23 20:16:57 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-8.xml [2010.06.27 09:30:53 | 000,000,950 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin-9.xml [2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\icqplugin.xml [2012.12.29 00:40:18 | 000,002,121 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\personas-for-firefox.xml [2011.02.14 17:44:02 | 000,002,449 | ---- | M] () -- C:\Users\JenniferBäcker\AppData\Roaming\mozilla\firefox\profiles\gp34144l.default\searchplugins\safesearch.xml [2012.12.29 17:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- C:\USERS\JENNIFERBäCKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GP34144L.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI File not found (No name found) -- C:\USERS\JENNIFERBäCKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GP34144L.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI File not found (No name found) -- C:\USERS\JENNIFERBäCKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GP34144L.DEFAULT\EXTENSIONS\MOVEPLAYER@MOVENETWORKS.COM File not found (No name found) -- C:\USERS\JENNIFERBäCKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GP34144L.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD [2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.27 18:27:16 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll File not found O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll File not found O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation) O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll File not found O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll File not found O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [Procaster] "C:\Program Files\Livestream Procaster\Procaster.exe" -autorun File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver) O4 - HKCU..\Run: [Anktlhfdq] C:\Windows\System32\perftsx.dll () O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [fsm] File not found O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\JenniferBäcker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\JenniferBäcker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk = File not found O4 - Startup: C:\Users\JenniferBäcker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found O4 - Startup: C:\Users\JenniferBäcker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Y'z Shadow.lnk = File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = C:\Windows\Resources\Themes\Inspirat2\Inspirat2.msstyles O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8DD894E-93CF-47DD-B1B1-C5C8F97EA19F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\JenniferBäcker\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\JenniferBäcker\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {51F7069C-B6E6-C546-638E-3588F0E30B23} - Java (Sun) ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{b045cd24-4d2a-460b-b781-b78f934514d5} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.29 18:34:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JenniferBäcker\Desktop\OTL.exe [2012.12.29 17:22:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\JenniferBäcker\Desktop\HiJackThis204.exe [2012.12.28 17:56:36 | 000,000,000 | ---D | C] -- C:\Users\JenniferBäcker\Desktop\Originals [2012.12.28 17:49:19 | 000,000,000 | ---D | C] -- C:\Users\JenniferBäcker\Desktop\Desktop [2012.12.25 20:51:01 | 000,000,000 | ---D | C] -- C:\Users\JenniferBäcker\Desktop\brusches [2012.12.07 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [61 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.29 18:34:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JenniferBäcker\Desktop\OTL.exe [2012.12.29 18:28:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.29 18:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.29 17:22:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\JenniferBäcker\Desktop\HiJackThis204.exe [2012.12.29 17:07:50 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.12.29 17:01:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.29 17:01:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.29 15:01:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.29 10:50:21 | 000,685,180 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.29 10:50:21 | 000,643,614 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.29 10:50:21 | 000,150,162 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.29 10:50:21 | 000,123,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.29 10:43:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.12.29 10:43:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.28 20:15:31 | 000,455,425 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\shepmaleXliara_Bild1.jpg [2012.12.28 20:13:01 | 000,034,816 | -H-- | M] () -- C:\Users\JenniferBäcker\Desktop\photothumb.db [2012.12.28 20:12:35 | 000,469,047 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara04.jpg [2012.12.28 20:01:33 | 000,433,349 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara03.jpg [2012.12.28 19:57:20 | 000,564,649 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara02.jpg [2012.12.28 19:56:55 | 006,181,820 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara01.tif [2012.12.28 18:31:04 | 000,621,084 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\melm1.png [2012.12.28 18:03:55 | 000,739,001 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\meshep1.png [2012.12.28 17:56:36 | 001,552,102 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\bg4.png [2012.12.28 17:49:58 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\pgvws.job [2012.12.28 17:49:57 | 000,114,688 | RHS- | M] () -- C:\Windows\System32\perftsx.dll [2012.12.28 17:49:23 | 000,435,408 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\clickme_flava_stevenson.zip [2012.12.28 17:47:18 | 000,751,004 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\shep1.png [2012.12.28 17:41:32 | 000,006,063 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\liaramaleshep2.scene [2012.12.28 17:41:18 | 000,003,316 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\liaramaleshep.pose [2012.12.28 17:41:04 | 004,268,048 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara_prozess.png [2012.12.28 16:00:24 | 000,335,890 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\bg3.jpg [2012.12.28 15:58:15 | 002,017,362 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\bg2.png [2012.12.28 15:54:40 | 000,219,546 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\bg1.jpg [2012.12.25 20:20:06 | 000,002,764 | ---- | M] () -- C:\Users\JenniferBäcker\.recently-used.xbel [2012.12.22 17:05:55 | 000,413,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.21 20:48:04 | 000,405,195 | ---- | M] () -- C:\Users\JenniferBäcker\Desktop\tumblr_m7y4icgG421r05vxjo1_500.jpg [2012.12.13 11:18:23 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012.12.13 11:17:17 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Jahreszeiten.lnk [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [61 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.29 17:07:50 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.12.28 20:15:31 | 000,455,425 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\shepmaleXliara_Bild1.jpg [2012.12.28 20:12:32 | 000,469,047 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara04.jpg [2012.12.28 20:01:33 | 000,433,349 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara03.jpg [2012.12.28 19:57:17 | 000,564,649 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara02.jpg [2012.12.28 18:30:09 | 000,621,084 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\melm1.png [2012.12.28 18:07:34 | 006,181,820 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara01.tif [2012.12.28 18:03:10 | 000,739,001 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\meshep1.png [2012.12.28 17:52:25 | 001,552,102 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\bg4.png [2012.12.28 17:49:58 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\pgvws.job [2012.12.28 17:49:57 | 000,114,688 | RHS- | C] () -- C:\Windows\System32\perftsx.dll [2012.12.28 17:49:23 | 000,435,408 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\clickme_flava_stevenson.zip [2012.12.28 17:47:18 | 000,751,004 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\shep1.png [2012.12.28 17:41:32 | 000,006,063 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\liaramaleshep2.scene [2012.12.28 17:41:17 | 000,003,316 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\liaramaleshep.pose [2012.12.28 17:41:01 | 004,268,048 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\maleshepxliara_prozess.png [2012.12.28 16:00:24 | 000,335,890 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\bg3.jpg [2012.12.28 15:58:15 | 002,017,362 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\bg2.png [2012.12.28 15:54:40 | 000,219,546 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\bg1.jpg [2012.12.25 20:20:06 | 000,002,764 | ---- | C] () -- C:\Users\JenniferBäcker\.recently-used.xbel [2012.12.21 20:48:03 | 000,405,195 | ---- | C] () -- C:\Users\JenniferBäcker\Desktop\tumblr_m7y4icgG421r05vxjo1_500.jpg [2012.12.13 11:18:23 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012.12.13 11:17:17 | 000,002,001 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Jahreszeiten.lnk [2012.12.13 11:14:12 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.13 11:14:12 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.05.10 10:53:35 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2012.03.29 20:26:57 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2011.12.27 18:27:50 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.12.25 14:40:48 | 000,003,139 | ---- | C] () -- C:\Windows\Tablet8000x5000M.ini [2011.12.25 14:32:22 | 000,000,142 | ---- | C] () -- C:\Windows\PenSign.INI [2011.04.17 16:55:44 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.04.10 14:57:46 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.04.10 14:57:46 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.04.10 14:57:46 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.04.10 14:57:46 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.04.10 14:57:46 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.04.10 14:57:46 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.04.10 14:57:46 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.04.10 14:57:46 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.04.10 14:57:46 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.04.10 14:57:46 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.04.10 14:57:46 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.04.10 14:57:46 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.04.10 14:57:46 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.04.10 14:57:46 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.04.10 14:57:46 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.04.10 14:57:46 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.04.10 14:57:46 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.04.10 14:57:46 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.04.10 14:57:46 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011.04.10 14:51:42 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini [2011.01.21 12:28:34 | 000,001,940 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.01.08 10:58:58 | 000,208,896 | ---- | C] () -- C:\Windows\System32\tb.dll [2011.01.08 10:58:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ttb.dll [2010.10.10 11:17:33 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini [2010.10.10 11:16:18 | 000,000,034 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2010.10.10 11:16:14 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2010.08.17 18:02:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.09 23:16:49 | 000,022,328 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Roaming\PnkBstrK.sys [2009.06.05 19:53:54 | 000,000,058 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2009.06.03 19:16:56 | 000,001,301 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\oyggo_navps.dat [2009.06.03 19:16:55 | 000,417,036 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\oyggo_nav.dat [2009.06.03 19:16:55 | 000,002,974 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\oyggo.dat [2009.03.23 13:34:32 | 000,000,097 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\smqaiqw.bat [2009.01.28 17:27:39 | 000,008,592 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\d3d9caps.dat [2008.12.30 12:49:53 | 000,002,352 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Roaming\wklnhst.dat [2008.12.25 00:04:51 | 000,038,912 | ---- | C] () -- C:\Users\JenniferBäcker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.10.08 15:33:56 | 000,000,000 | -HSD | M] -- C:\Users\JenniferBäcker\AppData\Roaming\.# [2008.03.16 15:34:55 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Acer GameZone Console [2009.02.14 10:42:00 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Ashampoo [2011.12.27 18:27:13 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Babylon [2010.03.02 17:52:25 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Bioshock [2010.07.09 16:48:40 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Bioshock2 [2010.11.13 15:02:06 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Blender Foundation [2009.03.26 14:21:05 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Clickteam [2012.03.29 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\DesktopIconForAmazon [2009.01.11 17:14:14 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Desperate Housewives [2009.06.05 19:53:54 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\DonationCoder [2008.12.30 12:47:37 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\eSobi [2009.10.10 12:36:54 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\GetRightToGo [2012.12.25 20:20:06 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\gtk-2.0 [2010.03.26 15:25:22 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Hasbro [2009.02.14 10:58:37 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\IrfanView [2009.06.16 18:54:40 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Leadertech [2009.03.23 14:25:34 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\live-player [2010.03.28 15:17:04 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\MrJobs [2012.05.10 21:51:08 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\NevoSoft Games [2012.05.10 17:19:13 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Oberon Games [2012.03.29 21:05:27 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\OfficeRecovery [2012.03.29 21:06:07 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\OfficeRecovery.6c86a929 [2009.01.28 18:55:44 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\OpenOffice.org [2012.10.23 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Origin [2012.09.16 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\PhotoScape [2009.03.18 14:41:28 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\PlayFirst [2011.04.17 17:56:23 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Serif [2010.05.03 11:29:18 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\SumatraPDF [2011.06.27 16:10:37 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\TeamViewer [2009.02.12 09:11:46 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Template [2011.05.03 16:28:53 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Tific [2010.09.18 22:03:25 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\TS3Client [2010.03.20 14:05:15 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\Ubisoft [2012.05.10 21:52:23 | 000,000,000 | ---D | M] -- C:\Users\JenniferBäcker\AppData\Roaming\ViquaSoft ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.12.24 23:32:32 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.05.30 09:42:38 | 000,000,000 | ---D | M] -- C:\ACER [2008.03.16 16:05:19 | 000,000,000 | ---D | M] -- C:\book [2009.10.20 17:56:20 | 000,000,000 | -HSD | M] -- C:\Boot [2012.12.13 11:24:19 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.12.24 23:28:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.05.11 02:41:38 | 000,000,000 | -HSD | M] -- C:\found.000 [2012.05.09 21:49:15 | 000,000,000 | -HSD | M] -- C:\found.001 [2012.11.11 12:31:09 | 000,000,000 | -HSD | M] -- C:\found.002 [2009.10.05 20:00:07 | 000,000,000 | ---D | M] -- C:\NVIDIA [2012.12.07 22:49:41 | 000,000,000 | R--D | M] -- C:\Program Files [2012.10.22 09:04:07 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.12.24 23:28:47 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.29 18:38:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.18 03:04:25 | 000,000,000 | R--D | M] -- C:\Users [2012.12.13 11:34:26 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [61 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,516 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.06.30 21:10:56 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2009.06.30 21:10:57 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.04.04 21:54:36 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.12.28 17:49:58 | 000,000,320 | ---- | C] () -- C:\Windows\Tasks\pgvws.job < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2007.12.19 07:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\ACER\Preload\msdrv\ahcix86s.sys [2007.12.19 07:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Windows\System32\drivers\ahcix86s.sys [2007.12.19 07:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_864d20f0\ahcix86s.sys [2007.08.08 05:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ACER\Preload\Autorun\DRV\ATI Chipset RS780 RS740+SB700\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.22 05:59:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=76D70915EB81608DC6ACA87887FAB38F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_ddac250d3ab7a648\atapi.sys [2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_3d9c5057\atapi.sys [2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_dd25892021975283\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2010.10.04 12:56:17 | 000,004,608 | ---- | M] () MD5=EED7A4D972BB2F0F38E24159F67A08A4 -- C:\Users\JenniferBäcker\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v7AC6EAFE\Native\STUBEXE\@WINDIR@\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.03.16 08:05:50 | 013,115,392 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.03.16 08:05:42 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.03.16 08:05:50 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2008.03.16 08:05:58 | 017,633,280 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2008.03.16 08:06:00 | 006,668,288 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2012.12.28 17:49:57 | 000,114,688 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\perftsx.dll [61 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.12.25 20:20:06 | 000,002,764 | ---- | M] () -- C:\Users\JenniferBäcker\.recently-used.xbel [2012.12.29 18:55:51 | 005,505,024 | -HS- | M] () -- C:\Users\JenniferBäcker\ntuser.dat [2012.12.29 18:55:51 | 000,262,144 | -H-- | M] () -- C:\Users\JenniferBäcker\ntuser.dat.LOG1 [2008.12.24 23:31:54 | 000,000,000 | -H-- | M] () -- C:\Users\JenniferBäcker\ntuser.dat.LOG2 [2012.12.29 01:28:20 | 000,065,536 | -HS- | M] () -- C:\Users\JenniferBäcker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.15 20:08:16 | 000,524,288 | -HS- | M] () -- C:\Users\JenniferBäcker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.12.29 01:28:20 | 000,524,288 | -HS- | M] () -- C:\Users\JenniferBäcker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.12.24 23:31:55 | 000,000,020 | -HS- | M] () -- C:\Users\JenniferBäcker\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:56F368C9 @Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:490BCC52 @Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:6677D85A @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:63238B95 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:7AF9CAEB @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0DFE2AE1 < End of report > |
|
03.01.2013, 16:50
| #4 |
| /// Malware-holic | Google öffnet unerwünschte Seiten hi sorry für späte Antwort, gesundes Neues dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.12.28 17:49:57 | 000,114,688 | RHS- | M] () -- C:\Windows\System32\perftsx.dll
[2012.12.28 17:49:58 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\pgvws.job
O4 - HKCU..\Run: [Anktlhfdq] C:\Windows\System32\perftsx.dll ()
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 downloade get info: http://markusg.trojaner-board.de/GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten. Frage: hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt? wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Google öffnet unerwünschte Seiten |
| adobe, bho, defender, desktop, ebay, excel, explorer, firefox, flash player, google, google falsche seite, hijack, hijackthis, hijackthis logfile, internet, internet explorer, logfile, mozilla, nvidia update, plug-in, problem, programm, rundll, software, symantec, system, tablet, vista, windows |
Linear-Darstellung
