Trojaner-Board - Hacker kontrolliert meinen PC

Wie gewünscht der 2. Durchlauf.

Code:

OTL logfile created on: 20.11.2012 17:59:33 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\angelika\Desktop

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,91 Gb Total Physical Memory | 3,03 Gb Available Physical Memory | 77,53% Memory free

4,90 Gb Paging File | 4,04 Gb Available in Paging File | 82,29% Paging File free

Paging file location(s): c:\pagefile.sys 1024 1024 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 453,94 Gb Total Space | 143,89 Gb Free Space | 31,70% Space Free | Partition Type: NTFS

Drive H: | 62,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: NOTEBOOK-ACER | User Name: angelika | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\angelika\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)

PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)

PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)

PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)

PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Windows\SysWOW64\PSIService.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)

SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)

SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)

SRV - (ODDPwrSvc) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated)

SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)

SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)

SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)

SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()

SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)

SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (YMIDUSBW) -- C:\Windows\SysNative\drivers\ymidusbx64.sys (Yamaha Corporation)

DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys (Symantec Corporation)

DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys (Symantec Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys (Symantec Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (Spyder3) -- C:\Windows\SysNative\drivers\Spyder3.sys ()

DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)

DRV:64bit: - (DiskSec) -- C:\Windows\SysNative\drivers\disksec.sys (MAGIX)

DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (NETw1v64) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)

DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (cdrbsdrv) -- C:\Windows\SysNative\drivers\cdrbsdrv.sys (B.H.A Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121118.006\ex64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121118.006\eng64.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20121116.001\IDSviA64.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20121106.001\BHDrvx64.sys (Symantec Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (DiskSec) -- C:\Windows\SysWow64\drivers\disksec.sys (MAGIX)

DRV - (CrystalSysInfo) -- C:\Programme\MediaCoder\SysInfoX64.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4810t&r=273611091416l0368z1i5t47k1b200

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4810t&r=273611091416l0368z1i5t47k1b200

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4810t&r=273611091416l0368z1i5t47k1b200

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE354DE354

IE - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\..\SearchScopes\{78F2E912-2EB4-4D69-BE67-7C7716C28FCD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}

IE - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 3

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.06 11:31:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012.11.20 17:59:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_9_4 [2012.11.20 17:59:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 09:31:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.20 16:23:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.01 14:15:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.06 11:31:24 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 09:31:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.20 16:23:29 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.01 14:15:56 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2009.12.19 14:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\angelika\AppData\Roaming\mozilla\Extensions

[2009.12.19 14:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\angelika\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.11.19 03:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\angelika\AppData\Roaming\mozilla\Firefox\Profiles\dxmocsyu.default\extensions

[2011.06.28 07:30:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\angelika\AppData\Roaming\mozilla\Firefox\Profiles\dxmocsyu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.10.23 05:30:50 | 000,209,961 | ---- | M] () (No name found) -- C:\Users\angelika\AppData\Roaming\mozilla\firefox\profiles\dxmocsyu.default\extensions\jid1-kV5U6puWw0Cdvg@jetpack.xpi

[2011.12.25 08:23:11 | 000,002,419 | ---- | M] () -- C:\Users\angelika\AppData\Roaming\mozilla\firefox\profiles\dxmocsyu.default\searchplugins\englische-ergebnisse.xml

[2011.12.25 08:23:11 | 000,010,525 | ---- | M] () -- C:\Users\angelika\AppData\Roaming\mozilla\firefox\profiles\dxmocsyu.default\searchplugins\gmx-suche.xml

[2011.12.25 08:23:11 | 000,002,457 | ---- | M] () -- C:\Users\angelika\AppData\Roaming\mozilla\firefox\profiles\dxmocsyu.default\searchplugins\lastminute.xml

[2011.12.25 08:23:11 | 000,005,508 | ---- | M] () -- C:\Users\angelika\AppData\Roaming\mozilla\firefox\profiles\dxmocsyu.default\searchplugins\webde-suche.xml

[2012.11.19 03:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.11.20 17:59:33 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN

[2012.10.29 09:31:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0\BabylonChromePI.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: Google-Suche = C:\Users\angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Google Mail = C:\Users\angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

O1 HOSTS File: ([2012.11.20 09:46:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: []  File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O7 - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0

O7 - HKU\S-1-5-21-2121702085-3880710056-3678979608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\angelika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\angelika\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C1A88FF-BE22-42E7-BDD5-374B265A3925}: NameServer = 192.168.100.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6797BDB-CDC7-4F27-9A64-952592E2F213}: DhcpNameServer = 192.168.100.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.20 17:27:53 | 000,000,000 | ---D | C] -- C:\Users\angelika\Documents\.plugins

[2012.11.20 15:56:40 | 000,000,000 | ---D | C] -- C:\Users\angelika\Desktop\Neuer Ordner

[2012.11.20 09:47:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.11.20 09:31:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012.11.20 09:31:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012.11.20 09:31:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012.11.20 08:54:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.11.20 08:54:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012.11.19 08:36:47 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys

[2012.11.19 08:36:47 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys

[2012.11.19 08:36:47 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys

[2012.11.19 08:36:47 | 000,386,168 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys

[2012.11.19 08:36:47 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys

[2012.11.19 08:36:47 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys

[2012.11.19 08:36:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0502020.003

[2012.11.18 19:34:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\angelika\Desktop\OTL.exe

[2012.11.18 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\angelika\AppData\Roaming\Malwarebytes

[2012.11.18 17:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.11.18 16:31:44 | 000,000,000 | ---D | C] -- C:\2ee80120ce644b9489ce6ebf1aa1ab

[2012.11.18 16:31:10 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur

[2012.11.18 15:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup

[2012.11.18 15:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup

[2012.11.18 09:12:55 | 000,000,000 | ---D | C] -- C:\Users\angelika\AppData\Roaming\Tific

[2012.11.18 09:12:54 | 000,000,000 | ---D | C] -- C:\Users\angelika\AppData\Local\Symantec

[2012.11.17 12:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2012.11.17 12:32:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64

[2012.11.17 12:31:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

[2012.11.17 12:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360

[2012.11.17 12:18:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64

[2012.11.17 12:18:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A

[2012.11.17 12:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard

[2012.11.17 12:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard

[2012.11.17 12:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

[2012.11.17 10:39:47 | 000,000,000 | ---D | C] -- C:\Users\angelika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2012.11.04 15:18:43 | 000,000,000 | ---D | C] -- C:\Users\angelika\Desktop\Für Rechtsanwalt

[2012.11.01 14:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

[2012.10.29 09:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.10.23 05:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.10.23 05:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.10.23 05:30:56 | 000,000,000 | ---D | C] -- C:\Users\angelika\AppData\Roaming\convert

[2012.10.23 05:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro

[2012.10.23 04:12:21 | 000,000,000 | ---D | C] -- C:\Users\angelika\Videos

[2012.10.22 08:30:24 | 000,000,000 | ---D | C] -- C:\Users\angelika\Documents\PHOTUX

[2012.10.22 07:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012.10.22 07:06:49 | 000,000,000 | ---D | C] -- C:\Users\angelika\AppData\Roaming\No Company Name

[2010.03.21 09:42:48 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files (x86)\Common Files\keyhelp.ocx

[5 C:\Users\angelika\Desktop\*.tmp files -> C:\Users\angelika\Desktop\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.20 18:06:30 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.20 18:06:30 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.20 17:58:54 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\MxTray.job

[2012.11.20 17:58:26 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job

[2012.11.20 17:58:23 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.11.20 17:58:12 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl

[2012.11.20 17:58:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.11.20 17:57:56 | 3144,773,632 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.20 17:12:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.11.20 17:11:01 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job

[2012.11.20 09:46:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012.11.20 09:03:20 | 001,520,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.11.20 09:03:20 | 000,661,854 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.11.20 09:03:20 | 000,623,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.11.20 09:03:20 | 000,133,990 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.11.20 09:03:20 | 000,109,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.11.20 09:00:47 | 000,001,395 | ---- | M] () -- C:\Users\angelika\Desktop\Norton-Installations-dateien.lnk

[2012.11.20 09:00:47 | 000,001,246 | ---- | M] () -- C:\Users\angelika\Desktop\Norton Download Manager.lnk

[2012.11.20 08:55:42 | 000,000,799 | ---- | M] () -- C:\Users\angelika\Desktop\ComboFix.exe - Verknüpfung.lnk

[2012.11.20 08:23:16 | 000,002,381 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2012.11.20 08:22:52 | 002,247,396 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Cat.DB

[2012.11.19 08:57:27 | 000,000,512 | ---- | M] () -- C:\Users\angelika\Desktop\MBR.dat

[2012.11.19 03:14:19 | 000,000,000 | ---- | M] () -- C:\Users\angelika\defogger_reenable

[2012.11.18 18:41:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\angelika\Desktop\OTL.exe

[2012.11.18 15:42:23 | 003,668,863 | ---- | M] () -- C:\Users\angelika\Documents\Thunderbird 16.0.2 (de) - 2012-11-18.pcv

[2012.11.18 15:24:52 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk

[2012.11.17 12:33:34 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012.11.17 12:33:34 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012.11.17 12:33:34 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2012.11.17 12:13:36 | 005,180,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.10.29 16:40:57 | 000,197,511 | ---- | M] () -- C:\Users\angelika\Documents\Kündigungsschreiben von Dammann.pdf

[2012.10.23 05:37:01 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.10.23 05:31:14 | 000,000,009 | ---- | M] () -- C:\END

[2012.10.22 07:30:06 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[5 C:\Users\angelika\Desktop\*.tmp files -> C:\Users\angelika\Desktop\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.11.20 09:31:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.11.20 09:31:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.11.20 09:31:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.11.20 09:31:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.11.20 09:31:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.11.20 08:55:42 | 000,000,799 | ---- | C] () -- C:\Users\angelika\Desktop\ComboFix.exe - Verknüpfung.lnk

[2012.11.20 08:22:00 | 002,247,396 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Cat.DB

[2012.11.19 08:57:27 | 000,000,512 | ---- | C] () -- C:\Users\angelika\Desktop\MBR.dat

[2012.11.19 08:36:47 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\iron.cat

[2012.11.19 08:36:47 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.cat

[2012.11.19 08:36:47 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.cat

[2012.11.19 08:36:47 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.cat

[2012.11.19 08:36:47 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnet64.cat

[2012.11.19 08:36:47 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa.inf

[2012.11.19 08:36:47 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds.inf

[2012.11.19 08:36:47 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnet.inf

[2012.11.19 08:36:47 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.inf

[2012.11.19 08:36:47 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.inf

[2012.11.19 08:36:47 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\iron.inf

[2012.11.19 08:36:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.cat

[2012.11.19 08:36:22 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\isolate.ini

[2012.11.19 03:14:19 | 000,000,000 | ---- | C] () -- C:\Users\angelika\defogger_reenable

[2012.11.18 15:42:20 | 003,668,863 | ---- | C] () -- C:\Users\angelika\Documents\Thunderbird 16.0.2 (de) - 2012-11-18.pcv

[2012.11.18 15:24:52 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk

[2012.11.17 12:33:29 | 000,002,381 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2012.11.17 12:18:10 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini

[2012.11.17 11:49:34 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012.11.17 11:40:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012.11.17 10:39:47 | 000,001,395 | ---- | C] () -- C:\Users\angelika\Desktop\Norton-Installations-dateien.lnk

[2012.11.17 10:39:47 | 000,001,246 | ---- | C] () -- C:\Users\angelika\Desktop\Norton Download Manager.lnk

[2012.10.29 16:40:54 | 000,197,511 | ---- | C] () -- C:\Users\angelika\Documents\Kündigungsschreiben von Dammann.pdf

[2012.10.24 07:25:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2012.10.23 05:37:01 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.10.23 05:31:14 | 000,000,009 | ---- | C] () -- C:\END

[2012.10.22 07:30:06 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.10.22 07:30:05 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.03.10 08:44:55 | 000,000,746 | ---- | C] () -- C:\Windows\XaraX.INI

[2011.12.30 07:04:52 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll

[2011.11.24 07:56:43 | 000,007,616 | ---- | C] () -- C:\Users\angelika\AppData\Local\resmon.resmoncfg

[2011.09.24 06:26:55 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys

[2011.09.24 06:26:00 | 001,557,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.05.05 06:01:30 | 000,000,096 | ---- | C] () -- C:\Users\angelika\AppData\Local\fusioncache.dat

[2011.03.29 11:59:32 | 000,001,216 | ---- | C] () -- C:\Users\angelika\Spiele - Verknüpfung.lnk

[2011.02.22 11:22:46 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll

[2010.11.07 05:21:42 | 000,003,728 | ---- | C] () -- C:\Users\angelika\.recently-used.xbel

[2010.09.18 08:11:59 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010.01.22 08:10:57 | 000,001,028 | ---- | C] () -- C:\Users\angelika\AppData\Roaming\WavCodec.wff

[2009.11.23 03:05:18 | 000,000,120 | ---- | C] () -- C:\Users\angelika\AppData\Roaming\wklnhst.dat

[2009.11.22 07:35:48 | 000,015,360 | ---- | C] () -- C:\Users\angelika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2009.12.24 14:04:07 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\7-PDFMaker

[2010.08.09 06:31:16 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\AnvSoft

[2009.12.30 08:22:54 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Artweaver

[2010.01.13 09:46:20 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Broad Intelligence

[2009.12.27 17:25:59 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Canon

[2012.04.08 07:17:25 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\capella-software

[2010.01.04 10:06:31 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\CasaPortale.de

[2011.11.23 08:58:21 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\ChessBase

[2012.11.20 09:43:51 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\convert

[2011.02.16 07:47:28 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Cornelsen

[2009.12.07 13:13:34 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\CoSoSys

[2011.11.19 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\CrashLog

[2011.09.24 06:10:25 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Cuttermaran

[2011.12.30 06:55:49 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1

[2011.10.30 13:20:13 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\DesktopIconForAmazon

[2012.01.06 09:42:57 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\DVDVideoSoft

[2011.06.28 07:30:11 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.11.13 07:25:08 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Engelmann Media

[2011.01.30 05:15:37 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\eSobi

[2010.08.17 10:11:10 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\FairStars Audio Converter

[2010.08.17 10:52:40 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\FreeAudioPack

[2010.08.17 11:19:27 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\FreeCDRipper

[2009.12.27 15:24:51 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\GameConsole

[2010.01.04 09:16:49 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\gtk-2.0

[2009.12.31 10:01:26 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\inkscape

[2012.09.01 08:13:08 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\IrfanView

[2011.02.01 11:29:37 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Kaleider

[2009.12.30 23:57:27 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\KC Softwares

[2011.09.24 05:28:59 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Leawo

[2012.03.31 08:33:16 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\MAGIX

[2012.10.23 04:29:21 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\MAGIX Fotobuch

[2011.10.22 03:46:24 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\MusE

[2010.08.17 10:05:05 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\NCH Swift Sound

[2012.10.22 07:06:49 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\No Company Name

[2011.11.19 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\OnDemandDump

[2011.01.29 11:00:40 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\PhotoEchoes

[2012.07.05 20:41:49 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\PhotoScape

[2010.08.07 09:48:29 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\PianoBooster

[2010.03.10 12:21:09 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\PixelPlanet

[2011.11.29 07:06:05 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\PlayFirst

[2010.08.11 11:58:16 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\proDAD

[2010.08.07 12:27:03 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Propellerhead Software

[2010.01.04 09:13:28 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\RawTherapee

[2010.01.22 07:52:42 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Recordpad

[2012.06.06 06:38:05 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Screenbrush

[2011.10.05 06:54:10 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Serif

[2012.10.20 07:19:40 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\SPlayer

[2010.03.10 13:03:41 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\SplitTile

[2009.11.30 14:03:58 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Template

[2009.12.19 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Thunderbird

[2012.11.18 09:12:55 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Tific

[2010.03.19 11:26:27 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Tobit

[2010.03.10 13:34:36 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Tracker Software

[2010.10.17 09:49:00 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Ulead Systems

[2011.01.30 04:47:57 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Uniblue

[2011.12.09 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\angelika\AppData\Roaming\Visan

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:054B9966

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:31D9EFCC

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:BC3DB898

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:C59E90A4

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:AE77C4CC

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BFE23423

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
 

< End of report >

Zitat:

Da ist nichts wirklich spannendes was auf eine Fernsteuerung hindeutet. Etwas Werbung haben wir entfernt.

Mein DVD Laufwerk funktioniert seit einiger Zeit auch nicht. Will Zugang zum Internet. Ist doch auch komisch. Und meine verschwundenen Ordner mit sensiblen Daten, die habe ich ganz sicher nicht gelöscht. Dann noch Hinweise von Norton, dass auf meine Prozessdaten zugegriffen werden will. Aber Norton blockiert hätte.

Hab nur gescannt, wie weiter?

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012

Ran by angelika at 21-11-2012 14:48:19

Running from C:\Users\angelika\Desktop

   (X64) OS Language: German Standard 

Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
 
 

==================== One Month Created Files and Folders ========
 

2012-11-21 14:43 - 2012-11-21 14:43 - 00000000 ____D C:\FRST

2012-11-20 17:27 - 2012-11-20 17:27 - 00000000 ____D C:\Users\angelika\Documents\.plugins

2012-11-20 15:56 - 2012-11-20 15:59 - 00000000 ____D C:\Users\angelika\Desktop\Neuer Ordner

2012-11-20 09:54 - 2012-11-20 09:54 - 00021770 ____A C:\ComboFix.txt

2012-11-20 09:31 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe

2012-11-20 09:31 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe

2012-11-20 09:31 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-11-20 09:31 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-11-20 09:31 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-11-20 09:31 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe

2012-11-20 09:31 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe

2012-11-20 09:31 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe

2012-11-20 08:55 - 2012-11-20 08:55 - 00000799 ____A C:\Users\angelika\Desktop\ComboFix.exe - Verknüpfung.lnk

2012-11-20 08:54 - 2012-11-20 09:54 - 00000000 ____D C:\Qoobox

2012-11-20 08:54 - 2012-11-20 09:50 - 00000000 ____D C:\Windows\erdnt

2012-11-19 08:57 - 2012-11-19 08:57 - 00001916 ____A C:\Users\angelika\Desktop\aswMBR.txt

2012-11-19 08:57 - 2012-11-19 08:57 - 00000512 ____A C:\Users\angelika\Desktop\MBR.dat

2012-11-19 03:14 - 2012-11-19 03:14 - 00000000 ____A C:\Users\angelika\defogger_reenable

2012-11-19 03:05 - 2012-11-19 03:05 - 00076086 ____A C:\AdwCleaner[S1].txt

2012-11-18 20:05 - 2012-11-18 20:05 - 00100450 ____A C:\Users\angelika\Desktop\Extras.Txt

2012-11-18 20:01 - 2012-11-20 18:14 - 00115964 ____A C:\Users\angelika\Desktop\OTL.Txt

2012-11-18 19:34 - 2012-11-18 18:41 - 00602112 ____A (OldTimer Tools) C:\Users\angelika\Desktop\OTL.exe

2012-11-18 17:33 - 2012-11-18 17:33 - 00000000 ____D C:\Users\angelika\AppData\Roaming\Malwarebytes

2012-11-18 17:33 - 2012-11-18 17:33 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-11-18 16:31 - 2012-11-18 16:31 - 00000000 ____D C:\Windows\CheckSur

2012-11-18 16:31 - 2012-11-18 16:31 - 00000000 ____D C:\2ee80120ce644b9489ce6ebf1aa1ab

2012-11-18 15:42 - 2012-11-18 15:42 - 03668863 ____A C:\Users\angelika\Documents\Thunderbird 16.0.2 (de) - 2012-11-18.pcv

2012-11-18 15:30 - 2012-11-18 15:30 - 00004078 ____A C:\Users\angelika\Downloads\german.zip

2012-11-18 15:24 - 2012-11-18 15:40 - 00000000 ____D C:\Program Files (x86)\MozBackup

2012-11-18 15:24 - 2012-11-18 15:24 - 01035926 ____A C:\Users\angelika\Downloads\MozBackup-1.5.1-EN.exe

2012-11-18 15:24 - 2012-11-18 15:24 - 00001035 ____A C:\Users\Public\Desktop\MozBackup.lnk

2012-11-18 09:12 - 2012-11-18 09:12 - 00000000 ____D C:\Users\angelika\AppData\Roaming\Tific

2012-11-18 09:12 - 2012-11-18 09:12 - 00000000 ____D C:\Users\angelika\AppData\Local\Symantec

2012-11-17 12:33 - 2012-11-20 08:23 - 00002381 ____A C:\Users\Public\Desktop\Norton 360.lnk

2012-11-17 12:33 - 2012-11-17 12:33 - 00000000 ____D C:\Program Files\Symantec

2012-11-17 12:33 - 2010-08-21 04:59 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

2012-11-17 12:32 - 2012-11-20 08:23 - 00000000 ____D C:\Windows\System32\Drivers\N360x64

2012-11-17 12:31 - 2012-11-17 12:32 - 00000000 ____D C:\Program Files (x86)\Norton 360

2012-11-17 12:18 - 2012-11-17 12:18 - 00000000 ____D C:\Windows\System32\Drivers\NBRTWizardx64

2012-11-17 12:18 - 2012-11-17 12:18 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard

2012-11-17 12:18 - 2012-07-26 06:32 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll

2012-11-17 12:18 - 2012-07-26 06:32 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll

2012-11-17 11:49 - 2012-07-26 05:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys

2012-11-17 11:49 - 2012-07-26 05:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys

2012-11-17 11:49 - 2012-07-26 03:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll

2012-11-17 11:49 - 2012-06-02 15:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2012-11-17 11:42 - 2012-10-08 12:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-11-17 11:42 - 2012-10-08 12:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-11-17 11:42 - 2012-10-08 12:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-11-17 11:42 - 2012-10-08 12:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-11-17 11:42 - 2012-10-08 12:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-11-17 11:42 - 2012-10-08 12:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-11-17 11:42 - 2012-10-08 12:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-11-17 11:42 - 2012-10-08 12:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-11-17 11:42 - 2012-10-08 12:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-11-17 11:42 - 2012-10-08 12:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-11-17 11:42 - 2012-10-08 12:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-11-17 11:42 - 2012-10-08 08:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-11-17 11:42 - 2012-10-08 08:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-11-17 11:42 - 2012-10-08 08:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-11-17 11:42 - 2012-10-08 08:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-11-17 11:42 - 2012-10-08 08:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-11-17 11:42 - 2012-10-08 08:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-11-17 11:42 - 2012-10-08 08:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-11-17 11:42 - 2012-10-08 08:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-11-17 11:42 - 2012-10-08 08:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-11-17 11:42 - 2012-10-08 08:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-11-17 11:41 - 2012-10-08 13:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-11-17 11:41 - 2012-10-08 12:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-11-17 11:41 - 2012-10-08 12:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-11-17 11:41 - 2012-10-08 12:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-11-17 11:41 - 2012-10-08 12:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-11-17 11:41 - 2012-10-08 09:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-11-17 11:41 - 2012-10-08 09:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-11-17 11:41 - 2012-10-08 08:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-11-17 11:41 - 2012-10-08 08:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-11-17 11:41 - 2012-10-08 08:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-11-17 11:41 - 2012-10-08 08:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-11-17 11:40 - 2012-07-26 04:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll

2012-11-17 11:40 - 2012-07-26 04:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe

2012-11-17 11:40 - 2012-07-26 04:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll

2012-11-17 11:40 - 2012-07-26 04:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll

2012-11-17 11:40 - 2012-07-26 04:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll

2012-11-17 11:40 - 2012-07-26 03:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys

2012-11-17 11:40 - 2012-07-26 03:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys

2012-11-17 11:40 - 2012-06-02 15:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

2012-11-17 11:15 - 2012-11-17 11:15 - 00912648 ____A (Symantec Corporation) C:\Users\angelika\Downloads\NBRT-Retail-Downloader(1).exe

2012-11-17 10:44 - 2012-09-25 23:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll

2012-11-17 10:44 - 2012-09-25 22:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll

2012-11-17 10:39 - 2012-11-20 09:00 - 00001395 ____A C:\Users\angelika\Desktop\Norton-Installations-dateien.lnk

2012-11-17 10:39 - 2012-11-20 09:00 - 00001246 ____A C:\Users\angelika\Desktop\Norton Download Manager.lnk

2012-11-17 10:39 - 2012-11-17 10:39 - 00912648 ____A (Symantec Corporation) C:\Users\angelika\Downloads\NBRT-Retail-Downloader.exe

2012-11-04 15:18 - 2012-11-17 13:17 - 00000000 ____D C:\Users\angelika\Desktop\Für Rechtsanwalt

2012-11-01 14:15 - 2012-11-01 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2012-10-29 09:31 - 2012-10-29 09:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-10-24 07:04 - 2012-11-21 10:20 - 00007616 ____A C:\Windows\setupact.log

2012-10-24 07:04 - 2012-11-20 16:24 - 00045246 ____A C:\Windows\PFRO.log

2012-10-24 07:04 - 2012-10-24 07:04 - 00000000 ____A C:\Windows\setuperr.log

2012-10-23 05:37 - 2012-10-23 05:37 - 00000826 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-10-23 05:36 - 2012-10-23 05:37 - 00000000 ____D C:\Program Files\CCleaner

2012-10-23 05:31 - 2012-10-23 05:31 - 00000009 ____A C:\END

2012-10-23 05:30 - 2012-11-20 09:43 - 00000000 ____D C:\Users\angelika\AppData\Roaming\convert

2012-10-23 05:30 - 2012-10-23 05:42 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro

2012-10-23 05:24 - 2012-10-23 05:24 - 01068800 ____A C:\Users\angelika\Downloads\CCleaner-Setup.exe

2012-10-22 08:30 - 2012-10-23 06:27 - 00000000 ____D C:\Users\angelika\Documents\PHOTUX

2012-10-22 08:19 - 2012-10-22 08:19 - 00522017 ____A (hxxp://www.TOPSYS.net) C:\Users\angelika\Downloads\FotobuchProfi.exe

2012-10-22 07:30 - 2012-11-01 18:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-10-22 07:30 - 2012-10-22 07:30 - 00001155 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-10-22 07:06 - 2012-10-22 07:06 - 00000000 ____D C:\Users\angelika\AppData\Roaming\No Company Name
 
 

==================== One Month Modified Files and Folders =======
 

2012-11-21 14:45 - 2009-09-20 16:09 - 00661854 ____A C:\Windows\System32\perfh007.dat

2012-11-21 14:45 - 2009-09-20 16:09 - 00133990 ____A C:\Windows\System32\perfc007.dat

2012-11-21 14:45 - 2009-07-14 06:13 - 01520238 ____A C:\Windows\System32\PerfStringBackup.INI

2012-11-21 14:43 - 2012-11-21 14:43 - 00000000 ____D C:\FRST

2012-11-21 14:40 - 2009-09-20 06:17 - 01646562 ____A C:\Windows\WindowsUpdate.log

2012-11-21 14:39 - 2011-10-30 12:56 - 00000330 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job

2012-11-21 14:39 - 2010-02-07 11:50 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-11-21 13:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing

2012-11-21 10:20 - 2012-10-24 07:04 - 00007616 ____A C:\Windows\setupact.log

2012-11-21 08:12 - 2010-02-07 11:50 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-11-21 08:10 - 2012-11-21 14:48 - 01461037 ____A (Farbar) C:\Users\angelika\Desktop\FRST64.exe

2012-11-21 07:43 - 2009-07-14 05:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-11-21 07:43 - 2009-07-14 05:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-11-21 07:36 - 2012-04-08 07:06 - 00000332 ____A C:\Windows\Tasks\PCCT - MAGIX AG.job

2012-11-21 07:36 - 2012-03-23 09:29 - 00000284 ____A C:\Windows\Tasks\MxTray.job

2012-11-21 07:36 - 2010-10-07 16:37 - 00065536 _____ C:\Windows\System32\Ikeext.etl

2012-11-21 07:36 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-11-20 18:14 - 2012-11-18 20:01 - 00115964 ____A C:\Users\angelika\Desktop\OTL.Txt

2012-11-20 17:27 - 2012-11-20 17:27 - 00000000 ____D C:\Users\angelika\Documents\.plugins

2012-11-20 16:24 - 2012-10-24 07:04 - 00045246 ____A C:\Windows\PFRO.log

2012-11-20 16:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF

2012-11-20 15:59 - 2012-11-20 15:56 - 00000000 ____D C:\Users\angelika\Desktop\Neuer Ordner

2012-11-20 15:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2012-11-20 09:54 - 2012-11-20 09:54 - 00021770 ____A C:\ComboFix.txt

2012-11-20 09:54 - 2012-11-20 08:54 - 00000000 ____D C:\Qoobox

2012-11-20 09:54 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default

2012-11-20 09:50 - 2012-11-20 08:54 - 00000000 ____D C:\Windows\erdnt

2012-11-20 09:46 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini

2012-11-20 09:43 - 2012-10-23 05:30 - 00000000 ____D C:\Users\angelika\AppData\Roaming\convert

2012-11-20 09:00 - 2012-11-17 10:39 - 00001395 ____A C:\Users\angelika\Desktop\Norton-Installations-dateien.lnk

2012-11-20 09:00 - 2012-11-17 10:39 - 00001246 ____A C:\Users\angelika\Desktop\Norton Download Manager.lnk

2012-11-20 09:00 - 2012-03-02 13:23 - 00000000 ____D C:\Users\All Users\Norton

2012-11-20 08:55 - 2012-11-20 08:55 - 00000799 ____A C:\Users\angelika\Desktop\ComboFix.exe - Verknüpfung.lnk

2012-11-20 08:23 - 2012-11-17 12:33 - 00002381 ____A C:\Users\Public\Desktop\Norton 360.lnk

2012-11-20 08:23 - 2012-11-17 12:32 - 00000000 ____D C:\Windows\System32\Drivers\N360x64

2012-11-19 08:57 - 2012-11-19 08:57 - 00001916 ____A C:\Users\angelika\Desktop\aswMBR.txt

2012-11-19 08:57 - 2012-11-19 08:57 - 00000512 ____A C:\Users\angelika\Desktop\MBR.dat

2012-11-19 03:14 - 2012-11-19 03:14 - 00000000 ____A C:\Users\angelika\defogger_reenable

2012-11-19 03:14 - 2009-11-22 01:43 - 00000000 ____D C:\users\angelika

2012-11-19 03:08 - 2009-12-27 16:33 - 00000000 ____D C:\Users\angelika\Documents\MAGIX_MxTray

2012-11-19 03:05 - 2012-11-19 03:05 - 00076086 ____A C:\AdwCleaner[S1].txt

2012-11-19 03:01 - 2011-04-29 06:38 - 00000000 ____D C:\Users\angelika\Desktop\Termine Veranstaltungen 2012 ToDoListe

2012-11-18 20:05 - 2012-11-18 20:05 - 00100450 ____A C:\Users\angelika\Desktop\Extras.Txt

2012-11-18 18:41 - 2012-11-18 19:34 - 00602112 ____A (OldTimer Tools) C:\Users\angelika\Desktop\OTL.exe

2012-11-18 17:33 - 2012-11-18 17:33 - 00000000 ____D C:\Users\angelika\AppData\Roaming\Malwarebytes

2012-11-18 17:33 - 2012-11-18 17:33 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-11-18 16:31 - 2012-11-18 16:31 - 00000000 ____D C:\Windows\CheckSur

2012-11-18 16:31 - 2012-11-18 16:31 - 00000000 ____D C:\2ee80120ce644b9489ce6ebf1aa1ab

2012-11-18 16:14 - 2009-11-21 20:01 - 00000000 ____D C:\Daten-Angelika

2012-11-18 15:42 - 2012-11-18 15:42 - 03668863 ____A C:\Users\angelika\Documents\Thunderbird 16.0.2 (de) - 2012-11-18.pcv

2012-11-18 15:40 - 2012-11-18 15:24 - 00000000 ____D C:\Program Files (x86)\MozBackup

2012-11-18 15:30 - 2012-11-18 15:30 - 00004078 ____A C:\Users\angelika\Downloads\german.zip

2012-11-18 15:24 - 2012-11-18 15:24 - 01035926 ____A C:\Users\angelika\Downloads\MozBackup-1.5.1-EN.exe

2012-11-18 15:24 - 2012-11-18 15:24 - 00001035 ____A C:\Users\Public\Desktop\MozBackup.lnk

2012-11-18 14:21 - 2012-01-11 09:07 - 00000000 ____D C:\Users\angelika\Desktop\Keyborard Harmonielehre und Klavier

2012-11-18 09:12 - 2012-11-18 09:12 - 00000000 ____D C:\Users\angelika\AppData\Roaming\Tific

2012-11-18 09:12 - 2012-11-18 09:12 - 00000000 ____D C:\Users\angelika\AppData\Local\Symantec

2012-11-17 13:17 - 2012-11-04 15:18 - 00000000 ____D C:\Users\angelika\Desktop\Für Rechtsanwalt

2012-11-17 13:02 - 2009-11-22 01:43 - 00194104 ____A C:\Users\angelika\AppData\Local\GDIPFONTCACHEV1.DAT

2012-11-17 12:33 - 2012-11-17 12:33 - 00000000 ____D C:\Program Files\Symantec

2012-11-17 12:33 - 2012-03-02 13:24 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS

2012-11-17 12:33 - 2012-03-02 13:24 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT

2012-11-17 12:32 - 2012-11-17 12:31 - 00000000 ____D C:\Program Files (x86)\Norton 360

2012-11-17 12:18 - 2012-11-17 12:18 - 00000000 ____D C:\Windows\System32\Drivers\NBRTWizardx64

2012-11-17 12:18 - 2012-11-17 12:18 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard

2012-11-17 12:13 - 2009-07-14 05:45 - 05180312 ____A C:\Windows\System32\FNTCACHE.DAT

2012-11-17 11:53 - 2009-09-01 02:28 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-11-17 11:40 - 2009-07-14 03:34 - 00000510 ____A C:\Windows\win.ini

2012-11-17 11:15 - 2012-11-17 11:15 - 00912648 ____A (Symantec Corporation) C:\Users\angelika\Downloads\NBRT-Retail-Downloader(1).exe

2012-11-17 10:39 - 2012-11-17 10:39 - 00912648 ____A (Symantec Corporation) C:\Users\angelika\Downloads\NBRT-Retail-Downloader.exe

2012-11-17 10:39 - 2012-04-21 08:19 - 00000000 ____D C:\Users\Public\Downloads\Norton

2012-11-17 10:35 - 2010-09-15 18:22 - 00000000 ____D C:\users\Ulli

2012-11-17 10:34 - 2012-03-02 13:24 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared

2012-11-17 10:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

2012-11-15 08:30 - 2012-03-02 08:22 - 00000000 ____D C:\Users\angelika\Desktop\Ausflüge und Freizeit und Urlaub

2012-11-01 18:57 - 2012-10-22 07:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-11-01 17:53 - 2012-11-01 14:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2012-10-29 09:31 - 2012-10-29 09:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-10-29 07:58 - 2009-11-21 20:02 - 00000000 ____D C:\Users\angelika\AppData\Roaming\Adobe

2012-10-24 07:26 - 2009-08-31 20:24 - 00000000 ____D C:\Users\All Users\Adobe

2012-10-24 07:25 - 2009-08-31 20:23 - 00000000 ____D C:\Program Files (x86)\Adobe

2012-10-24 07:24 - 2009-11-23 03:54 - 00000000 ____D C:\Users\angelika\AppData\Local\Adobe

2012-10-24 07:04 - 2012-10-24 07:04 - 00000000 ____A C:\Windows\setuperr.log

2012-10-23 06:27 - 2012-10-22 08:30 - 00000000 ____D C:\Users\angelika\Documents\PHOTUX

2012-10-23 05:42 - 2012-10-23 05:30 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro

2012-10-23 05:40 - 2012-04-08 07:02 - 00000000 ____D C:\Users\angelika\AppData\Local\CrashDumps

2012-10-23 05:40 - 2009-07-27 21:41 - 00000000 ____D C:\Windows\Panther

2012-10-23 05:37 - 2012-10-23 05:37 - 00000826 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-10-23 05:37 - 2012-10-23 05:36 - 00000000 ____D C:\Program Files\CCleaner

2012-10-23 05:31 - 2012-10-23 05:31 - 00000009 ____A C:\END

2012-10-23 05:24 - 2012-10-23 05:24 - 01068800 ____A C:\Users\angelika\Downloads\CCleaner-Setup.exe

2012-10-23 04:29 - 2010-09-20 02:19 - 00000000 ____D C:\Users\angelika\AppData\Roaming\MAGIX Fotobuch

2012-10-22 08:19 - 2012-10-22 08:19 - 00522017 ____A (hxxp://www.TOPSYS.net) C:\Users\angelika\Downloads\FotobuchProfi.exe

2012-10-22 07:30 - 2012-10-22 07:30 - 00001155 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-10-22 07:06 - 2012-10-22 07:06 - 00000000 ____D C:\Users\angelika\AppData\Roaming\No Company Name
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== Restore Points  =========================
 

Restore point made on: 2012-11-18 22:16:03

Restore point made on: 2012-11-19 03:00:41

Restore point made on: 2012-11-19 09:04:59

Restore point made on: 2012-11-20 09:57:46

Restore point made on: 2012-11-20 16:23:25
 

==================== Memory info =========================== 
 

Percentage of memory in use: 33%

Total physical RAM: 3998.79 MB

Available physical RAM: 2667.71 MB

Total Pagefile: 5020.93 MB

Available Pagefile: 3683.91 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB
 

==================== Partitions =============================
 

1 Drive c: (ACER) (Fixed) (Total:453.94 GB) (Free:143.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]

3 Drive e: () (Removable) (Total:30.22 GB) (Free:28.07 GB) FAT32

6 Drive h: () (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
 

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT

  ---------------  -------------  -------  -------  ---  ---

  Datentr„ger 0    Online          465 GB      0 B         

  Datentr„ger 1    Kein Medium        0 B      0 B         

  Datentr„ger 2    Online           30 GB      0 B         

  Datentr„ger 3    Kein Medium        0 B      0 B         

  Datentr„ger 4    Kein Medium        0 B      0 B         
 

Partitions of Disk 0:

===============
 

  Partition ###  Typ               Gr”áe    Offset

  -------------  ----------------  -------  -------

  Partition 1    Wiederherstellun    11 GB  1024 KB

  Partition 2    Prim„r             100 MB    11 GB

  Partition 3    Prim„r             453 GB    11 GB
 

==================================================================================
 

Disk: 0

Partition 1

Typ      : 27

Versteckt: Ja

Aktiv    : Nein
 

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 3         PQSERVICE    NTFS   Partition     11 GB  Fehlerfre  Versteck
 

=========================================================
 

Disk: 0

Partition 2

Typ      : 07

Versteckt: Nein

Aktiv    : Ja
 

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 1         SYSTEM RESE  NTFS   Partition    100 MB  Fehlerfre  System (partition with boot components)  
 

=========================================================
 

Disk: 0

Partition 3

Typ      : 07

Versteckt: Nein

Aktiv    : Nein
 

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 2     C   ACER         NTFS   Partition    453 GB  Fehlerfre  Startpar
 

=========================================================
 

Disk: 0

Partition 3

Typ      : 07

Versteckt: Nein

Aktiv    : Nein
 

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 2     C   ACER         NTFS   Partition    453 GB  Fehlerfre  Startpar
 

=========================================================
 

Partitions of Disk 2:

===============
 

  Partition ###  Typ               Gr”áe    Offset

  -------------  ----------------  -------  -------

  Partition 1    Prim„r              30 GB  4096 KB
 

==================================================================================
 

Disk: 2

Partition 1

Typ      : 0C

Versteckt: Nein

Aktiv    : Nein
 

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 5     E                FAT32  Wechselmed    30 GB  Fehlerfre          
 

=========================================================
 

Disk: 2

Partition 1

Typ      : 0C

Versteckt: Nein

Aktiv    : Nein
 

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 5     E                FAT32  Wechselmed    30 GB  Fehlerfre          
 

=========================================================
 

Last Boot: 2012-11-20 15:02
 

==================== End Of Log =============================