Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Lautstärkemixer, Firefox 20 und IE 10 gehen beim Systemstart automatisch auf (https://www.trojaner-board.de/133869-lautstaerkemixer-firefox-20-ie-10-gehen-beim-systemstart-automatisch.html)

Rhippy 18.04.2013 07:16
Lautstärkemixer, Firefox 20 und IE 10 gehen beim Systemstart automatisch auf
 
Vorweg DANKE!
Computer von einer Freundin - bei mir abgegeben mit den Worten <da stimmt was nicht mit>
Betriebssystem Windows 7 32bit - Antivirus MS Internet Secure Essentials
alle Updates die MS empfiehlt drauf außer "Sicherheitsupdate SQLServer 2005" das versucht Windows immer zu installieren schlägt aber fehlt. Die Hinweise die MS dann gibt führen ins leere. Komisch ist als ich SQL Server deinstallieren wollte, ist es nicht zu finden unter "Programme deinstallieren"
Zum ersten Problem: Unter Autostart und auch mit CCleaner Autostart finde "ich" kein Programm was die beiden veranlasst die Browser auf zu machen. MSconfig aufgemacht auch dort denke ich ist nichts.
OLT.txt
OTL Logfile:
Code:
OTL logfile created on: 18.04.2013 07:38:44 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Anja\Desktop\OLT
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,52% Memory free
3,98 Gb Paging File | 2,71 Gb Available in Paging File | 68,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61,45 Gb Total Space | 17,36 Gb Free Space | 28,25% Space Free | Partition Type: NTFS
Drive D: | 61,50 Gb Total Space | 52,27 Gb Free Space | 85,00% Space Free | Partition Type: NTFS
 
Computer Name: ANJA-PC | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.18 07:32:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OLT\OTL.exe
PRC - [2013.04.13 16:15:06 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2011.09.23 21:51:24 | 000,580,632 | ---- | M] (NTI Corporation) -- C:\Programme\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
PRC - [2011.09.23 21:51:22 | 000,045,592 | ---- | M] (NTI Corporation) -- C:\Programme\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GregHSRW.exe
PRC - [2009.08.12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.07.27 19:42:10 | 000,656,696 | ---- | M] (Wave Systems Corp.) -- C:\Programme\Wave Systems Corp\SecureUpgrade.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.05.13 04:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer SmartBoot\ASLSvc.exe
PRC - [2009.04.17 23:17:30 | 000,434,176 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSaver\PowerSaverTray.exe
PRC - [2009.02.18 02:01:04 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2009.02.17 23:03:26 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007.11.27 18:13:44 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.13 16:14:45 | 003,133,336 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.01.24 17:04:30 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.09.23 21:54:00 | 000,465,344 | ---- | M] () -- C:\Programme\NTI\NTI Backup Now EZ\sqlite3.dll
MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.06.03 18:07:50 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.12 22:16:02 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.09.23 21:51:22 | 000,045,592 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Programme\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.03 13:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009.05.13 04:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009.02.18 02:01:04 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2009.02.17 23:03:26 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\xmbvefow.sys -- (xmbvefow)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jizpxvdx.sys -- (jizpxvdx)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.02.05 23:33:16 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2009.02.05 23:33:14 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2008.03.12 01:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eLock2burnerlockdriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008.03.12 00:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=veriton_m265&r=17050310kz06p73553s95g08914b06
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=veriton_m265&r=17050310kz06p73553s95g08914b06
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {10743931-94DF-476f-A987-4391233C17A2}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.6.0.10
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.20 00:23:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 16:15:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.13 16:14:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.20 00:23:58 | 000,000,000 | ---D | M]
 
[2010.04.29 06:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Extensions
[2013.04.17 01:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\c717vksb.default\extensions
[2011.08.31 11:25:40 | 000,000,931 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\mozilla\firefox\profiles\c717vksb.default\searchplugins\conduit.xml
[2013.04.13 16:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.13 16:14:37 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
[2013.04.13 16:15:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013.01.08 03:44:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.08 03:44:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.08 03:44:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.08 03:44:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.08 03:44:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.08 03:44:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_RebeccaTaylor = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahpkkfpjpdcfdkbpeoibdhfadicnhdj\3_1\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer PowerSaver] C:\Programme\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer SmartBoot] C:\Programme\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AutoLockProcess] C:\Programme\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe (NTI Corporation)
O4 - HKLM..\Run: [EmbassySecurityCheck] ";C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk = C:\Programme\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Anja\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anja\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D63C41C1-3E5E-4D31-86CA-3047CB51A3B5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{48a3c2c0-253c-11e0-8819-0025118aaf19}\Shell - "" = AutoRun
O33 - MountPoints2\{48a3c2c0-253c-11e0-8819-0025118aaf19}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.18 07:32:34 | 000,000,000 | ---D | C] -- C:\Users\Anja\Desktop\OLT
[2013.04.17 12:08:24 | 000,000,000 | ---D | C] -- C:\Users\Anja\Desktop\Ordner auf D
[2013.04.17 09:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013.04.17 09:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013.04.17 09:52:55 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
[2013.04.17 09:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2013.04.17 09:48:32 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Programs
[2013.04.17 09:22:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2013.04.17 01:36:16 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.04.17 01:17:53 | 000,000,000 | ---D | C] -- C:\Users\Anja\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2013.04.16 22:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.04.16 22:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.04.16 22:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.04.13 16:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.07 17:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NTIReg
[2013.04.07 17:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ
[2013.04.07 17:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\NTI
[2013.03.26 18:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.18 07:32:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.18 07:29:40 | 000,000,000 | ---- | M] () -- C:\Users\Anja\defogger_reenable
[2013.04.18 07:22:53 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 07:22:53 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 07:14:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.18 07:13:34 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.18 07:13:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.18 07:13:18 | 1602,936,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.17 09:53:06 | 000,000,228 | ---- | M] () -- C:\Users\Public\Desktop\Your Software Deals.url
[2013.04.17 09:53:05 | 000,002,184 | ---- | M] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO9).lnk
[2013.04.17 09:53:05 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 9.lnk
[2013.04.17 09:22:20 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.04.17 09:21:47 | 000,001,201 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.04.17 08:39:53 | 000,539,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.16 22:19:35 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.13 15:56:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job
[2013.04.07 17:27:10 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\NTI Backup Now EZ.lnk
[2013.04.07 17:25:28 | 000,662,740 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.07 17:25:28 | 000,123,934 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.07 17:25:27 | 000,711,120 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.07 17:25:27 | 000,153,548 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.05 17:54:02 | 000,013,305 | ---- | M] () -- C:\Users\Anja\Desktop\Elternklinik.odt
[2013.03.26 18:22:19 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.25 16:38:54 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.22 20:50:50 | 000,000,325 | ---- | M] () -- C:\Users\Anja\Desktop\HP Druckerdiagnosetools.url
 
========== Files Created - No Company Name ==========
 
[2013.04.18 07:29:40 | 000,000,000 | ---- | C] () -- C:\Users\Anja\defogger_reenable
[2013.04.17 09:53:06 | 000,000,228 | ---- | C] () -- C:\Users\Public\Desktop\Your Software Deals.url
[2013.04.17 09:53:05 | 000,002,184 | ---- | C] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO9).lnk
[2013.04.17 09:53:05 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 9.lnk
[2013.04.17 09:21:47 | 000,001,201 | ---- | C] () -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.04.17 01:36:17 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.04.16 22:19:35 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.07 17:27:10 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\NTI Backup Now EZ.lnk
[2013.04.05 17:44:10 | 000,013,305 | ---- | C] () -- C:\Users\Anja\Desktop\Elternklinik.odt
[2013.03.26 18:22:19 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.25 16:38:54 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.22 20:50:46 | 000,000,325 | ---- | C] () -- C:\Users\Anja\Desktop\HP Druckerdiagnosetools.url
[2011.11.20 00:18:15 | 000,233,456 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.10.01 17:29:58 | 000,233,428 | ---- | C] () -- C:\Windows\hpoins47.dat.temp
[2011.10.01 17:29:58 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2011.06.21 10:59:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.08.11 22:10:00 | 000,007,168 | ---- | C] () -- C:\Users\Anja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.28 21:27:43 | 000,019,803 | ---- | C] () -- C:\Users\Anja\frank.odt
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.03.31 19:58:08 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Canneverbe Limited
[2011.11.23 23:25:09 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\DVDVideoSoft
[2011.11.23 23:24:53 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.01 19:11:07 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\OpenOffice.org
[2012.04.12 19:58:59 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Origin
[2013.04.16 08:03:00 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Spotify
[2011.12.21 22:50:10 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Unity
[2010.03.31 16:32:53 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Wave Systems Corp
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


[/CODE]

Extra.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 18.04.2013 07:38:44 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Anja\Desktop\OLT
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,52% Memory free
3,98 Gb Paging File | 2,71 Gb Available in Paging File | 68,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61,45 Gb Total Space | 17,36 Gb Free Space | 28,25% Space Free | Partition Type: NTFS
Drive D: | 61,50 Gb Total Space | 52,27 Gb Free Space | 85,00% Space Free | Partition Type: NTFS
 
Computer Name: ANJA-PC | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F0DAD3-6F0A-42A6-85A1-B4F41CF79A4E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0B666C4F-D9B6-4112-A595-82FA7BB9E1AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12E20DB7-5830-4E7F-8A47-FCC2A0BDED9E}" = lport=137 | protocol=17 | dir=in | app=system |
"{13203F1B-C2BE-4F8E-B736-92559C270AF4}" = lport=138 | protocol=17 | dir=in | app=system |
"{18F0B540-300B-4BFA-BA03-0CBF91C18649}" = lport=2869 | protocol=6 | dir=in | app=system |
"{205DC69B-AD59-46AE-A0D5-9826C4B833CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EBDA91A-4EE4-4BDB-B3BD-BA62420DC5B6}" = lport=445 | protocol=6 | dir=in | app=system |
"{40D84AC1-AA51-42D0-BE0B-E883A42B7C7D}" = rport=137 | protocol=17 | dir=out | app=system |
"{4524FA4F-A302-466D-8D24-2C3EFE839C87}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E6E13F1-E401-446F-BE6F-4B6EB7179466}" = lport=139 | protocol=6 | dir=in | app=system |
"{61B2D0EE-4193-46B5-9726-70B2C47BB30E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{64804403-8D2A-4F9B-8455-4658D5E776A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{665106E2-C4DD-443C-80EA-E0DF382AB6D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6CC67D86-F9A2-45A5-9F4A-153F485F65FC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{766A9950-CF28-43D0-8A6A-AA12B1BD642C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1AD54B5-4628-40A0-971D-FE5B6EF14C91}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{AC550C8A-B87D-407F-B6B3-AD2D4F83A4A6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B392AF45-7AD7-4F5A-936C-A822E6192514}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB00212A-9760-4CC0-B536-3B7EBBE7668E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB6ADC0B-10F5-4E80-8BAF-E8F3A1CFB899}" = rport=445 | protocol=6 | dir=out | app=system |
"{D2E1E84F-BCD3-4BBA-A6E8-85640B7BC64C}" = rport=139 | protocol=6 | dir=out | app=system |
"{E7FBB63C-644E-473A-A7C3-83D91632E6A0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EEB5A823-0B0D-4F38-ADE8-37C1A81C3F18}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8CAF7FB-B69A-4AF0-B1D8-12FA911A08FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037879E8-E2A1-4CF9-942D-5934FDC617A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{049CFA9C-2428-4D59-B890-111B418D2D52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{04AFD455-1D90-4B52-9DE6-33ABC6B2E239}" = protocol=6 | dir=in | app=c:\users\anja\appdata\roaming\spotify\spotify.exe |
"{09E2D29F-2F5B-4690-9300-59AA3A3CA505}" = protocol=17 | dir=in | app=c:\users\anja\appdata\roaming\spotify\spotify.exe |
"{0BEA6CB9-6949-4518-BF08-DB9D974D28C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{105E7CE6-7E3D-4006-A604-68B7E568337A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2B04CF0D-4E0F-4994-A2C2-74983DD45C2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{329C780B-9472-4FAF-8934-FE81FA6936B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{344A70B1-AB8E-4D9C-B4BD-1DFCE87454F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{35F51E65-749A-4BB3-AA0B-96F5FD9ED5CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{3B51AD4F-E8F7-4A9D-B476-CB3A1DE260BE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3D867E77-B5A7-43C4-8801-5973F2B08BCA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{54392CD0-374F-4CBC-BD1F-6B18C27CB789}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{5A621A17-38FF-48BB-AF61-31D1A1A72D80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A9D63BF-09D7-44A3-852A-8BD62DCEC9C8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{5DBE297D-1F4A-42C9-AA29-0B9B7A7D4C7A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{62F47012-129F-4BA0-BF42-CF4FAE29C14F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6376C1B1-0865-403E-AD02-27BD84E482DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{6489522C-BA4C-4366-8A93-841BB31C94E1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7391EB0C-5AB8-4BE7-A6C9-0F90B157E72E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{7ED7033A-861F-4E37-8524-8876ACEE1B52}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{888B13C8-549F-46B9-82C0-A1EB56CCB700}" = protocol=6 | dir=out | app=system |
"{971FE621-A5C9-4216-A95D-BCC987D9F4F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{9AF73580-4123-49FC-99C5-F9220CE39277}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B60E4BA-239F-4E09-AE4A-9C735F573CB4}" = protocol=6 | dir=in | app=c:\users\anja\appdata\roaming\spotify\spotify.exe |
"{A0E6216F-4944-40F8-967B-9422CF69AB21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7AC2446-E9CA-4FC4-BC70-486337E6ED31}" = protocol=17 | dir=in | app=c:\users\anja\appdata\roaming\spotify\spotify.exe |
"{B0BC1DB5-65BD-48FC-9850-97421EC7254E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{C1D0A316-F594-4BAC-883A-EAE7EA8A5E0F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{CCCA17E1-7442-4B99-8868-4EDF87CF68C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CDCC9174-5B37-4CC0-BFD5-0E97933D9248}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1FB51B0-7FE8-44E4-9834-48AD4B205BEC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E4E589FB-2B5B-4E83-A44B-32B4F243161C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB9B5590-81AE-4089-9D53-4A5B54315956}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{F668EAEF-25A9-4170-B4C7-1C86870AC6A4}" = dir=in | app=e:\setup\hpznui01.exe |
"{F7936669-26BB-4AFD-99A8-D93F7168087A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FC1AF6A6-634B-4A7B-8818-8B1D5234D116}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF701FEB-4972-4F45-8F49-60F2E79DED7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{7B0D8E13-7F7D-4C89-96BB-3FB3BC1311FE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{758BA9C7-74D8-4FA3-9A17-66BFAED74D46}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{087E06A0-4514-4CEA-918A-D6A9AB0F8433}" = upekmsi
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4209F371-29A2-6661-598F-36C7BBD65D31}_is1" = Ashampoo WinOptimizer 9 v.9.04.31
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5CC23DEB-D22A-4345-9CFF-F8C602BCE792}" = Acer eLock Management
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8048F0F3-C5AB-4C3C-8518-2B5E41DDFABA}" = AuthenTec Fingerprint Sensor Minimum Install
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Framework
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9E65215B-9DE9-401A-8541-C82FE2D2BC66}" = Acer SmartBoot
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A1FFD720-0806-40E9-9554-DB22D593FDEF}" = Acer PowerSaver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Embassy Trust Suite - Acer Edition
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D38FA7FF-84E7-42F7-ACAC-E85DF086F008}" = Acer QuickMigration
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"fotokasten comfort_is1" = fotokasten comfort 4.4
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Schulschriften" = Schulschriften
"TVWiz" = Intel(R) TV Wizard
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2013 17:28:12 | Computer Name = Anja-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 16.04.2013 17:28:12 | Computer Name = Anja-PC | Source = MsiInstaller | ID = 1023
Description =
 
Error - 16.04.2013 17:28:16 | Computer Name = Anja-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hotfix.exe, Version: 1.4.1581.0,
Zeitstempel: 0x4a44a63c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00090009  ID des fehlerhaften
 Prozesses: 0x15d0  Startzeit der fehlerhaften Anwendung: 0x01ce3ae9366f6409  Pfad der
 fehlerhaften Anwendung: d:\14521656a810c72d7c2cd62232\hotfix.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8cb4069e-a6dc-11e2-9bb5-0025118aaf19
 
Error - 16.04.2013 20:14:34 | Computer Name = Anja-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 16.04.2013 20:14:34 | Computer Name = Anja-PC | Source = MsiInstaller | ID = 1023
Description =
 
Error - 16.04.2013 20:14:37 | Computer Name = Anja-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hotfix.exe, Version: 1.4.1581.0,
Zeitstempel: 0x4a44a63c  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001f8c4  ID des fehlerhaften
 Prozesses: 0x1520  Startzeit der fehlerhaften Anwendung: 0x01ce3b0079a275e8  Pfad der
 fehlerhaften Anwendung: d:\8a8169773ffa4f2c6fd1b7\hotfix.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: c9bce828-a6f3-11e2-9bb5-0025118aaf19
 
Error - 17.04.2013 02:40:12 | Computer Name = Anja-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll".  Die abhängige Assemblierung
 "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.04.2013 03:29:54 | Computer Name = Anja-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll".  Die abhängige Assemblierung
 "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.04.2013 04:00:26 | Computer Name = Anja-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll".  Die abhängige Assemblierung
 "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.04.2013 01:13:41 | Computer Name = Anja-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll".  Die abhängige Assemblierung
 "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 16.04.2013 16:24:40 | Computer Name = Anja-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für SQL Server 2005 Service
 Pack 3 (KB2494113)
 
Error - 16.04.2013 16:27:36 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 16.04.2013 16:49:47 | Computer Name = Anja-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für SQL Server 2005 Service
 Pack 3 (KB2494113)
 
Error - 16.04.2013 17:01:18 | Computer Name = Anja-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für SQL Server 2005 Service
 Pack 3 (KB2494113)
 
Error - 16.04.2013 17:12:46 | Computer Name = Anja-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für SQL Server 2005 Service
 Pack 3 (KB2494113)
 
Error - 16.04.2013 17:28:36 | Computer Name = Anja-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für SQL Server 2005 Service
 Pack 3 (KB2494113)
 
Error - 16.04.2013 20:14:39 | Computer Name = Anja-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für SQL Server 2005 Service
 Pack 3 (KB2494113)
 
Error - 17.04.2013 03:32:30 | Computer Name = Anja-PC | Source = DCOM | ID = 10010
Description =
 
Error - 17.04.2013 05:50:46 | Computer Name = Anja-PC | Source = DCOM | ID = 10010
Description =
 
Error - 17.04.2013 06:10:05 | Computer Name = Anja-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070002 fehlgeschlagen: Sicherheitsupdate für SQL Server 2005 Service
 Pack 3 (KB2494113)
 
 
< End of report >
--- --- ---


Gmer ist auch fertig

Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-18 11:36:48
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Hitachi_HDT721016SLA380 rev.ST1OA31B 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Anja\AppData\Local\Temp\kwldrpow.sys


---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D  82E86A09 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82EC01F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                    eLock2FSCTLDriver.sys

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                    unknown MBR code

---- EOF - GMER 2.1 ----

cosinus 18.04.2013 13:18
Hallo und :hallo:

Zitat:
(Computer von einer Freundin)

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hat sie eine Professional-Edition von Windows, braucht sie das als Heimanwenderin?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Rhippy 22.04.2013 21:52
Habe mal MWB durchlaufen lassen der findet aber auch nichts
Zur Begründung warum Pro: Sieh dachte ihre Banksoftware würde nicht auf dem laufen und hat vorsichtshalber die Pro gekauft und dann mit mit dem Virtuellen XP das dann zu erledigen.

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.22.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
Anja :: ANJA-PC [Administrator]

22.04.2013 22:35:51
mbam-log-2013-04-22 (22-35-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 236284
Laufzeit: 9 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 22.04.2013 22:43
Ok, danke für die Erklärung, aber warum macht ihr einen neuen Virenscan mit MBAM?
Ich fragte nach bisherigen also schon vorhandenen Logs mit Funden. Gab es nun Funde in der Vergangenheit oder nicht?

Rhippy 26.04.2013 07:02
Nein es gab keine Funde, habe die Datenbanken nach 3 Tagen nochmal aktualisiert um sicher zu gehen das es nicht evtl. ein neuer Virus/Trojaner ist. Mache jetzt ein Back Up und installiere das System neu- denke das System hat irgendwo einen Fehler. Vielen Dank für die Hilfe.
Gruß von der Nordsee

cosinus 26.04.2013 08:10
Falls du doch noch analysieren lassen willst:


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19