E-Mail Account sendet an alle Adressbucheintragungen Mails

aschenbrödl · 06.02.2012, 22:46

Ich habe heute bemerkt, dass mein GMX email Accound sämtlichen Personen in meinem Adressbuch mails verschickt. Bemerkt wurde dies nur durch eine Fehlermeldung, die besagt, dass zwei email- Adressen nicht erreicht werden konnten. Ich habe in meiner Panik als erster mal die ausgehende Mail gelöscht ohne sie mir anzusehen (war vermutlich nicht sonderlich intelligent.

) und alle Kontakte aus dem Adressbuch gelöscht.

Danach habe ich versucht mit Norton Antivirus der Sache auf den Grund zu gehen mit folgendem Ergebnis:
alle erkannten Sicherheitsrisiken wurden erkannt und entfernt: 15 Tracking Cookies, und zwar diese hier:

Vollständiger Pfad: Nicht verfügbar
____________________________
____________________________
Auf Computern ab:
Nicht verfügbar
Zuletzt verwendet:
06.02.2012 um 17:26:04
Systemstartobjekt:
Nein
Gestartet:
Nein
____________________________
____________________________
Unbekannt
Anzahl der Benutzer in der Norton Community, die diese Datei verwendet haben: Unbekannt
____________________________
Gering
Das Risiko dieser Datei ist niedrig.
____________________________
Bedrohungsdetails
Art der Bedrohung: Tracking-Cookies. Ein Tracking-Cookie ist eine Datei, die Ihre Computeraktivitäten erfassen kann und an Dritte weitergibt.
____________________________
Ursprung
Heruntergeladen von URL nicht verfügbar

____________________________
Tracking-Cookies
Tracking-Cookie: .ivwbox.de
entfernt
Tracking-Cookie: .quantserve.com
entfernt
Tracking-Cookie: .adverserve.net
entfernt
Tracking-Cookie: ad.zanox.com
entfernt
Tracking-Cookie: .doubleclick.net
entfernt
Tracking-Cookie: .adriver.ru
entfernt
Tracking-Cookie: .revsci.net
entfernt
Tracking-Cookie: .atdmt.com
entfernt
Tracking-Cookie: .apmebf.com
entfernt
Tracking-Cookie: .mediaplex.com
entfernt
Tracking-Cookie: ad3.adfarm1.adition.com
entfernt
Tracking-Cookie: .adfarm1.adition.com
entfernt
Tracking-Cookie: ad2.adfarm1.adition.com
entfernt
Tracking-Cookie: Nachbearbeitung
entfernt
Tracking-Cookie: Verwaiste Elemente bereinigen
entfernt
____________________________
Dateiabdruck - SHA:
Nicht verfügbar
____________________________
Dateiabdruck - MD5:
Nicht verfügbar
____________________________

Hier im Forum habe ich dann folgenden Beitrag gefunden:
http://www.trojaner-board.de/108098-...-kontakte.html

Daraufhin habe ich mir Malwarebytes heruntergeladen, hier das Log-File:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.06.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Karin :: KARIN-PC [Administrator]

06.02.2012 19:23:24
mbam-log-2012-02-06 (19-23-24).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 400263
Laufzeit: 3 Stunde(n), 14 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Karin\Downloads\SoftonicDownloader_fuer_pdfcreator.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

war das jetzt die einzige Datei und kann ich meinen email Account wieder sorglos abrufen?

Bitte um Hilfe, verstehe selber nicht viel von Computern, also bitte die Hilfe in Form von "Plagegeisterbekämpfung für Dummies" halten

kira · 07.02.2012, 09:00

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

3.
Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter

Zitat:

Keine offenen Fenster, solang bis HijackThis läuft!!-> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile "markieren" -> "kopieren"-> hier in deinem Thread (rechte Maustaste) "einfügen" (musst du im Forum eingeloggt sein!)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
kira

aschenbrödl · 07.02.2012, 09:45

OTL läuft gerade, die restlichen Programme werden danach ausgeführt.

ich habe allerdings eine Frage zu diesem Punkt:

Zitat:

Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen

ich weis nicht, was bei den Programmen Seriennummer und was wichtige Information ist, möchte natürlich auch nicht dass diese Infos im Netz sind, wie sehe ich was ich durch ein X ersetzten kann?

Danke für deine Hilfe!

aschenbrödl · 07.02.2012, 09:48

zu schnell geantwortet, OTL ist gerade fertig!

Code:

ATTFilter

OTL logfile created on: 07.02.2012 09:40:12 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Karin\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,43 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 61,49% Memory free
6,85 Gb Paging File | 5,46 Gb Available in Paging File | 79,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 134,29 Gb Free Space | 31,62% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,00 Gb Free Space | 75,01% Space Free | Partition Type: NTFS
Drive E: | 702,82 Mb Total Space | 81,86 Mb Free Space | 11,65% Space Free | Partition Type: UDF
Drive F: | 465,76 Gb Total Space | 156,87 Gb Free Space | 33,68% Space Free | Partition Type: NTFS
Drive G: | 488,48 Mb Total Space | 401,42 Mb Free Space | 82,18% Space Free | Partition Type: FAT
 
Computer Name: KARIN-PC | User Name: Karin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Karin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Blaze Media Pro\NMSAccess32.exe ()
PRC - C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120203.002\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120206.020\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120206.020\NAVENG.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (Impcd) -- C:\Windows\system32\DRIVERS\Impcd.sys (Intel Corporation)
DRV - (IntcDAud) Intel(R) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (PRTDRV) -- C:\Windows\System32\Drivers\PRTDRV.sys (Psychology Software Tools)
DRV - (HECI) Intel(R) -- C:\Windows\system32\DRIVERS\HECI.sys (Intel Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (XUIF) -- C:\Windows\System32\Drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\Drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (Hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshhl) -- C:\Windows\System32\drivers\akshhl.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (SRBoxDRv) -- C:\Windows\System32\drivers\SRBoxDRv.sys (Psychology Software Tools)
DRV - (PortDRv) -- C:\Windows\System32\drivers\PortDRv.sys (Psychology Software Tools)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=14672&l=dis
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}:3.2.5.2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Karin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.18 17:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012.02.07 09:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012.02.07 09:15:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.05 13:23:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.23 16:32:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.18 17:03:38 | 000,000,000 | ---D | M]
 
[2010.09.26 21:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karin\AppData\Roaming\mozilla\Extensions
[2012.01.12 21:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karin\AppData\Roaming\mozilla\Firefox\Profiles\74v2hsto.default\extensions
[2012.01.12 21:19:34 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Karin\AppData\Roaming\mozilla\Firefox\Profiles\74v2hsto.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2011.11.01 20:20:09 | 000,002,396 | ---- | M] () -- C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\74v2hsto.default\searchplugins\askcom.xml
[2011.10.04 10:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.05 13:23:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.05 13:23:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.05 13:23:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.05 13:23:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.05 13:23:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.05 13:23:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.05 13:23:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{550500B5-3829-4243-93C4-E08B690AD997}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A34EE5B-9CDB-4BBC-A369-A031E82A7022}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.12.15 08:01:46 | 000,000,113 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.06 19:21:21 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Malwarebytes
[2012.02.06 19:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.06 19:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.06 19:21:10 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.06 19:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.01 20:24:56 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\pixelStorm
[2012.02.01 20:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2012.01.31 20:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap
[2012.01.31 20:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2012.01.25 18:53:43 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.01.25 18:53:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.01.23 16:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.01.23 16:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2012.01.23 16:43:53 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\WordToPDF
[2012.01.23 16:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\WordToPDF
[2012.01.23 16:40:27 | 000,000,000 | ---D | C] -- C:\Users\Karin\Documents\PDF-Dateien
[2012.01.23 16:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.01.12 21:16:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.12 21:16:08 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.12 21:16:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Karin\Desktop\*.tmp files -> C:\Users\Karin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.07 09:35:04 | 000,659,004 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.07 09:35:04 | 000,620,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.07 09:35:04 | 000,132,542 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.07 09:35:04 | 000,108,332 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.07 09:22:41 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 09:22:41 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 09:15:06 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.07 09:14:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.07 09:13:59 | 2760,847,360 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.06 22:54:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.04 15:27:25 | 365,209,474 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.28 05:52:38 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1207000.00D\isolate.ini
[2012.01.25 22:56:06 | 000,238,988 | ---- | M] () -- C:\Windows\hpwins26.dat
[2012.01.23 16:49:41 | 000,183,200 | ---- | M] () -- C:\Users\Karin\Desktop\Autismus.pdf
[2012.01.23 16:32:08 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.01.20 22:19:53 | 009,845,793 | ---- | M] () -- C:\Users\Karin\Desktop\RATT   Back For More (official music video) HQ.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Karin\Desktop\*.tmp files -> C:\Users\Karin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.23 16:49:40 | 000,183,200 | ---- | C] () -- C:\Users\Karin\Desktop\Autismus.pdf
[2012.01.23 16:32:08 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.01.23 16:32:08 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.01.20 22:19:39 | 009,845,793 | ---- | C] () -- C:\Users\Karin\Desktop\RATT   Back For More (official music video) HQ.mp3
[2011.11.22 20:26:40 | 000,003,584 | ---- | C] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.18 16:54:35 | 000,238,988 | ---- | C] () -- C:\Windows\hpwins26.dat
[2010.08.25 19:30:02 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.08.25 19:30:00 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.08.25 19:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.03.14 06:34:12 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.03.04 07:23:47 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.03.02 06:40:12 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2010.03.02 06:40:12 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010.03.02 06:39:10 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010.03.02 05:59:45 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.03.02 05:59:44 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.03.02 05:59:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009.08.18 07:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 09:47:43 | 000,659,004 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,132,542 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,384,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,620,150 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,108,332 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.07 12:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2008.10.04 00:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\System32\erdmpg-6.dll
[2008.09.28 18:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2008.08.28 12:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\comLyricGetter.dll
[2008.08.28 12:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\System32\Uncommon.dll
[2008.08.28 12:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\NormalizeDSP.dll
[2005.11.06 00:34:50 | 000,145,408 | ---- | C] () -- C:\Windows\System32\Lame.exe
[2005.05.17 21:37:10 | 000,076,800 | ---- | C] () -- C:\Windows\System32\Faac.exe
[2002.07.19 17:48:22 | 000,157,696 | ---- | C] () -- C:\Windows\System32\OggEnc.exe
[2002.03.19 00:18:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:4F7D133D

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 07.02.2012 09:40:12 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Karin\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,43 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 61,49% Memory free
6,85 Gb Paging File | 5,46 Gb Available in Paging File | 79,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 134,29 Gb Free Space | 31,62% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,00 Gb Free Space | 75,01% Space Free | Partition Type: NTFS
Drive E: | 702,82 Mb Total Space | 81,86 Mb Free Space | 11,65% Space Free | Partition Type: UDF
Drive F: | 465,76 Gb Total Space | 156,87 Gb Free Space | 33,68% Space Free | Partition Type: NTFS
Drive G: | 488,48 Mb Total Space | 401,42 Mb Free Space | 82,18% Space Free | Partition Type: FAT
 
Computer Name: KARIN-PC | User Name: Karin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVS Screen Capture_is1" = AVS Screen Capture version 1.1.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 5
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Blaze Media Pro" = Blaze Media Pro
"DivX Setup.divx.com" = DivX-Setup
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Hofer Foto Manager Free D" = Hofer Foto Manager Free
"Hofer Foto Service D" = Hofer Foto Service
"Hofer Fotodruck Service" = Hofer Fotodruck Service 4.5
"Hofer Online Druck Service D" = Hofer Online Druck Service
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MEDION Fotos auf CD & DVD SE Hofer D" = MEDION Fotos auf CD & DVD SE Hofer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"Nano" = Nano 1.1.2
"NIS" = Norton Internet Security
"R for Windows 2.13.0_is1" = R for Windows 2.13.0
"RarZilla Free Unrar" = RarZilla Free Unrar
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.01.2012 07:00:01 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 09.01.2012 09:21:44 | Computer Name = Karin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqgpc01.exe, Version: 130.0.14.16,
 Zeitstempel: 0x49dd90d9  Name des fehlerhaften Moduls: hprbevst.dll, Version: 130.0.16.11,
 Zeitstempel: 0x499ebe10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013d25  ID des fehlerhaften
 Prozesses: 0x127c  Startzeit der fehlerhaften Anwendung: 0x01ccceb21967b2f6  Pfad der
 fehlerhaften Anwendung: C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
Berichtskennung:
 dfb796df-3ac4-11e1-a5bd-00262df7f59e
 
Error - 09.01.2012 09:22:44 | Computer Name = Karin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqgpc01.exe, Version: 130.0.14.16,
 Zeitstempel: 0x49dd90d9  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b96e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c37b7  ID des fehlerhaften
 Prozesses: 0x127c  Startzeit der fehlerhaften Anwendung: 0x01ccceb21967b2f6  Pfad der
 fehlerhaften Anwendung: C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 033e31fa-3ac5-11e1-a5bd-00262df7f59e
 
Error - 10.01.2012 12:03:54 | Computer Name = Karin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqgpc01.exe, Version: 130.0.14.16,
 Zeitstempel: 0x49dd90d9  Name des fehlerhaften Moduls: hprbevst.dll, Version: 130.0.16.11,
 Zeitstempel: 0x499ebe10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013d25  ID des fehlerhaften
 Prozesses: 0x12e8  Startzeit der fehlerhaften Anwendung: 0x01cccf6f044d646c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
Berichtskennung:
 b199ceda-3ba4-11e1-bde5-00262df7f59e
 
Error - 10.01.2012 12:04:08 | Computer Name = Karin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqgpc01.exe, Version: 130.0.14.16,
 Zeitstempel: 0x49dd90d9  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b96e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c37b7  ID des fehlerhaften
 Prozesses: 0x12e8  Startzeit der fehlerhaften Anwendung: 0x01cccf6f044d646c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: b9fb5104-3ba4-11e1-bde5-00262df7f59e
 
Error - 15.01.2012 10:27:29 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 22.01.2012 07:00:01 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 29.01.2012 10:35:07 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 29.01.2012 10:44:52 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 05.02.2012 07:00:01 | Computer Name = Karin-PC | Source = Windows Backup | ID = 4103
Description = 
 
[ OSession Events ]
Error - 14.02.2011 06:42:32 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.03.2011 04:14:27 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.03.2011 12:58:16 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.04.2011 13:52:06 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.05.2011 06:39:28 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.12.2011 06:42:32 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1901
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.01.2012 02:49:55 | Computer Name = Karin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.01.2012 02:49:56 | Computer Name = Karin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.01.2012 03:48:09 | Computer Name = Karin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?01.?2012 um 21:06:20 unerwartet heruntergefahren.
 
Error - 19.01.2012 13:59:10 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 25.01.2012 18:02:51 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst UNS erreicht.
 
Error - 28.01.2012 11:08:36 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 29.01.2012 05:19:23 | Computer Name = Karin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?01.?2012 um 22:53:37 unerwartet heruntergefahren.
 
Error - 04.02.2012 10:27:31 | Computer Name = Karin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?02.?2012 um 15:25:03 unerwartet heruntergefahren.
 
Error - 04.02.2012 10:27:41 | Computer Name = Karin-PC | Source = BugCheck | ID = 1005
Description = 
 
Error - 04.02.2012 10:27:41 | Computer Name = Karin-PC | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >

aschenbrödl · 07.02.2012, 09:58

Ccleaner:

Code:

ATTFilter

7-Zip 9.20		12.04.2011		
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	25.09.2010		10.0.42.34
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	15.11.2011	6,00MB	11.1.102.55
Adobe Reader 9.5.0 - Deutsch	Adobe Systems Incorporated	22.01.2012	118,3MB	9.5.0
Amazon MP3-Downloader 1.0.9		11.10.2011		
Apple Application Support	Apple Inc.	29.11.2011	61,1MB	2.1.5
Apple Software Update	Apple Inc.	19.09.2011	2,38MB	2.1.3.127
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver	Atheros Communications Inc.	01.03.2010		1.0.0.23
AVS Screen Capture version 1.1.2	Online Media Technologies Ltd.	02.12.2010		
AVS Update Manager 1.0	Online Media Technologies Ltd.	02.12.2010		
AVS Video Editor 5	Online Media Technologies Ltd.	02.12.2010		
AVS Video Recorder 2.4	Online Media Technologies Ltd.	02.12.2010		
AVS4YOU Software Navigator 1.4	Online Media Technologies Ltd.	02.12.2010		
Blaze Media Pro	Mystik Media	02.12.2010		9.10
CCleaner	Piriform	06.02.2012		3.15
Cisco EAP-FAST Module	Cisco Systems, Inc.	01.03.2010	1,15MB	2.2.14
Cisco LEAP Module	Cisco Systems, Inc.	01.03.2010	0,48MB	1.0.19
Cisco PEAP Module	Cisco Systems, Inc.	01.03.2010	0,90MB	1.1.6
Compatibility Pack für 2007 Office System	Microsoft Corporation	14.12.2011	180,7MB	12.0.6425.1000
CorelDRAW Essentials 4	Corel Corporation	01.03.2010		
CorelDRAW Essentials 4 - Windows Shell Extension	Corel Corporation	01.03.2010	2,93MB	
CyberLink LabelPrint	CyberLink Corp.	01.03.2010	143,4MB	2.5.2602
CyberLink MediaShow	CyberLink Corp.	01.03.2010	247MB	5.0.1410a
CyberLink PhotoNow	CyberLink Corp.	01.03.2010	21,8MB	1.1.6904
CyberLink Power2Go	CyberLink Corp.	01.03.2010	104,8MB	6.1.3602c
CyberLink PowerDirector	CyberLink Corp.	01.03.2010	283MB	8.0.2522
CyberLink PowerDVD 9	CyberLink Corp.	01.03.2010	136,3MB	9.0.2519.00
CyberLink PowerDVD Copy	CyberLink Corp.	01.03.2010	30,8MB	1.5.1306
CyberLink PowerProducer	CyberLink Corp.	01.03.2010	173,2MB	5.0.2.2326
CyberLink YouCam	CyberLink Corp.	01.03.2010	132,1MB	3.0.2609
DivX-Setup	DivX, LLC	05.10.2011		2.5.0.8
Firebird SQL Server - MAGIX Edition	MAGIX AG	03.03.2010	10,1MB	2.1.23.0
FM Screen Capture Codec (Remove Only)		25.09.2010		
Hofer Foto Manager Free	MAGIX AG	03.03.2010		6.0.1.491
Hofer Foto Service	MAGIX AG	03.03.2010		4.5.9.142
Hofer Fotodruck Service 4.5	ORWO Net	25.09.2010		4.5
Hofer Online Druck Service	MAGIX AG	03.03.2010		4.5.1.1
HP Customer Participation Program 13.0	HP	17.10.2010		13.0
HP Document Manager 2.0	HP	17.10.2010		2.0
HP Imaging Device Functions 13.0	HP	17.10.2010		13.0
HP Officejet 4500 G510g-m	HP	17.10.2010		13.0
HP Smart Web Printing 4.5	HP	17.10.2010		4.5
HP Solution Center 13.0	HP	17.10.2010		13.0
HP Update	Hewlett-Packard	17.10.2010	3,73MB	4.000.011.006
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	06.02.2012		8.15.10.2092
Intel(R) Management Engine Components	Intel Corporation	07.02.2012		6.0.0.1179
Intel(R) Rapid Storage Technology	Intel Corporation	06.02.2012		9.5.0.1037
Intel(R) TV Wizard	Intel Corporation	25.09.2010		
IrfanView (remove only)	Irfan Skiljan	25.09.2010	1,50MB	4.27
Java(TM) 6 Update 18	Sun Microsystems, Inc.	01.03.2010	97,1MB	6.0.180
Launch Manager V1.5.0.8	Wistron Corp.	01.03.2010		1.5.0.8
Malwarebytes Anti-Malware Version 1.60.1.1000	Malwarebytes Corporation	05.02.2012	17,3MB	1.60.1.1000
MEDION Fotos auf CD & DVD SE Hofer	MAGIX AG	03.03.2010		8.0.3.4
Medion Home Cinema	CyberLink Corp.	01.03.2010	36,5MB	8.0.1318
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	04.01.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	04.01.2011	2,94MB	4.0.30319
Microsoft Office File Validation Add-In	Microsoft Corporation	19.09.2011	7,95MB	14.0.5130.5003
Microsoft Office Home and Student 2007	Microsoft Corporation	01.03.2010		12.0.6425.1000
Microsoft Office Live Add-in 1.5	Microsoft Corporation	26.09.2010	0,50MB	2.0.4024.1
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	14.12.2011	100,7MB	12.0.6425.1000
Microsoft Office Suite Activation Assistant	Microsoft Corporation	01.03.2010	8,37MB	2.9
Microsoft Silverlight	Microsoft Corporation	12.10.2011	162,7MB	4.0.60831.0
Microsoft SQL Server 2005 Compact Edition [DEU]	Microsoft Corporation	01.03.2010	0,33MB	3.1.0000
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	01.03.2010	1,72MB	3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	01.03.2010	0,61MB	1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	01.03.2010	1,45MB	1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	01.03.2010	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	01.03.2010	0,20MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	25.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	01.03.2010	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,59MB	9.0.30729.6161
Microsoft Works	Microsoft Corporation	14.12.2010	878MB	9.7.0621
Mozilla Firefox 10.0 (x86 de)	Mozilla	04.02.2012	37,0MB	10.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	03.03.2010	35,00KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	03.03.2010	1,33MB	4.20.9876.0
Nano 1.1.2		22.12.2010		1.1.2
Norton Internet Security	Symantec Corporation	25.11.2010		18.6.0.29
OCR Software by I.R.I.S. 13.0	HP	17.10.2010		13.0
PDF24 Creator 3.5.3	PDF24.org	22.01.2012	33,4MB	
QuickTime	Apple Inc.	29.11.2011	73,3MB	7.71.80.42
R for Windows 2.13.0	R Development Core Team	14.05.2011	46,8MB	2.13.0
RarZilla Free Unrar	Philipp Winterberg	28.10.2010		2.59
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	08.03.2010		6.0.1.6057
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	01.03.2010		6.1.7600.30101
REALTEK Wireless LAN Driver	REALTEK Semiconductor Corp.	01.03.2010		1.00.0145
Shop for HP Supplies	HP	17.10.2010		13.0
Synaptics Pointing Device Driver	Synaptics Incorporated	01.03.2010		14.0.19.0
Unity Web Player	Unity Technologies ApS	30.06.2011	12,0MB	2.6.1f3_31223
VLC media player 1.1.4	VideoLAN	25.09.2010		1.1.4
Windows Live Essentials	Microsoft Corporation	01.03.2010		14.0.8089.0726
Windows Live ID-Anmelde-Assistent	Microsoft Corporation	26.09.2010	5,52MB	6.500.3165.0
Windows Live Sync	Microsoft Corporation	01.03.2010	2,79MB	14.0.8089.726
Windows Live-Uploadtool	Microsoft Corporation	01.03.2010	0,22MB	14.0.8014.1029
Windows Media Player Firefox Plugin	Microsoft Corp	31.05.2011	0,29MB	1.0.0.8
X10 Hardware(TM)		25.09.2010

aschenbrödl · 07.02.2012, 10:06

und hijack mag mich nicht: ich erhalte folgende Fehlermeldung:

Uploaded with ImageShack.us

kira · 07.02.2012, 18:19

wie ich beschrieben habe, Du musst es als Admin ausführen:
Rechtsklick auf HijackThis-> als Administrator auswählen

aschenbrödl · 07.02.2012, 19:26

diese option habe ich nicht beim rechts klicken, verwende Windows 7!
unter eigenschaften-> sicherheit sind alle Benutzer zu den selben Aufgaben berechtigt.

kira · 07.02.2012, 19:38

Rechtsklick -> Eigenschaften -> Behandeln von Kompatibilitätsproblemen -> Als Administrator ausführen -> Übernehmen

aschenbrödl · 07.02.2012, 19:53

dankeschön! jetzt hat es funktioniert

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:52:00, on 07.02.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\PDF24\pdf24.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=14672&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9456 bytes

kira · 08.02.2012, 08:23

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')

2.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14672&l=dis
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
[2011.11.01 20:20:09 | 000,002,396 | ---- | M] () -- C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\74v2hsto.default\searchplugins\askcom.xml
[2012.02.05 13:23:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.05 13:23:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.15 08:01:46 | 000,000,113 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
[2012.02.07 09:15:06 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.06 22:54:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:4F7D133D

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

3.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

4.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

5.
reinige dein System mit CCleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

6.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

8.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

9.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

10.
► Empfehlungen/Vorschläge:
An deiner Stelle würde ich aus dem Autostart folgende Programme rausnehmen:
Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben
Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.- Bei allem Häkchen weg was nicht starten soll.
Die Programme bleiben dabei erhalten, falls man braucht, kann jederzeit manuell gestartet werden!

Code:

ATTFilter

Du solltest nie deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound

Es ist immer Benutzerspezifisch (ein allgemein gültiges Rezept gibt es nicht), Tipps kann ich Dir geben

[U]um den Autostart von Windows 7 zu verwalten:
► "Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein ->OK

(Autostart-Einträge, die Du nicht findest, einfach mit HijackThis fixen:
Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen [/size]
um den Autostart von Windows XP zu verwalten:-> "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart

Code:

ATTFilter

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')

Achtung!:
Für die aufgelisteten Programme gelten zusätzlich, dass man nach Aktualisierung (AfterUpdate) erneut unter Start und Dienste nachkontrollieren muss!

11.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...(Wista und WIN 7)

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

aschenbrödl · 09.02.2012, 00:03

danke für die tolle Anleitung!

Punkt 7 usw folgen erst morgen,
hier mal die SUPERAntiSpyware Geschichte:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/08/2012 at 11:54 PM

Application Version : 5.0.1144

Core Rules Database Version : 8217
Trace Rules Database Version: 6029

Scan type       : Complete Scan
Total Scan Time : 01:47:57

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 736
Memory threats detected   : 0
Registry items scanned    : 36365
Registry threats detected : 0
File items scanned        : 77969
File threats detected     : 134

Adware.Tracking Cookie
	.kinau-mediaforschung.de [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.kinau-mediaforschung.de [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	adserv.chirurgie-portal.de [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	www.tldadserv.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	adserver.twitpic.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.adcentriconline.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.mediabrandsww.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.adxpose.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	adsrv1.admediate.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	z.blogads.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.content.yieldmanager.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.content.yieldmanager.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	optimize.indieclick.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	optimize.indieclick.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.indieclick.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	optimize.indieclick.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\HANNELORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D41QH64P.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]
	.austrianairlines.122.2o7.net [ C:\USERS\KARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74V2HSTO.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-SoftonicDownloader
	C:\USERS\KARIN\DOWNLOADS\SOFTONICDOWNLOADER_FOR_SPSS.EXE

.

kira · 09.02.2012, 14:51

Lösche:

Zitat:

Softonic Downloader

Anleitung für FF:-> Add-ons deinstallieren
-> Firefox mit Add-ons anpassen
-> Löschen: Firefox Add-Ons endgültig löschen | PcBeirat.de

im Internet Explorer Add-ons bzw. Erweiterungen deaktivieren/löschen ::
Verwalten von Add-Ons in Internet Explorer 9
Internet Explorer 9 Addons – installieren, deaktivieren, löschen und optimieren

dann 7. bis 11. noch

aschenbrödl · 09.02.2012, 18:46

hui! so 7 bis 9 sind abgehakt

allerdings konnte ich in meinen FF add-ons niergends die Anwendung softonic downloader finden. habe die FAQ's genau gelesen und befolgt, hab aber nichts gesehen!

die letzte OTL logfiles:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.02.2012 18:38:10 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Karin\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,43 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 56,38% Memory free
6,85 Gb Paging File | 5,22 Gb Available in Paging File | 76,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 141,55 Gb Free Space | 33,33% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,00 Gb Free Space | 75,01% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 157,03 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive H: | 3,77 Gb Total Space | 0,01 Gb Free Space | 0,29% Space Free | Partition Type: FAT32
 
Computer Name: KARIN-PC | User Name: Karin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.07 09:39:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Downloads\OTL.exe
PRC - [2012.02.05 13:23:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.01.20 19:16:56 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.07 12:55:40 | 000,221,256 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.03.02 14:18:50 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010.01.13 10:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2009.12.14 11:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2009.12.11 15:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2009.11.02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.01.12 13:15:52 | 000,071,096 | ---- | M] () -- C:\Programme\Blaze Media Pro\NMSAccess32.exe
PRC - [2008.03.19 11:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.09 15:07:32 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.02.09 15:07:32 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.02.08 22:04:17 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.02.08 22:04:17 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.02.05 13:23:41 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.11.16 10:00:56 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.11.02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010.09.27 09:55:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.01.12 13:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.03.19 11:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.04 11:28:32 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.02.04 11:28:32 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.12.16 00:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120208.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011.12.01 03:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120207.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.08.04 09:12:24 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120209.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.08.04 09:12:23 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120209.003\NAVENG.SYS -- (NAVENG)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.07.08 16:44:30 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011.05.11 16:58:54 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.03.31 04:04:12 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011.03.31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011.03.31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.03.15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011.01.27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011.01.27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 09:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.02.10 15:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2010.01.08 03:50:08 | 000,232,448 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009.12.22 18:18:58 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.12.02 15:54:20 | 000,020,008 | ---- | M] (Psychology Software Tools) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PRTDRV.sys -- (PRTDRV)
DRV - [2009.09.18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2009.08.13 16:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009.07.31 02:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
DRV - [2008.03.18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.02.11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007.07.23 13:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2007.07.05 13:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2007.07.05 13:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006.04.12 15:19:54 | 000,011,776 | ---- | M] (Psychology Software Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRBoxDRv.sys -- (SRBoxDRv)
DRV - [2002.10.25 13:49:48 | 000,007,168 | ---- | M] (Psychology Software Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PortDRv.sys -- (PortDRv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@millisecond.com/npInquisit,version=3.0: C:\Program Files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Karin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.18 17:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012.02.09 15:06:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012.02.09 15:06:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.05 13:23:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.08 21:48:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.18 17:03:38 | 000,000,000 | ---D | M]
 
[2010.09.26 21:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karin\AppData\Roaming\mozilla\Extensions
[2012.01.12 21:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karin\AppData\Roaming\mozilla\Firefox\Profiles\74v2hsto.default\extensions
[2012.01.12 21:19:34 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Karin\AppData\Roaming\mozilla\Firefox\Profiles\74v2hsto.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2012.02.08 21:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.08 21:43:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012.02.05 13:23:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.08 21:43:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.05 13:23:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.05 13:23:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.05 13:23:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.05 13:23:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{550500B5-3829-4243-93C4-E08B690AD997}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A34EE5B-9CDB-4BBC-A369-A031E82A7022}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.12.15 08:01:46 | 000,000,113 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.09 15:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.08 22:04:08 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\SUPERAntiSpyware.com
[2012.02.08 22:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.02.08 22:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.02.08 22:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.02.08 21:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.02.08 21:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.02.08 21:47:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.08 21:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.08 21:43:49 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.02.08 21:43:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.02.08 21:43:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.02.08 21:43:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.02.08 21:22:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.07 10:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.02.07 10:01:19 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.02.07 09:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.02.07 09:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.06 19:21:21 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Malwarebytes
[2012.02.06 19:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.06 19:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.06 19:21:10 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.06 19:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.01 20:24:56 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\pixelStorm
[2012.02.01 20:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2012.01.31 20:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap
[2012.01.31 20:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2012.01.25 18:53:43 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.01.25 18:53:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.01.23 16:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.01.23 16:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2012.01.23 16:43:53 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\WordToPDF
[2012.01.23 16:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\WordToPDF
[2012.01.23 16:40:27 | 000,000,000 | ---D | C] -- C:\Users\Karin\Documents\PDF-Dateien
[2012.01.12 21:16:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.12 21:16:08 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.12 21:16:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Users\Karin\Desktop\*.tmp files -> C:\Users\Karin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.09 17:29:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.09 15:13:53 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 15:13:53 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 15:10:23 | 000,659,004 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.09 15:10:23 | 000,620,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.09 15:10:23 | 000,132,542 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.09 15:10:23 | 000,108,332 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.09 15:05:07 | 2760,847,360 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.08 22:03:40 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.02.08 21:52:26 | 000,288,092 | ---- | M] () -- C:\Users\Karin\Documents\cc_20120208_215211.reg
[2012.02.08 21:48:35 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.08 21:43:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.02.08 21:43:11 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.02.08 21:43:11 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.02.08 21:43:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.02.07 10:01:19 | 000,002,963 | ---- | M] () -- C:\Users\Karin\Desktop\HiJackThis.lnk
[2012.02.07 09:49:53 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.28 05:52:38 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1207000.00D\isolate.ini
[2012.01.25 22:56:06 | 000,238,988 | ---- | M] () -- C:\Windows\hpwins26.dat
[2012.01.23 16:49:41 | 000,183,200 | ---- | M] () -- C:\Users\Karin\Desktop\Autismus.pdf
[2012.01.20 22:19:53 | 009,845,793 | ---- | M] () -- C:\Users\Karin\Desktop\RATT   Back For More (official music video) HQ.mp3
[1 C:\Users\Karin\Desktop\*.tmp files -> C:\Users\Karin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.08 22:03:40 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.02.08 21:52:15 | 000,288,092 | ---- | C] () -- C:\Users\Karin\Documents\cc_20120208_215211.reg
[2012.02.08 21:48:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.02.08 21:48:35 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.07 10:01:19 | 000,002,963 | ---- | C] () -- C:\Users\Karin\Desktop\HiJackThis.lnk
[2012.02.07 09:49:53 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.23 16:49:40 | 000,183,200 | ---- | C] () -- C:\Users\Karin\Desktop\Autismus.pdf
[2012.01.20 22:19:39 | 009,845,793 | ---- | C] () -- C:\Users\Karin\Desktop\RATT   Back For More (official music video) HQ.mp3
[2011.11.22 20:26:40 | 000,003,584 | ---- | C] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.18 16:54:35 | 000,238,988 | ---- | C] () -- C:\Windows\hpwins26.dat
[2010.08.25 19:30:02 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.08.25 19:30:00 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.08.25 19:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.03.14 06:34:12 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.03.04 07:23:47 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.03.02 06:40:12 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2010.03.02 06:40:12 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010.03.02 06:39:10 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010.03.02 05:59:45 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.03.02 05:59:44 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.03.02 05:59:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009.08.18 07:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 09:47:43 | 000,659,004 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,132,542 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,384,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,620,150 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,108,332 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.07 12:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2008.10.04 00:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\System32\erdmpg-6.dll
[2008.09.28 18:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2008.08.28 12:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\comLyricGetter.dll
[2008.08.28 12:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\System32\Uncommon.dll
[2008.08.28 12:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\NormalizeDSP.dll
[2005.11.06 00:34:50 | 000,145,408 | ---- | C] () -- C:\Windows\System32\Lame.exe
[2005.05.17 21:37:10 | 000,076,800 | ---- | C] () -- C:\Windows\System32\Faac.exe
[2002.07.19 17:48:22 | 000,157,696 | ---- | C] () -- C:\Windows\System32\OggEnc.exe
[2002.03.19 00:18:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
 
========== LOP Check ==========
 
[2011.10.12 16:27:33 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Amazon
[2010.09.26 21:24:01 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\IrfanView
[2010.10.29 14:22:23 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Philipp Winterberg
[2012.02.01 20:24:56 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\pixelStorm
[2010.11.09 08:57:06 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Pst
[2011.07.01 13:43:05 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Unity
[2012.01.23 16:44:09 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\WordToPDF
[2011.11.08 16:50:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---
[/code]
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 09.02.2012 18:38:10 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Karin\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,43 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 56,38% Memory free
6,85 Gb Paging File | 5,22 Gb Available in Paging File | 76,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 141,55 Gb Free Space | 33,33% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,00 Gb Free Space | 75,01% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 157,03 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive H: | 3,77 Gb Total Space | 0,01 Gb Free Space | 0,29% Space Free | Partition Type: FAT32
 
Computer Name: KARIN-PC | User Name: Karin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVS Screen Capture_is1" = AVS Screen Capture version 1.1.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 5
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Blaze Media Pro" = Blaze Media Pro
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Hofer Foto Manager Free D" = Hofer Foto Manager Free
"Hofer Foto Service D" = Hofer Foto Service
"Hofer Fotodruck Service" = Hofer Fotodruck Service 4.5
"Hofer Online Druck Service D" = Hofer Online Druck Service
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MEDION Fotos auf CD & DVD SE Hofer D" = MEDION Fotos auf CD & DVD SE Hofer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"Nano" = Nano 1.1.2
"NIS" = Norton Internet Security
"R for Windows 2.13.0_is1" = R for Windows 2.13.0
"RarZilla Free Unrar" = RarZilla Free Unrar
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.02.2012 16:19:28 | Computer Name = Karin-PC | Source = ESENT | ID = 455
Description = Windows (2276) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000E8.log.
 
Error - 08.02.2012 16:19:28 | Computer Name = Karin-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 08.02.2012 16:19:28 | Computer Name = Karin-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 08.02.2012 16:19:28 | Computer Name = Karin-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 08.02.2012 16:19:28 | Computer Name = Karin-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 08.02.2012 16:19:28 | Computer Name = Karin-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 08.02.2012 16:19:30 | Computer Name = Karin-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 08.02.2012 16:19:30 | Computer Name = Karin-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 08.02.2012 16:19:30 | Computer Name = Karin-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 08.02.2012 16:19:30 | Computer Name = Karin-PC | Source = Windows Search Service | ID = 7010
Description = 
 
[ OSession Events ]
Error - 14.02.2011 06:42:32 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.03.2011 04:14:27 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.03.2011 12:58:16 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.04.2011 13:52:06 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.05.2011 06:39:28 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.12.2011 06:42:32 | Computer Name = Karin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1901
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 28.01.2012 11:08:36 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 29.01.2012 05:19:23 | Computer Name = Karin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?01.?2012 um 22:53:37 unerwartet heruntergefahren.
 
Error - 04.02.2012 10:27:31 | Computer Name = Karin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?02.?2012 um 15:25:03 unerwartet heruntergefahren.
 
Error - 04.02.2012 10:27:41 | Computer Name = Karin-PC | Source = BugCheck | ID = 1005
Description = 
 
Error - 04.02.2012 10:27:41 | Computer Name = Karin-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 07.02.2012 16:10:58 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 08.02.2012 16:19:30 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 08.02.2012 16:19:30 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 08.02.2012 16:20:02 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 08.02.2012 16:22:52 | Computer Name = Karin-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "FABS - Helping agent for MAGIX media database" wurde unerwartet
 beendet. Dies ist bereits 1 Mal passiert.
 
 
< End of report >

--- --- ---
[/code]

und ich muss ganz ehrlich gestehen, ich versteh Punkt 10 nicht!

welche Programme soll ich aus den Autostart rausholen?

kira · 10.02.2012, 09:01

Zitat:

Zitat von aschenbrödl

und ich muss ganz ehrlich gestehen, ich versteh Punkt 10 nicht!

welche Programme soll ich aus den Autostart rausholen?

habe doch aufgelistet...

Zitat:

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe

kannst mit HijackThis fixen:

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')

E-Mail Account sendet an alle Adressbucheintragungen Mails

Plagegeister aller Art und deren Bekämpfung: E-Mail Account sendet an alle Adressbucheintragungen Mails