| |
| |||||||
Log-Analyse und Auswertung: 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.07.2012, 13:59
| #1 |
 |  19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden Hallo liebe Trojaner Bordler, nachdem ich den BKA Trojaner mit erster Hilfe der Polizei entfernt hatte versuchte ich im Internet soviel wie möglich über eventuelle Folgen zu erfahren. Leider bin ich scheinbar viel zu spät auf diese Seite gekommen. Den Bka Trojaner (der mit der Kamera) bin ich durch schlichten Benutzerwechsel losgeworden, fürchte aber, er hat mit das eine oder andere hinterlassen. Den Bericht von Malewarebyte füge ich an. Da ich mich mit diesem Thema noch nicht auseinandergesetzt habe bin ich blutiger Anfänger. Bitte um Nachsicht wenn etwas fehlt. Danke im Voraus Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.07.18.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 xxxxx :: MRX [Administrator] 18.07.2012 14:23:34 mbam-log-2012-07-18 (14-23-34).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212579 Laufzeit: 8 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 19 HKCR\SmartShopper.HbAx (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SmartShopper.HbAx.1 (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SmartShopper.HbInfoBand (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SmartShopper.HbInfoBand.1 (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SmartShopper.IEButton (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SmartShopper.IEButton.1 (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SmartShopper.IEButtonA (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SmartShopper.IEButtonA.1 (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SmartShopper.IEButtonB (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SmartShopper.IEButtonB.1 (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SmartShopper.SmrtShprCtl (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SmartShopper.SmrtShprCtl.1 (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
18.07.2012, 14:38
| #2 |
| /// Malware-holic   | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden hi
__________________wo wurde tr/kazy gefunden, log posten bitte
__________________ |
|
18.07.2012, 15:36
| #3 |
| | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden Hallo markusg.,
__________________danke für die schnelle Antwort - hoffe die Hilfe kommt nicht zu spät... (Auf einige Dateien wird mir der Zugriff verweigert zB.auf C:/Programme) Gruß Marion Avira Free Antivirus Erstellungsdatum der Reportdatei: Dienstag, 10. Juli 2012 16:21 Es wird nach 3858036 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista (TM) Home Premium Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : MRX Versionsinformationen: BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 10.07.2012 14:08:14 AVSCAN.DLL : 12.3.0.15 66256 Bytes 10.07.2012 14:08:14 LUKE.DLL : 12.3.0.15 68304 Bytes 10.07.2012 14:08:23 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10.07.2012 14:08:25 AVREG.DLL : 12.3.0.17 232200 Bytes 10.07.2012 14:08:25 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:08:08 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:08:08 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:08:10 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:08:10 VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 14:08:10 VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 14:08:10 VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 14:08:10 VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 14:08:10 VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 14:08:10 VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 14:08:10 VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 14:08:10 VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 14:08:10 VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 14:08:10 VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 14:08:11 VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 14:08:11 VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 14:08:11 VBASE018.VDF : 7.11.35.144 2048 Bytes 09.07.2012 14:08:11 VBASE019.VDF : 7.11.35.145 2048 Bytes 09.07.2012 14:08:11 VBASE020.VDF : 7.11.35.146 2048 Bytes 09.07.2012 14:08:11 VBASE021.VDF : 7.11.35.147 2048 Bytes 09.07.2012 14:08:11 VBASE022.VDF : 7.11.35.148 2048 Bytes 09.07.2012 14:08:11 VBASE023.VDF : 7.11.35.149 2048 Bytes 09.07.2012 14:08:11 VBASE024.VDF : 7.11.35.150 2048 Bytes 09.07.2012 14:08:11 VBASE025.VDF : 7.11.35.151 2048 Bytes 09.07.2012 14:08:11 VBASE026.VDF : 7.11.35.152 2048 Bytes 09.07.2012 14:08:11 VBASE027.VDF : 7.11.35.153 2048 Bytes 09.07.2012 14:08:11 VBASE028.VDF : 7.11.35.154 2048 Bytes 09.07.2012 14:08:11 VBASE029.VDF : 7.11.35.155 2048 Bytes 09.07.2012 14:08:11 VBASE030.VDF : 7.11.35.156 2048 Bytes 09.07.2012 14:08:11 VBASE031.VDF : 7.11.35.186 73728 Bytes 10.07.2012 14:08:11 Engineversion : 8.2.10.108 AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 14:08:13 AESCRIPT.DLL : 8.1.4.32 455034 Bytes 10.07.2012 14:08:12 AESCN.DLL : 8.1.8.2 131444 Bytes 10.07.2012 14:08:12 AESBX.DLL : 8.2.5.12 606578 Bytes 10.07.2012 14:08:13 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06 AEPACK.DLL : 8.3.0.12 807286 Bytes 10.07.2012 14:08:12 AEOFFICE.DLL : 8.1.2.40 201082 Bytes 10.07.2012 14:08:12 AEHEUR.DLL : 8.1.4.64 5009782 Bytes 10.07.2012 14:08:12 AEHELP.DLL : 8.1.23.2 258422 Bytes 10.07.2012 14:08:11 AEGEN.DLL : 8.1.5.32 434548 Bytes 10.07.2012 14:08:11 AEEXP.DLL : 8.1.0.60 86388 Bytes 05.07.2012 14:40:17 AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 14:08:11 AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 14:08:11 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01 AVWINLL.DLL : 12.3.0.15 27344 Bytes 10.07.2012 14:08:05 AVPREF.DLL : 12.3.0.15 51920 Bytes 10.07.2012 14:08:14 AVREP.DLL : 12.3.0.15 179208 Bytes 10.07.2012 14:08:25 AVARKT.DLL : 12.3.0.15 211408 Bytes 10.07.2012 14:08:13 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10.07.2012 14:08:13 SQLITE3.DLL : 3.7.0.1 398288 Bytes 10.07.2012 14:08:24 AVSMTP.DLL : 12.3.0.15 63440 Bytes 10.07.2012 14:08:15 NETNT.DLL : 12.3.0.15 17104 Bytes 10.07.2012 14:08:23 RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 10.07.2012 14:08:06 RCTEXT.DLL : 12.3.0.15 98512 Bytes 10.07.2012 14:08:06 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: löschen Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Abweichende Gefahrenkategorien........: +APPL,+PFS,+SPR, Beginn des Suchlaufs: Dienstag, 10. Juli 2012 16:21 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'vssvc.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleUpdate.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'unsecapp.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'mobsync.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'RtkBtMnt.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'unsecapp.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'ERAGENT.EXE' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'TuneUpUtilitiesApp32.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'EPOWER_DMC.EXE' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'ePowerSvc.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'capuserv.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.bin' - '86' Modul(e) wurden durchsucht Durchsuche Prozess 'eRecoveryService.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'xaudio.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'TuneUpUtilitiesService32.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'RichVideo.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'RegSrvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'MobilityService.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'PIFSvc.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'LSSrvc.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'EvtEng.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'eNet Service.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'eLockServ.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'eDSService.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'datamngrUI.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'ALUSchedulerSvc.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'GrooveMonitor.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'PIFSvc.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'RtHDVCpl.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'MSASCui.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '159' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht Durchsuche Prozess 'WLANExt.exe' - '87' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '140' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '106' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '2643' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <ACER> C:\Program Files\OpenOffice.org 3\Basis\presets\config\standard.sob [WARNUNG] Die komprimierten Daten sind fehlerhaft C:\Program Files\TuneUp Utilities 2012\data\VistaDefault.tbs [WARNUNG] Der Archivheader ist defekt C:\Program Files\TuneUp Utilities 2012\data\VistaDefault.tla [WARNUNG] Der Archivheader ist defekt C:\Program Files\TuneUp Utilities 2012\data\VistaDefault.tls [WARNUNG] Der Archivheader ist defekt C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1325FPH\calc[1].exe [FUND] Ist das Trojanische Pferd TR/Kazy.80623.1 [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 55a7c9b1.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Exent\DACC\709369b0-4c98-4e58-b8d8-61c24a9e6ea5 [WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen. C:\Users\xxxxx\AppData\Local\Temp\wpbt0.dll [FUND] Ist das Trojanische Pferd TR/Kazy.80623.1 [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 4d06fdd9.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4a88b2db-5390b68e [0] Archivtyp: ZIP --> sIda/sIdc.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.CR --> sIda/sIdb.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.CS --> sIda/sIdd.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.CT --> sIda/sIda.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CY [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 1f33b16b.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\20729b3c-1cc491ae [0] Archivtyp: ZIP --> urua/uruc.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.CS --> urua/urua.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.CQ --> urua/urub.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.CR [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 7903fe8e.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome\dvsmenuext.jar [WARNUNG] Der Archivheader ist defekt C:\Users\xxxxx\AppData\Roaming\OpenOffice.org\3\user\config\standard.sob [WARNUNG] Die komprimierten Daten sind fehlerhaft C:\Users\xxxxx\Heruntergeladene Anwendungen\avira_free_antivirus_de.exe [WARNUNG] Die Datei ist kennwortgeschützt Beginne mit der Suche in 'D:\' <DATA> Ende des Suchlaufs: Dienstag, 10. Juli 2012 18:38 Benötigte Zeit: 2:17:02 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 40306 Verzeichnisse wurden überprüft 858841 Dateien wurden geprüft 9 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 4 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 4 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 858832 Dateien ohne Befall 6759 Archive wurden durchsucht 8 Warnungen 4 Hinweise 746420 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden |
|
18.07.2012, 15:46
| #4 |
| /// Malware-holic | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden hi die warnungen sind normal, falls du dich auf das avira log beziehst. man kann hier schön sehen, wie die infektion verlaufen ist. die exploit funde nutzen bestimmte lücken aus, und zwar erfolgreich, da du das update von dritt anbieter software vernachlässigt hast. die calk.exe ist der sogenannte dropper, der die gefundene dll ins system läd, die dann die ransomware startet. wir sehen uns den pc an, und gucken dann, dass wir ihn absichern. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.07.2012, 16:42
| #5 |
| | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden Habe kein OTL. Extra - was habe ich falsch gemacht?OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.07.2012 17:07:00 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = D:\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,67% Memory free
4,23 Gb Paging File | 2,89 Gb Available in Paging File | 68,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 4,01 Gb Free Space | 5,67% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 48,95 Gb Free Space | 69,46% Space Free | Partition Type: NTFS
Computer Name: MRX | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.18 16:59:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Documents\Downloads\OTL (3).exe
PRC - [2012.07.10 16:08:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.10 16:08:14 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.10 16:08:13 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.10 16:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012.05.03 16:11:22 | 013,006,952 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.06.12 16:55:29 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\xxx\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2007.01.10 17:20:34 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007.01.02 19:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.01.02 17:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.01.02 10:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006.12.28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006.12.28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006.12.22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006.12.14 15:34:16 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006.12.01 07:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.24 13:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.16 07:49:55 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.07.16 07:49:24 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.07.16 07:49:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.07.16 07:48:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.07.16 07:41:43 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.07.16 07:41:34 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.07.14 18:38:26 | 000,133,632 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\USERDA~1\Default\EXTENS~1\DHKPLH~1\1.7_0\BABYLO~1.DLL
MOD - [2012.06.27 18:38:52 | 000,531,968 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007.01.02 19:52:28 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.01.02 19:52:18 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2006.09.04 11:41:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.07.10 16:08:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.10 16:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.02.21 01:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.01.02 19:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.01.02 17:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.01.02 10:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006.12.28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006.12.28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.12.22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.11.24 13:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\AWISp60.sys -- (AWISp60)
DRV - [2012.07.10 16:08:24 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.10 16:08:24 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.10.11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.24 15:46:36 | 000,101,680 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006.12.20 07:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.30 15:58:42 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44unic.sys -- (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM)
DRV - [2006.11.30 15:58:34 | 000,086,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44obex.sys -- (se44obex)
DRV - [2006.11.30 15:58:32 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44nd5.sys -- (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS)
DRV - [2006.11.30 15:58:30 | 000,088,624 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mgmt.sys -- (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM)
DRV - [2006.11.30 15:58:26 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mdm.sys -- (se44mdm)
DRV - [2006.11.30 15:58:24 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mdfl.sys -- (se44mdfl)
DRV - [2006.11.30 15:58:18 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44bus.sys -- (se44bus) Sony Ericsson Device 068 driver (WDM)
DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.10.30 03:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.25 08:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006.10.25 08:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006.10.25 08:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006.10.18 16:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006.08.04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\xxx\Music\Mammas musikk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_6&babsrc=SP_ss&mntrId=a008b45b0000000000000016d4cb915c
IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}: "URL" = hxxp://resultsmaster.com/SmartOffers/SmartOffers.aspx?HBHintSVC=resultsmaster&HBHintSearchTermFields=qu&qu={searchTerms}&opener=iesearchbox
IE - HKCU\..\SearchScopes\{4E317010-F0AE-4905-BAE1-02F3402FA6DE}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=uuH9Yv5TERdTI-aou6w9nDZZ-FA?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{E8E72B61-195D-4E48-808D-91814217DD05}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP_ss_cr&mntrId=a008b45b0000000000000016d4cb915c"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: dplauncher@digitalpublishing.de:1.1
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@digitalpublishing.de/dpLaunch: C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com
[2012.07.14 16:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.07.14 18:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions
[2010.05.18 22:26:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.09 17:27:33 | 000,000,000 | ---D | M] (Freeware Download - Free Software Downloads Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}
[2009.04.01 09:29:36 | 000,000,000 | ---D | M] ("Neopets Toolbar") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{2cb97724-d789-4f43-8888-a763cbb8df6f}
[2012.06.12 19:10:18 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.07.15 18:37:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2009.10.24 10:23:36 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2012.04.15 13:50:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.30 17:28:16 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012.06.16 08:59:46 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011.02.12 17:46:32 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\dplauncher@digitalpublishing.de
[2011.01.22 20:21:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\engine@conduit.com
[2011.12.19 17:42:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ffxtlbr@babylon.com
[2009.08.26 08:53:54 | 000,000,000 | ---D | M] (Neopets Toolbar Add-on) -- C:\Users\xxxAppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ntaddon@swordfire.net
[2012.07.04 17:03:48 | 000,000,000 | ---D | M] ("SearchGBY") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\plugin@searchgby.com
[2012.06.16 13:24:39 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\software@loadtubes.com
[2011.12.02 01:12:34 | 000,000,931 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\conduit.xml
[2012.07.14 13:10:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-1.xml
[2008.07.02 23:40:32 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-10.xml
[2008.07.16 20:08:10 | 000,000,950 | ---- | M] () -- C:\Users\xxxAppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-11.xml
[2008.10.24 14:08:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-12.xml
[2008.11.15 00:19:31 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-13.xml
[2008.12.20 00:38:12 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-14.xml
[2009.02.06 23:27:51 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-15.xml
[2009.03.09 07:42:22 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-16.xml
[2009.03.28 09:59:43 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-17.xml
[2009.04.24 13:43:05 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-18.xml
[2009.05.01 08:00:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-19.xml
[2007.10.20 17:07:55 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-2.xml
[2009.06.12 19:28:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-20.xml
[2009.07.23 09:45:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-21.xml
[2009.08.05 13:51:18 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-22.xml
[2009.09.11 06:44:54 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-23.xml
[2009.10.30 23:25:26 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-24.xml
[2009.12.12 21:20:19 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-25.xml
[2009.12.20 09:54:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-26.xml
[2010.01.06 23:01:57 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-27.xml
[2010.02.28 08:07:23 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-28.xml
[2010.04.21 15:27:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-29.xml
[2007.11.03 14:17:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-3.xml
[2011.01.21 18:09:17 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-30.xml
[2011.02.17 21:48:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-31.xml
[2007.11.28 10:41:54 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-4.xml
[2007.12.08 18:57:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-5.xml
[2008.02.11 12:26:46 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-6.xml
[2008.03.26 22:34:04 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-7.xml
[2008.04.17 13:16:11 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-8.xml
[2008.06.19 07:16:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-9.xml
[2007.09.15 17:50:14 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin.xml
[2008.12.05 08:05:10 | 000,005,711 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\search-the-web.xml
[2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\Search_Results.xml
[2012.04.24 15:13:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.16 13:24:35 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.07.06 17:41:28 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.12.30 14:27:06 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: dp Launcher Plugin (Enabled) = C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: DVDVideoSoftTB DE = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\2.3.15.10_0\
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Toolbar = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SearchGBY = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep\0.9.55_0\
CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freeware Download - Free Software Downloads Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{26647ca4-a2a7-4eac-8a72-761aa9141de7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH DE Toolbar) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab (dp Launcher Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDEF664-F3C4-4C3F-9B36-77858D38808D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {FF151822-B0BF-11D1-A80D-000000000000} - C:\Programme\Common Files\System\Ole DB\oledb32.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Pictures\Pictures\lisa+awaz.jpg
O24 - Desktop BackupWallPaper: D:\Pictures\Pictures\lisa+awaz.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.18 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.07.18 14:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.18 14:20:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.18 14:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.17 13:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\NCH Software
[2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012.07.15 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\CRE
[2012.07.15 18:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB_DE
[2012.07.15 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.15 18:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.07.15 18:36:55 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.07.15 18:32:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Digiarty
[2012.07.15 18:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2012.07.15 18:21:32 | 000,000,000 | ---D | C] -- D:\Documents\Abelssoft
[2012.07.15 18:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012.07.15 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Abelssoft
[2012.07.14 18:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.07.14 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.14 18:35:23 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe
[2012.07.14 14:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.14 12:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sirrix AG
[2012.07.14 12:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sirrix AG
[2012.07.14 11:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.14 10:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.07.14 10:20:28 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2012.07.14 07:36:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\gegen Trojaner
[2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Qoiwc
[2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Akafu
[2012.07.10 15:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.09 21:59:49 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.07.09 21:59:49 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.07.09 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.07.09 21:59:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.07.09 21:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012.07.09 21:50:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.09 21:50:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.09 21:48:48 | 037,771,696 | ---- | C] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
[2012.07.06 17:41:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar
[2012.07.06 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.07.06 17:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.03 21:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\SearchGBY
[2012.07.03 21:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\KB Piano 2
[2012.07.02 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ilivid Player
[2012.06.17 18:30:40 | 004,441,861 | ---- | C] ((c) 2006-2011, Tom Thielicke IT Solutions ) -- C:\Users\xxx\tipp10_win_v2-1-0.exe
[2012.04.04 15:55:01 | 006,951,776 | ---- | C] (digital publishing AG) -- C:\Users\xxx\dpLaunchSet.exe
[2007.08.21 08:07:16 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxx\AppData\Local\cmdial32.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.18 17:02:09 | 000,002,735 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Outlook 2007.lnk
[2012.07.18 16:47:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
[2012.07.18 15:21:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 15:21:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 14:22:23 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.18 13:53:33 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
[2012.07.18 13:53:33 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2012.07.18 13:28:08 | 000,677,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.18 13:28:08 | 000,637,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.18 13:28:08 | 000,146,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.18 13:28:08 | 000,121,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.18 13:21:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 20:27:49 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.07.17 08:46:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
[2012.07.15 18:37:35 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.15 18:36:57 | 000,001,195 | ---- | M] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.15 15:50:44 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.15 15:50:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 18:37:50 | 000,002,065 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.07.14 10:37:38 | 000,002,522 | ---- | M] () -- C:\Windows\System32\.crusader
[2012.07.14 10:20:36 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2012.07.13 17:22:09 | 000,002,633 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Excel 2007.lnk
[2012.07.11 18:30:01 | 000,004,135 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012.07.11 18:08:11 | 000,425,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.10 16:08:24 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.10 16:08:24 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.09 21:59:43 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.09 21:49:42 | 037,771,696 | ---- | M] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
[2012.07.09 18:05:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 22:03:23 | 000,046,592 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.08 12:56:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.07.06 17:41:39 | 000,000,725 | ---- | M] () -- C:\user.js
[2012.07.05 18:10:57 | 070,101,919 | ---- | M] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.07.05 18:09:06 | 216,268,903 | ---- | M] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:30 | 000,043,410 | ---- | M] () -- C:\Users\xxx\tickets2.pdf
[2012.07.05 15:22:15 | 000,043,453 | ---- | M] () -- C:\Users\xxx\tickets.pdf
[2012.07.03 21:02:46 | 000,030,520 | ---- | M] () -- C:\Windows\System32\midiwrap3405.deu
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.29 17:01:54 | 000,544,356 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 17:00:12 | 061,108,057 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.06.27 21:44:49 | 000,013,615 | ---- | M] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2012.06.26 17:28:07 | 000,218,587 | ---- | M] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.25 21:33:53 | 153,919,040 | ---- | M] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.18 14:20:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 20:27:49 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2012.07.15 18:37:35 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.15 18:36:57 | 000,001,195 | ---- | C] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.14 18:37:50 | 000,002,065 | ---- | C] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.07.14 18:36:36 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
[2012.07.14 18:36:34 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
[2012.07.14 10:37:38 | 000,002,522 | ---- | C] () -- C:\Windows\System32\.crusader
[2012.07.09 21:59:43 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.07.09 21:59:43 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.08 12:46:33 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 12:46:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.07.05 18:09:23 | 070,101,919 | ---- | C] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.07.05 18:04:04 | 216,268,903 | ---- | C] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:29 | 000,043,410 | ---- | C] () -- C:\Users\xxx\tickets2.pdf
[2012.07.05 15:22:14 | 000,043,453 | ---- | C] () -- C:\Users\xxx\tickets.pdf
[2012.07.03 21:02:46 | 000,030,520 | ---- | C] () -- C:\Windows\System32\midiwrap3405.deu
[2012.06.29 17:01:53 | 000,544,356 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 16:58:56 | 061,108,057 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.06.27 21:44:49 | 000,013,615 | ---- | C] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2012.06.26 17:28:05 | 000,218,587 | ---- | C] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.25 21:30:17 | 153,919,040 | ---- | C] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.17 17:00:42 | 000,005,871 | ---- | C] () -- C:\Users\xxx\AppData\Local\recently-used.xbel
[2012.06.16 15:41:37 | 000,068,608 | ---- | C] () -- C:\Users\xxx\Hat die Praktikantin.pub
[2012.05.29 19:26:50 | 008,219,648 | ---- | C] () -- C:\Users\xxx\Meine Broschüre.pub
[2012.05.19 16:47:59 | 000,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI
[2012.05.07 18:51:22 | 173,966,408 | ---- | C] () -- C:\Users\xxx\Rossmann-Fotosoftware-Setup.exe
[2012.04.23 21:06:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll
[2012.03.21 16:38:37 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011.12.23 19:14:03 | 000,084,405 | ---- | C] () -- C:\Users\xxx\Leseprobe Klugscheißer für Fake.pdf
[2011.12.23 16:55:13 | 000,133,564 | ---- | C] () -- C:\Users\xxx\Leseprobe für Fake.pdf
[2011.07.07 08:55:26 | 001,812,597 | ---- | C] () -- C:\Users\xxx\Monitorkalibrierung.zip
[2011.06.30 14:06:46 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.25 22:32:22 | 002,948,218 | ---- | C] () -- C:\Users\xxx\Leseprobe.pdf
[2011.06.03 14:20:31 | 000,184,192 | ---- | C] () -- C:\Users\xxx\BuT.pdf
[2011.06.02 10:49:31 | 034,104,383 | ---- | C] () -- C:\Users\xxx\Kopie von context (5).pdf
[2011.04.23 12:03:47 | 000,008,468 | ---- | C] () -- C:\Users\xxx\bildungspaket.pdf
[2011.02.26 21:53:39 | 000,004,096 | -H-- | C] () -- C:\Users\xxx\AppData\Local\keyfile3.drm
[2010.03.07 16:40:47 | 000,014,519 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008.03.11 07:41:26 | 000,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2007.06.20 18:05:35 | 000,008,438 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\mdb.bin
[2007.06.12 20:20:30 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2007.06.12 18:29:04 | 000,046,592 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.12 18:18:50 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
========== LOP Check ==========
[2012.07.13 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Akafu
[2009.10.24 10:02:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Artweaver
[2011.12.19 17:42:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
[2012.07.06 17:41:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar
[2010.03.23 21:08:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon
[2009.11.15 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CasualForge
[2010.02.16 14:43:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\cerasus.media
[2012.07.15 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Digiarty
[2011.02.12 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\digital publishing
[2012.07.15 18:38:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2012.07.15 18:37:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.10 15:59:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FreeScreenToVideo
[2012.04.21 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GetRightToGo
[2012.06.14 19:01:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2007.09.15 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2008.03.10 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ Toolbar
[2008.12.25 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2012.05.04 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware
[2012.06.16 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\loadtbs
[2007.12.24 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX
[2010.11.14 18:43:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Merscom
[2011.08.25 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\NCH Swift Sound
[2009.04.01 09:29:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Neopets Toolbar
[2011.06.09 22:18:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2008.03.02 15:07:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC-FAX TX
[2009.08.08 20:06:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Peace Craft
[2011.02.22 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PeerNetworking
[2012.07.14 10:11:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Qoiwc
[2007.06.20 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ScanSoft
[2008.12.31 17:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spandex Force
[2012.06.01 20:53:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TimePunch
[2012.07.09 21:59:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.06.12 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Vodafone
[2008.10.19 19:28:10 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.07.17 20:34:40 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:551E1CB4
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:F878F14A
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5425B7F5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:940ECC98
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:90E60569
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCDE7C60
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:91CF76E3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0207454C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B652B720
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6CEB2458
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:426796C0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FF818E2B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1CB8D545
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:01442FD8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9AB56A06
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:08F16DBB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:30C46519
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D7FCCD3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B54102AD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3CF23EC3
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8C458D50
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B419A171
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8FBE0E9C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:90E3641D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DDE7FCF4
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B14B4A95
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:37CE0F2E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:34FC1C45
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:25005EFA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:1C9565AC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:1D6686D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:567AC0A6
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F50F1555
< End of report >
|
|
18.07.2012, 17:00
| #6 |
| | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.07.2012 17:07:00 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = D:\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,67% Memory free
4,23 Gb Paging File | 2,89 Gb Available in Paging File | 68,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 4,01 Gb Free Space | 5,67% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 48,95 Gb Free Space | 69,46% Space Free | Partition Type: NTFS
Computer Name: MRX | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.18 16:59:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Documents\Downloads\OTL (3).exe
PRC - [2012.07.10 16:08:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.10 16:08:14 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.10 16:08:13 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.10 16:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012.05.03 16:11:22 | 013,006,952 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.06.12 16:55:29 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\xxx\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2007.01.10 17:20:34 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007.01.02 19:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.01.02 17:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.01.02 10:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006.12.28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006.12.28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006.12.22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006.12.14 15:34:16 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006.12.01 07:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.24 13:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.16 07:49:55 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.07.16 07:49:24 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.07.16 07:49:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.07.16 07:48:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.07.16 07:41:43 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.07.16 07:41:34 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.07.14 18:38:26 | 000,133,632 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\USERDA~1\Default\EXTENS~1\DHKPLH~1\1.7_0\BABYLO~1.DLL
MOD - [2012.06.27 18:38:52 | 000,531,968 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007.01.02 19:52:28 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.01.02 19:52:18 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2006.09.04 11:41:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.07.10 16:08:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.10 16:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.02.21 01:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.01.02 19:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.01.02 17:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.01.02 10:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006.12.28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006.12.28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.12.22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.11.24 13:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\AWISp60.sys -- (AWISp60)
DRV - [2012.07.10 16:08:24 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.10 16:08:24 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.10.11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.24 15:46:36 | 000,101,680 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006.12.20 07:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.30 15:58:42 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44unic.sys -- (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM)
DRV - [2006.11.30 15:58:34 | 000,086,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44obex.sys -- (se44obex)
DRV - [2006.11.30 15:58:32 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44nd5.sys -- (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS)
DRV - [2006.11.30 15:58:30 | 000,088,624 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mgmt.sys -- (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM)
DRV - [2006.11.30 15:58:26 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mdm.sys -- (se44mdm)
DRV - [2006.11.30 15:58:24 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mdfl.sys -- (se44mdfl)
DRV - [2006.11.30 15:58:18 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44bus.sys -- (se44bus) Sony Ericsson Device 068 driver (WDM)
DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.10.30 03:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.25 08:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006.10.25 08:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006.10.25 08:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006.10.18 16:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006.08.04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\xxx\Music\Mammas musikk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP_ss&mntrId=a008b45b0000000000000016d4cb915c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_6&babsrc=SP_ss&mntrId=a008b45b0000000000000016d4cb915c
IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}: "URL" = hxxp://resultsmaster.com/SmartOffers/SmartOffers.aspx?HBHintSVC=resultsmaster&HBHintSearchTermFields=qu&qu={searchTerms}&opener=iesearchbox
IE - HKCU\..\SearchScopes\{4E317010-F0AE-4905-BAE1-02F3402FA6DE}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=uuH9Yv5TERdTI-aou6w9nDZZ-FA?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{E8E72B61-195D-4E48-808D-91814217DD05}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP_ss_cr&mntrId=a008b45b0000000000000016d4cb915c"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: dplauncher@digitalpublishing.de:1.1
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@digitalpublishing.de/dpLaunch: C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com
[2012.07.14 16:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.07.14 18:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions
[2010.05.18 22:26:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.09 17:27:33 | 000,000,000 | ---D | M] (www.Freeware-download.com Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}
[2009.04.01 09:29:36 | 000,000,000 | ---D | M] ("Neopets Toolbar") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{2cb97724-d789-4f43-8888-a763cbb8df6f}
[2012.06.12 19:10:18 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.07.15 18:37:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2009.10.24 10:23:36 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2012.04.15 13:50:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.30 17:28:16 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012.06.16 08:59:46 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011.02.12 17:46:32 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\dplauncher@digitalpublishing.de
[2011.01.22 20:21:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\engine@conduit.com
[2011.12.19 17:42:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ffxtlbr@babylon.com
[2009.08.26 08:53:54 | 000,000,000 | ---D | M] (Neopets Toolbar Add-on) -- C:\Users\xxxAppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ntaddon@swordfire.net
[2012.07.04 17:03:48 | 000,000,000 | ---D | M] ("SearchGBY") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\plugin@searchgby.com
[2012.06.16 13:24:39 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\software@loadtubes.com
[2011.12.02 01:12:34 | 000,000,931 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\conduit.xml
[2012.07.14 13:10:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-1.xml
[2008.07.02 23:40:32 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-10.xml
[2008.07.16 20:08:10 | 000,000,950 | ---- | M] () -- C:\Users\xxxAppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-11.xml
[2008.10.24 14:08:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-12.xml
[2008.11.15 00:19:31 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-13.xml
[2008.12.20 00:38:12 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-14.xml
[2009.02.06 23:27:51 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-15.xml
[2009.03.09 07:42:22 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-16.xml
[2009.03.28 09:59:43 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-17.xml
[2009.04.24 13:43:05 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-18.xml
[2009.05.01 08:00:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-19.xml
[2007.10.20 17:07:55 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-2.xml
[2009.06.12 19:28:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-20.xml
[2009.07.23 09:45:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-21.xml
[2009.08.05 13:51:18 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-22.xml
[2009.09.11 06:44:54 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-23.xml
[2009.10.30 23:25:26 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-24.xml
[2009.12.12 21:20:19 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-25.xml
[2009.12.20 09:54:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-26.xml
[2010.01.06 23:01:57 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-27.xml
[2010.02.28 08:07:23 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-28.xml
[2010.04.21 15:27:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-29.xml
[2007.11.03 14:17:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-3.xml
[2011.01.21 18:09:17 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-30.xml
[2011.02.17 21:48:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-31.xml
[2007.11.28 10:41:54 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-4.xml
[2007.12.08 18:57:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-5.xml
[2008.02.11 12:26:46 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-6.xml
[2008.03.26 22:34:04 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-7.xml
[2008.04.17 13:16:11 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-8.xml
[2008.06.19 07:16:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-9.xml
[2007.09.15 17:50:14 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin.xml
[2008.12.05 08:05:10 | 000,005,711 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\search-the-web.xml
[2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\Search_Results.xml
[2012.04.24 15:13:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.16 13:24:35 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.07.06 17:41:28 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.12.30 14:27:06 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: dp Launcher Plugin (Enabled) = C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: DVDVideoSoftTB DE = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\2.3.15.10_0\
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Toolbar = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SearchGBY = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep\0.9.55_0\
CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{26647ca4-a2a7-4eac-8a72-761aa9141de7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH DE Toolbar) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab (dp Launcher Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDEF664-F3C4-4C3F-9B36-77858D38808D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {FF151822-B0BF-11D1-A80D-000000000000} - C:\Programme\Common Files\System\Ole DB\oledb32.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Pictures\Pictures\lisa+awaz.jpg
O24 - Desktop BackupWallPaper: D:\Pictures\Pictures\lisa+awaz.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.18 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.07.18 14:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.18 14:20:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.18 14:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.17 13:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\NCH Software
[2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012.07.15 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\CRE
[2012.07.15 18:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB_DE
[2012.07.15 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.15 18:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.07.15 18:36:55 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.07.15 18:32:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Digiarty
[2012.07.15 18:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2012.07.15 18:21:32 | 000,000,000 | ---D | C] -- D:\Documents\Abelssoft
[2012.07.15 18:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012.07.15 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Abelssoft
[2012.07.14 18:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.07.14 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.14 18:35:23 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe
[2012.07.14 14:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.14 12:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sirrix AG
[2012.07.14 12:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sirrix AG
[2012.07.14 11:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.14 10:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.07.14 10:20:28 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2012.07.14 07:36:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\gegen Trojaner
[2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Qoiwc
[2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Akafu
[2012.07.10 15:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.09 21:59:49 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.07.09 21:59:49 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.07.09 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.07.09 21:59:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.07.09 21:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012.07.09 21:50:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.09 21:50:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.09 21:48:48 | 037,771,696 | ---- | C] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
[2012.07.06 17:41:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar
[2012.07.06 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.07.06 17:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.03 21:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\SearchGBY
[2012.07.03 21:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\KB Piano 2
[2012.07.02 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ilivid Player
[2012.06.17 18:30:40 | 004,441,861 | ---- | C] ((c) 2006-2011, Tom Thielicke IT Solutions ) -- C:\Users\xxx\tipp10_win_v2-1-0.exe
[2012.04.04 15:55:01 | 006,951,776 | ---- | C] (digital publishing AG) -- C:\Users\xxx\dpLaunchSet.exe
[2007.08.21 08:07:16 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxx\AppData\Local\cmdial32.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.18 17:02:09 | 000,002,735 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Outlook 2007.lnk
[2012.07.18 16:47:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
[2012.07.18 15:21:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 15:21:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 14:22:23 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.18 13:53:33 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
[2012.07.18 13:53:33 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2012.07.18 13:28:08 | 000,677,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.18 13:28:08 | 000,637,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.18 13:28:08 | 000,146,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.18 13:28:08 | 000,121,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.18 13:21:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 20:27:49 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.07.17 08:46:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
[2012.07.15 18:37:35 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.15 18:36:57 | 000,001,195 | ---- | M] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.15 15:50:44 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.15 15:50:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 18:37:50 | 000,002,065 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.07.14 10:37:38 | 000,002,522 | ---- | M] () -- C:\Windows\System32\.crusader
[2012.07.14 10:20:36 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2012.07.13 17:22:09 | 000,002,633 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Excel 2007.lnk
[2012.07.11 18:30:01 | 000,004,135 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012.07.11 18:08:11 | 000,425,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.10 16:08:24 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.10 16:08:24 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.09 21:59:43 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.09 21:49:42 | 037,771,696 | ---- | M] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
[2012.07.09 18:05:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 22:03:23 | 000,046,592 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.08 12:56:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.07.06 17:41:39 | 000,000,725 | ---- | M] () -- C:\user.js
[2012.07.05 18:10:57 | 070,101,919 | ---- | M] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.07.05 18:09:06 | 216,268,903 | ---- | M] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:30 | 000,043,410 | ---- | M] () -- C:\Users\xxx\tickets2.pdf
[2012.07.05 15:22:15 | 000,043,453 | ---- | M] () -- C:\Users\xxx\tickets.pdf
[2012.07.03 21:02:46 | 000,030,520 | ---- | M] () -- C:\Windows\System32\midiwrap3405.deu
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.29 17:01:54 | 000,544,356 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 17:00:12 | 061,108,057 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.06.27 21:44:49 | 000,013,615 | ---- | M] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2012.06.26 17:28:07 | 000,218,587 | ---- | M] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.25 21:33:53 | 153,919,040 | ---- | M] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.18 14:20:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 20:27:49 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2012.07.15 18:37:35 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.15 18:36:57 | 000,001,195 | ---- | C] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.14 18:37:50 | 000,002,065 | ---- | C] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.07.14 18:36:36 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
[2012.07.14 18:36:34 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
[2012.07.14 10:37:38 | 000,002,522 | ---- | C] () -- C:\Windows\System32\.crusader
[2012.07.09 21:59:43 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.07.09 21:59:43 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.08 12:46:33 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 12:46:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.07.05 18:09:23 | 070,101,919 | ---- | C] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.07.05 18:04:04 | 216,268,903 | ---- | C] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:29 | 000,043,410 | ---- | C] () -- C:\Users\xxx\tickets2.pdf
[2012.07.05 15:22:14 | 000,043,453 | ---- | C] () -- C:\Users\xxx\tickets.pdf
[2012.07.03 21:02:46 | 000,030,520 | ---- | C] () -- C:\Windows\System32\midiwrap3405.deu
[2012.06.29 17:01:53 | 000,544,356 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 16:58:56 | 061,108,057 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.06.27 21:44:49 | 000,013,615 | ---- | C] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2012.06.26 17:28:05 | 000,218,587 | ---- | C] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.25 21:30:17 | 153,919,040 | ---- | C] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.17 17:00:42 | 000,005,871 | ---- | C] () -- C:\Users\xxx\AppData\Local\recently-used.xbel
[2012.06.16 15:41:37 | 000,068,608 | ---- | C] () -- C:\Users\xxx\Hat die Praktikantin.pub
[2012.05.29 19:26:50 | 008,219,648 | ---- | C] () -- C:\Users\xxx\Meine Broschüre.pub
[2012.05.19 16:47:59 | 000,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI
[2012.05.07 18:51:22 | 173,966,408 | ---- | C] () -- C:\Users\xxx\Rossmann-Fotosoftware-Setup.exe
[2012.04.23 21:06:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll
[2012.03.21 16:38:37 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011.12.23 19:14:03 | 000,084,405 | ---- | C] () -- C:\Users\xxx\Leseprobe Klugscheißer für Fake.pdf
[2011.12.23 16:55:13 | 000,133,564 | ---- | C] () -- C:\Users\xxx\Leseprobe für Fake.pdf
[2011.07.07 08:55:26 | 001,812,597 | ---- | C] () -- C:\Users\xxx\Monitorkalibrierung.zip
[2011.06.30 14:06:46 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.25 22:32:22 | 002,948,218 | ---- | C] () -- C:\Users\xxx\Leseprobe.pdf
[2011.06.03 14:20:31 | 000,184,192 | ---- | C] () -- C:\Users\xxx\BuT.pdf
[2011.06.02 10:49:31 | 034,104,383 | ---- | C] () -- C:\Users\xxx\Kopie von context (5).pdf
[2011.04.23 12:03:47 | 000,008,468 | ---- | C] () -- C:\Users\xxx\bildungspaket.pdf
[2011.02.26 21:53:39 | 000,004,096 | -H-- | C] () -- C:\Users\xxx\AppData\Local\keyfile3.drm
[2010.03.07 16:40:47 | 000,014,519 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008.03.11 07:41:26 | 000,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2007.06.20 18:05:35 | 000,008,438 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\mdb.bin
[2007.06.12 20:20:30 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2007.06.12 18:29:04 | 000,046,592 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.12 18:18:50 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
========== LOP Check ==========
[2012.07.13 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Akafu
[2009.10.24 10:02:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Artweaver
[2011.12.19 17:42:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
[2012.07.06 17:41:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar
[2010.03.23 21:08:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon
[2009.11.15 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CasualForge
[2010.02.16 14:43:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\cerasus.media
[2012.07.15 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Digiarty
[2011.02.12 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\digital publishing
[2012.07.15 18:38:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2012.07.15 18:37:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.10 15:59:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FreeScreenToVideo
[2012.04.21 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GetRightToGo
[2012.06.14 19:01:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2007.09.15 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2008.03.10 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ Toolbar
[2008.12.25 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2012.05.04 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware
[2012.06.16 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\loadtbs
[2007.12.24 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX
[2010.11.14 18:43:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Merscom
[2011.08.25 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\NCH Swift Sound
[2009.04.01 09:29:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Neopets Toolbar
[2011.06.09 22:18:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2008.03.02 15:07:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC-FAX TX
[2009.08.08 20:06:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Peace Craft
[2011.02.22 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PeerNetworking
[2012.07.14 10:11:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Qoiwc
[2007.06.20 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ScanSoft
[2008.12.31 17:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spandex Force
[2012.06.01 20:53:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TimePunch
[2012.07.09 21:59:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.06.12 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Vodafone
[2008.10.19 19:28:10 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.07.17 20:34:40 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:551E1CB4
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:F878F14A
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5425B7F5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:940ECC98
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:90E60569
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCDE7C60
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:91CF76E3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0207454C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B652B720
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6CEB2458
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:426796C0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FF818E2B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1CB8D545
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:01442FD8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9AB56A06
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:08F16DBB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:30C46519
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D7FCCD3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B54102AD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3CF23EC3
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8C458D50
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B419A171
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8FBE0E9C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:90E3641D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DDE7FCF4
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B14B4A95
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:37CE0F2E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:34FC1C45
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:25005EFA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:1C9565AC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:1D6686D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:567AC0A6
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F50F1555
< End of report >
OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.07.2012 19:12:34 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = D:\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,73% Memory free
4,23 Gb Paging File | 2,90 Gb Available in Paging File | 68,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 4,40 Gb Free Space | 6,22% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 48,96 Gb Free Space | 69,48% Space Free | Partition Type: NTFS
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- Reg Error: Key error. File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- Reg Error: Key error.
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2661263122-194117992-2275258509-1000]
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{346867F9-3C20-4C98-AAF6-B02529E263B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{37A0EB63-4D86-4336-BE5D-A7BFDC298198}" = lport=139 | protocol=6 | dir=in | app=system |
"{489D774C-7EB5-4FA6-8F66-2CD2942EBCEC}" = rport=137 | protocol=17 | dir=out | app=system |
"{63F6B6F2-16D0-4749-B18F-DCA26913933E}" = rport=138 | protocol=17 | dir=out | app=system |
"{71E48E32-6FA5-4F27-A447-F145C08A7857}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{89C7BE34-30F1-4390-9B56-ED10E45C1246}" = lport=445 | protocol=6 | dir=in | app=system |
"{962F518E-2483-468B-816F-C30594A17437}" = rport=139 | protocol=6 | dir=out | app=system |
"{C0A5897C-39FC-41FC-A672-BDD523F60B4D}" = rport=445 | protocol=6 | dir=out | app=system |
"{E063FE22-0CDF-49BF-9B6E-EC86F48FD4AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E182A16E-470D-4533-911C-E66759DB1A20}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B96488-3DBE-48C6-A6B8-90BE7007060B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{22BD631D-07B7-4449-AAD2-0B45E4F99711}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{52252B4E-4A05-4318-AD07-5D128B3A27A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6D69BB0F-6E76-4B8A-9A55-D8097D254FEB}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{733A0380-1825-4BAF-A4BA-AC24ADD6A735}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7CA02D95-F8B7-4D63-A5BC-7BB970EEFB79}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{8B9A559A-13E9-465F-A3B7-B96626D59100}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{9B0A00D7-84E9-4ED5-BBE7-A8425C8D9555}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{A2E669A7-30E2-44C6-A030-D7CD08F49352}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{B0A6DFCC-DA6B-47BF-8ECF-74B67C186D1C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BBA0D5BE-EC83-4E25-A88F-C581AC3EA841}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3DBE1E0-D3C4-48B7-8EC8-2965A31E6DD5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1773B6B-AB71-4350-8A93-858F51D6B287}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{F4B3F2A2-C754-4066-94FA-A97562DB2B93}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"TCP Query User{930CC031-DDEC-46FF-960F-87ADD530FAD1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{4D054CA8-C329-4F48-9F13-7F045EDB2D2B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Qtpfsgui 1.9.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93567BBD-4369-47B2-A621-78E008F8EA33}" = Lexware Elster
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D871EE71-6EBD-4EEC-9418-69E8782E6BBB}" = Lexware financial office 2009
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign 2.0" = Adobe InDesign 2.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GIF Animator" = Microsoft GIF Animator
"GIMP-2_is1" = GIMP 2.8.0
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"loadtbs-2.1" = loadtbs-2.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MyCamera" = Canon Utilities MyCamera
"Neopets" = Neopets
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.3a
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Searchqu 417 MediaBar" = Windows Searchqu Toolbar
"Shockwave" = Shockwave
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"ST5UNST #1" = project dogwaffle
"ST5UNST #2" = project dogwaffle (c:\)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.1.0
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WavePad" = WavePad Audiobearbeitungs-Software
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Live Toolbar" = Windows Live Toolbar
"Winload Toolbar" = Winload Toolbar
"www.Freeware-download.com Toolbar" = www.Freeware-download.com Toolbar
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.07.2012 11:31:20 | Computer Name = xxx | Source = EventSystem | ID = 4609
Description =
Error - 17.07.2012 11:31:20 | Computer Name = xxx | Source = EventSystem | ID = 4609
Description =
Error - 17.07.2012 11:31:20 | Computer Name = xxx | Source = EventSystem | ID = 4609
Description =
Error - 17.07.2012 11:31:20 | Computer Name = xxx | Source = EventSystem | ID = 4609
Description =
Error - 17.07.2012 11:31:20 | Computer Name = xxx | Source = EventSystem | ID = 4609
Description =
Error - 17.07.2012 11:31:20 | Computer Name = xxx | Source = EventSystem | ID = 4609
Description =
Error - 17.07.2012 11:46:03 | Computer Name = xxx | Source = VSS | ID = 40
Description =
Error - 17.07.2012 11:46:03 | Computer Name = xxx | Source = VSS | ID = 12292
Description =
Error - 17.07.2012 11:55:03 | Computer Name = xxx | Source = VSS | ID = 40
Description =
Error - 17.07.2012 11:55:03 | Computer Name = xxx | Source = VSS | ID = 12292
Description =
[ OSession Events ]
Error - 25.02.2011 18:49:31 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 124
seconds with 60 seconds of active time. This session ended with a crash.
Error - 26.02.2011 06:38:57 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
seconds with 0 seconds of active time. This session ended with a crash.
Error - 26.02.2011 17:25:03 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.02.2011 04:11:03 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 129
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28.02.2011 17:58:33 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 122
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.03.2011 03:24:51 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3723
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.03.2011 04:18:15 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3724
seconds with 120 seconds of active time. This session ended with a crash.
Error - 01.03.2011 07:38:01 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3724
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.03.2012 06:49:02 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1237
seconds with 240 seconds of active time. This session ended with a crash.
Error - 03.06.2012 15:22:46 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 17.07.2012 06:29:57 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description =
Error - 17.07.2012 06:29:57 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description =
Error - 17.07.2012 06:34:41 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description =
Error - 17.07.2012 07:16:55 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description =
Error - 17.07.2012 07:16:55 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description =
Error - 17.07.2012 07:20:43 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description =
Error - 17.07.2012 07:22:19 | Computer Name = xxx | Source = Service Control Manager | ID = 7022
Description =
Error - 17.07.2012 12:59:13 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description =
Error - 17.07.2012 12:59:13 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description =
Error - 17.07.2012 12:59:41 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
19.07.2012, 20:37
| #7 |
| | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden Hallo Markusg., ich hoffe dass ich jetzt alles richtig gemacht habe und nichts fehlt. Danke Marion defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:27 on 19/07/2012 (marion) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=-OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.07.2012 18:56:29 - Run 6 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\xxx\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 36,05% Memory free 4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 70,77 Gb Total Space | 3,49 Gb Free Space | 4,93% Space Free | Partition Type: NTFS Drive D: | 70,47 Gb Total Space | 48,94 Gb Free Space | 69,45% Space Free | Partition Type: NTFS Computer Name: MRX | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Users\xxx\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Mobility Center\MobilityService.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libglesv2.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libegl.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll () MOD - C:\Users\xxx\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL () MOD - C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll () MOD - C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll () MOD - C:\Windows\System32\BatchCrypto.dll () MOD - C:\Windows\System32\ShowErrMsg.dll () MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll () ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (AWISp60) -- System32\Drivers\AWISp60.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\Windows\System32\drivers\se44unic.sys (MCCI) DRV - (se44obex) -- C:\Windows\System32\drivers\se44obex.sys (MCCI) DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\Windows\System32\drivers\se44nd5.sys (MCCI) DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\se44mgmt.sys (MCCI) DRV - (se44mdm) -- C:\Windows\System32\drivers\se44mdm.sys (MCCI) DRV - (se44mdfl) -- C:\Windows\System32\drivers\se44mdfl.sys (MCCI) DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\Windows\System32\drivers\se44bus.sys (MCCI) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\xxx\Music\Mammas musikk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_6&babsrc=SP_ss&mntrId=a008b45b0000000000000016d4cb915c IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKCU\..\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}: "URL" = hxxp://resultsmaster.com/SmartOffers/SmartOffers.aspx?HBHintSVC=resultsmaster&HBHintSearchTermFields=qu&qu={searchTerms}&opener=iesearchbox IE - HKCU\..\SearchScopes\{4E317010-F0AE-4905-BAE1-02F3402FA6DE}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=uuH9Yv5TERdTI-aou6w9nDZZ-FA?q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{E8E72B61-195D-4E48-808D-91814217DD05}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP_ss_cr&mntrId=a008b45b0000000000000016d4cb915c" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: dplauncher@digitalpublishing.de:1.1 FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.6.0.10 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@digitalpublishing.de/dpLaunch: C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com [2012.07.14 16:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2012.07.14 18:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions [2010.05.18 22:26:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.07.09 17:27:33 | 000,000,000 | ---D | M] (Freeware Download - Free Software Downloads Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7} [2009.04.01 09:29:36 | 000,000,000 | ---D | M] ("Neopets Toolbar") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{2cb97724-d789-4f43-8888-a763cbb8df6f} [2012.06.12 19:10:18 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012.07.15 18:37:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2009.10.24 10:23:36 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2012.04.15 13:50:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.30 17:28:16 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6} [2012.06.16 08:59:46 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2011.02.12 17:46:32 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\dplauncher@digitalpublishing.de [2011.01.22 20:21:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\engine@conduit.com [2011.12.19 17:42:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ffxtlbr@babylon.com [2009.08.26 08:53:54 | 000,000,000 | ---D | M] (Neopets Toolbar Add-on) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ntaddon@swordfire.net [2012.07.04 17:03:48 | 000,000,000 | ---D | M] ("SearchGBY") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\plugin@searchgby.com [2012.06.16 13:24:39 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\software@loadtubes.com [2011.12.02 01:12:34 | 000,000,931 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\conduit.xml [2012.07.14 13:10:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-1.xml [2008.07.02 23:40:32 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-10.xml [2008.07.16 20:08:10 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-11.xml [2008.10.24 14:08:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-12.xml [2008.11.15 00:19:31 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-13.xml [2008.12.20 00:38:12 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-14.xml [2009.02.06 23:27:51 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-15.xml [2009.03.09 07:42:22 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-16.xml [2009.03.28 09:59:43 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-17.xml [2009.04.24 13:43:05 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-18.xml [2009.05.01 08:00:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-19.xml [2007.10.20 17:07:55 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-2.xml [2009.06.12 19:28:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-20.xml [2009.07.23 09:45:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-21.xml [2009.08.05 13:51:18 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-22.xml [2009.09.11 06:44:54 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-23.xml [2009.10.30 23:25:26 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-24.xml [2009.12.12 21:20:19 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-25.xml [2009.12.20 09:54:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-26.xml [2010.01.06 23:01:57 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-27.xml [2010.02.28 08:07:23 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-28.xml [2010.04.21 15:27:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-29.xml [2007.11.03 14:17:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-3.xml [2011.01.21 18:09:17 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-30.xml [2011.02.17 21:48:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-31.xml [2007.11.28 10:41:54 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-4.xml [2007.12.08 18:57:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-5.xml [2008.02.11 12:26:46 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-6.xml [2008.03.26 22:34:04 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-7.xml [2008.04.17 13:16:11 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-8.xml [2008.06.19 07:16:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-9.xml [2007.09.15 17:50:14 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin.xml [2008.12.05 08:05:10 | 000,005,711 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\search-the-web.xml [2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\Search_Results.xml [2012.04.24 15:13:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.16 13:24:35 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012.07.06 17:41:28 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.12.30 14:27:06 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll CHR - plugin: dp Launcher Plugin (Enabled) = C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: DVDVideoSoftTB DE = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\2.3.15.10_0\ CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Toolbar = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: SearchGBY = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep\0.9.55_0\ CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Freeware Download - Free Software Downloads Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.) O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - !{26647ca4-a2a7-4eac-8a72-761aa9141de7} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found. O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (NCH DE Toolbar) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab (dp Launcher Plugin) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDEF664-F3C4-4C3F-9B36-77858D38808D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {FF151822-B0BF-11D1-A80D-000000000000} - C:\Programme\Common Files\System\Ole DB\oledb32.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\Pictures\Pictures\lisa+awaz.jpg O24 - Desktop BackupWallPaper: D:\Pictures\Pictures\lisa+awaz.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk /r \??\H:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: 捁牥吠畯敒業摮牥 - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2012.07.18 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2012.07.18 14:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.18 14:20:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.18 14:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.17 17:24:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2012.07.17 13:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.07.17 13:08:50 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.07.17 13:08:50 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.07.17 13:08:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.07.17 13:08:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\NCH Software [2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2012.07.15 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\CRE [2012.07.15 18:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB_DE [2012.07.15 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.15 18:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.07.15 18:36:55 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll [2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2012.07.15 18:32:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Digiarty [2012.07.15 18:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty [2012.07.15 18:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2012.07.15 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Abelssoft [2012.07.14 18:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012.07.14 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.07.14 18:35:23 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe [2012.07.14 16:17:27 | 000,154,416 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys [2012.07.14 16:17:01 | 000,033,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys [2012.07.14 14:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.14 12:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sirrix AG [2012.07.14 12:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sirrix AG [2012.07.14 11:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.07.14 10:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012.07.14 10:20:28 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe [2012.07.14 07:36:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\gegen Trojaner [2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Qoiwc [2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Akafu [2012.07.11 17:58:53 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.11 17:51:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.11 17:51:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.11 17:51:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.11 17:51:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.11 17:51:20 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.11 17:51:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.11 17:51:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.11 17:47:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.10 15:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.09 21:59:49 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.07.09 21:59:49 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.07.09 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.07.09 21:59:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2012.07.09 21:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012.07.09 21:50:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.07.09 21:50:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.07.09 21:48:48 | 037,771,696 | ---- | C] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe [2012.07.06 17:41:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar [2012.07.06 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar [2012.07.06 17:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.07.03 21:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\SearchGBY [2012.07.03 21:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\KB Piano 2 [2012.07.02 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ilivid Player [2012.06.21 19:23:47 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.21 19:23:47 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.21 19:23:00 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.21 19:23:00 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.21 19:23:00 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.21 19:22:44 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.21 19:22:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.06.17 18:30:40 | 004,441,861 | ---- | C] ((c) 2006-2011, Tom Thielicke IT Solutions ) -- C:\Users\xxx\tipp10_win_v2-1-0.exe [2012.04.04 15:55:01 | 006,951,776 | ---- | C] (digital publishing AG) -- C:\Users\xxx\dpLaunchSet.exe [2007.08.21 08:07:16 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxx\AppData\Local\cmdial32.dll [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.19 18:55:52 | 000,002,735 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Outlook 2007.lnk [2012.07.19 18:50:09 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.001 [2012.07.19 18:49:10 | 000,302,592 | ---- | M] () -- C:\Users\xxx\Desktop\d360pqyn.exe [2012.07.19 18:47:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job [2012.07.19 18:37:15 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.07.19 18:20:19 | 000,677,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.19 18:20:19 | 000,637,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.19 18:20:19 | 000,121,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.19 18:20:18 | 000,146,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.19 18:13:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.19 18:13:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.19 18:13:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.19 16:16:46 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat [2012.07.18 18:27:33 | 000,046,592 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.18 14:22:23 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.17 20:27:49 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2012.07.17 20:25:03 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe [2012.07.17 17:24:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2012.07.17 13:07:55 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.07.17 13:07:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.07.17 13:07:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.07.17 13:07:53 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.07.17 13:07:52 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.07.17 08:46:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job [2012.07.15 18:37:35 | 000,000,009 | ---- | M] () -- C:\END [2012.07.15 18:36:57 | 000,001,195 | ---- | M] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk [2012.07.15 15:50:44 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.15 15:50:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.14 18:37:50 | 000,002,065 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk [2012.07.14 18:35:23 | 000,739,856 | ---- | M] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe [2012.07.14 10:37:38 | 000,002,522 | ---- | M] () -- C:\Windows\System32\.crusader [2012.07.14 10:20:36 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe [2012.07.13 17:22:09 | 000,002,633 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Excel 2007.lnk [2012.07.11 18:30:01 | 000,004,135 | ---- | M] () -- C:\WirelessDiagLog.csv [2012.07.11 18:08:11 | 000,425,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.10 16:08:24 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.07.10 16:08:24 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.07.09 21:59:43 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.07.09 21:49:42 | 037,771,696 | ---- | M] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe [2012.07.09 18:05:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad [2012.07.08 12:56:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.07.06 17:41:39 | 000,000,725 | ---- | M] () -- C:\user.js [2012.07.05 18:10:57 | 070,101,919 | ---- | M] () -- C:\Users\xxx\Englisch für Anfänger.wma [2012.07.05 18:09:06 | 216,268,903 | ---- | M] () -- C:\Users\xxx\Sprachkurs Englisch.wma [2012.07.05 15:22:30 | 000,043,410 | ---- | M] () -- C:\Users\xxx\tickets2.pdf [2012.07.05 15:22:15 | 000,043,453 | ---- | M] () -- C:\Users\xxx\tickets.pdf [2012.07.03 21:02:46 | 000,030,520 | ---- | M] () -- C:\Windows\System32\midiwrap3405.deu [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.29 17:01:54 | 000,544,356 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf [2012.06.29 17:00:12 | 061,108,057 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma [2012.06.27 21:44:49 | 000,013,615 | ---- | M] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf [2012.06.26 17:28:07 | 000,218,587 | ---- | M] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf [2012.06.25 21:33:53 | 153,919,040 | ---- | M] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma [2012.06.22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.19 18:49:08 | 000,302,592 | ---- | C] () -- C:\Users\xxx\Desktop\d360pqyn.exe [2012.07.19 18:37:15 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.07.18 14:20:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.17 20:27:49 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2012.07.17 20:25:03 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe [2012.07.15 18:37:35 | 000,000,009 | ---- | C] () -- C:\END [2012.07.15 18:36:57 | 000,001,195 | ---- | C] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk [2012.07.14 18:37:50 | 000,002,065 | ---- | C] () -- C:\Users\xxx\Desktop\Google Chrome.lnk [2012.07.14 18:36:36 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job [2012.07.14 18:36:34 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job [2012.07.14 10:37:38 | 000,002,522 | ---- | C] () -- C:\Windows\System32\.crusader [2012.07.09 21:59:43 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012.07.09 21:59:43 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.07.08 12:46:33 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.07.08 12:46:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.07.05 18:09:23 | 070,101,919 | ---- | C] () -- C:\Users\xxx\Englisch für Anfänger.wma [2012.07.05 18:04:04 | 216,268,903 | ---- | C] () -- C:\Users\xxx\Sprachkurs Englisch.wma [2012.07.05 15:22:29 | 000,043,410 | ---- | C] () -- C:\Users\xxx\tickets2.pdf [2012.07.05 15:22:14 | 000,043,453 | ---- | C] () -- C:\Users\xxx\tickets.pdf [2012.07.03 21:02:46 | 000,030,520 | ---- | C] () -- C:\Windows\System32\midiwrap3405.deu [2012.06.29 17:01:53 | 000,544,356 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf [2012.06.29 16:58:56 | 061,108,057 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma [2012.06.27 21:44:49 | 000,013,615 | ---- | C] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf [2012.06.26 17:28:05 | 000,218,587 | ---- | C] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf [2012.06.25 21:30:17 | 153,919,040 | ---- | C] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma [2012.06.17 17:00:42 | 000,005,871 | ---- | C] () -- C:\Users\xxx\AppData\Local\recently-used.xbel [2012.06.16 15:41:37 | 000,068,608 | ---- | C] () -- C:\Users\xxx\Hat die Praktikantin.pub [2012.05.29 19:26:50 | 008,219,648 | ---- | C] () -- C:\Users\xxx\Meine Broschüre.pub [2012.05.19 16:47:59 | 000,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI [2012.05.07 18:51:22 | 173,966,408 | ---- | C] () -- C:\Users\xxx\Rossmann-Fotosoftware-Setup.exe [2012.04.23 21:06:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll [2012.03.21 16:38:37 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2011.12.23 19:14:03 | 000,084,405 | ---- | C] () -- C:\Users\xxx\Leseprobe Klugscheißer für Fake.pdf [2011.12.23 16:55:13 | 000,133,564 | ---- | C] () -- C:\Users\xxx\Leseprobe für Fake.pdf [2011.07.07 08:55:26 | 001,812,597 | ---- | C] () -- C:\Users\xxx\Monitorkalibrierung.zip [2011.06.30 14:06:46 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.06.25 22:32:22 | 002,948,218 | ---- | C] () -- C:\Users\xxx\Leseprobe.pdf [2011.06.03 14:20:31 | 000,184,192 | ---- | C] () -- C:\Users\xxx\BuT.pdf [2011.06.02 10:49:31 | 034,104,383 | ---- | C] () -- C:\Users\xxx\Kopie von context (5).pdf [2011.04.23 12:03:47 | 000,008,468 | ---- | C] () -- C:\Users\xxx\bildungspaket.pdf [2011.02.26 21:53:39 | 000,004,096 | -H-- | C] () -- C:\Users\xxx\AppData\Local\keyfile3.drm [2010.03.07 16:40:47 | 000,014,519 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2008.03.11 07:41:26 | 000,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat [2007.06.20 18:05:35 | 000,008,438 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\mdb.bin [2007.06.12 20:20:30 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.001 [2007.06.12 18:29:04 | 000,046,592 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.06.12 18:18:50 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat ========== LOP Check ========== [2012.07.13 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Akafu [2009.10.24 10:02:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Artweaver [2011.12.19 17:42:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon [2012.07.06 17:41:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar [2010.03.23 21:08:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon [2009.11.15 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CasualForge [2010.02.16 14:43:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\cerasus.media [2012.07.15 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Digiarty [2011.02.12 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\digital publishing [2012.07.15 18:38:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft [2012.07.15 18:37:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.10 15:59:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FreeScreenToVideo [2012.04.21 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GetRightToGo [2012.06.14 19:01:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0 [2007.09.15 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ [2008.03.10 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ Toolbar [2008.12.25 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech [2012.05.04 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware [2012.06.16 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\loadtbs [2007.12.24 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX [2010.11.14 18:43:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Merscom [2011.08.25 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\NCH Swift Sound [2009.04.01 09:29:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Neopets Toolbar [2011.06.09 22:18:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org [2008.03.02 15:07:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC-FAX TX [2009.08.08 20:06:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Peace Craft [2011.02.22 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PeerNetworking [2012.07.14 10:11:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Qoiwc [2007.06.20 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ScanSoft [2008.12.31 17:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spandex Force [2012.06.01 20:53:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TimePunch [2012.07.09 21:59:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2012.06.12 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Vodafone [2008.10.19 19:28:10 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job [2012.07.19 16:48:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.07.18 13:38:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2007.06.12 16:56:11 | 000,000,000 | ---D | M] -- C:\Acer [2007.01.19 20:02:16 | 000,000,000 | ---D | M] -- C:\Book [2009.09.20 20:51:22 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.06.12 16:49:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007.01.19 20:02:16 | 000,000,000 | ---D | M] -- C:\DRV [2012.04.27 18:46:10 | 000,000,000 | ---D | M] -- C:\F0 [2010.06.06 21:50:07 | 000,000,000 | ---D | M] -- C:\inetpub [2012.04.28 12:40:03 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.07.12 22:01:49 | 000,000,000 | ---D | M] -- C:\Multimedia Files [2012.05.02 19:55:51 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.07.18 14:20:47 | 000,000,000 | R--D | M] -- C:\Program Files [2012.04.23 21:06:25 | 000,000,000 | ---D | M] -- C:\Program1 [2012.07.18 13:59:07 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.06.12 16:49:58 | 000,000,000 | -HSD | M] -- C:\Programme [2012.07.09 21:58:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2007.06.14 22:04:44 | 000,000,000 | ---D | M] -- C:\temp [2007.06.12 16:53:35 | 000,000,000 | R--D | M] -- C:\Users [2012.07.19 18:37:15 | 000,000,000 | ---D | M] -- C:\Windows [2009.11.15 21:27:48 | 000,000,000 | ---D | M] -- C:\~QTWTMP.TMP < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.14 10:15:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 10:15:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.14 10:15:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: ENETHOOK.DLL > [2006.12.28 21:07:22 | 000,090,112 | ---- | M] (acer) MD5=D1DDFF67D47BD6762A6B2282E5C354AD -- C:\Acer\Empowering Technology\eNet\eNetHook.dll [2006.12.28 21:07:22 | 000,090,112 | ---- | M] (acer) MD5=D1DDFF67D47BD6762A6B2282E5C354AD -- C:\Windows\System32\eNetHook.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.11.15 08:15:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.11.15 08:15:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.06.13 12:37:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.06.13 12:37:25 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.06.25 21:33:53 | 153,919,040 | ---- | M] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma [2012.06.26 17:28:07 | 000,218,587 | ---- | M] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf [2012.06.27 21:44:49 | 000,013,615 | ---- | M] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf [2011.04.23 12:03:50 | 000,008,468 | ---- | M] () -- C:\Users\xxx\bildungspaket.pdf [2011.06.03 14:20:33 | 000,184,192 | ---- | M] () -- C:\Users\xxx\BuT.pdf [2012.07.14 18:35:23 | 000,739,856 | ---- | M] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe [2012.07.17 20:27:49 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2012.04.04 15:55:17 | 006,951,776 | ---- | M] (digital publishing AG) -- C:\Users\xxx\dpLaunchSet.exe [2012.07.05 18:10:57 | 070,101,919 | ---- | M] () -- C:\Users\xxx\Englisch für Anfänger.wma [2012.06.29 17:01:54 | 000,544,356 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf [2012.06.29 17:00:12 | 061,108,057 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma [2012.04.17 20:55:51 | 000,034,816 | ---- | M] () -- C:\Users\xxx\geschaeftsbrief-form-A-bezugszeichenzeile.doc [2012.06.16 15:41:38 | 000,068,608 | ---- | M] () -- C:\Users\xxx\Hat die Praktikantin.pub [2012.07.14 10:20:36 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe [2011.06.02 10:50:21 | 034,104,383 | ---- | M] () -- C:\Users\xxx\Kopie von context (5).pdf [2011.12.23 16:55:17 | 000,133,564 | ---- | M] () -- C:\Users\xxx\Leseprobe für Fake.pdf [2011.12.23 19:14:06 | 000,084,405 | ---- | M] () -- C:\Users\xxx\Leseprobe Klugscheißer für Fake.pdf [2011.06.26 10:25:21 | 002,948,218 | ---- | M] () -- C:\Users\xxx\Leseprobe.pdf [2012.05.29 20:41:11 | 008,219,648 | ---- | M] () -- C:\Users\xxx\Meine Broschüre.pub [2011.07.07 08:55:34 | 001,812,597 | ---- | M] () -- C:\Users\xxx\Monitorkalibrierung.zip [2012.07.19 18:56:46 | 005,505,024 | -HS- | M] () -- C:\Users\xxx\ntuser.dat [2012.07.19 18:56:46 | 000,262,144 | ---- | M] () -- C:\Users\xxx\ntuser.dat.LOG1 [2008.02.28 18:40:16 | 000,262,144 | -H-- | M] () -- C:\Users\xxx\ntuser.dat.LOG2 [2012.07.19 16:48:40 | 000,065,536 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012.06.08 22:38:17 | 000,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.07.19 16:48:40 | 000,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2007.06.12 16:53:35 | 000,000,020 | -HS- | M] () -- C:\Users\xxx\ntuser.ini [2012.05.07 18:55:58 | 173,966,408 | ---- | M] () -- C:\Users\xxx\Rossmann-Fotosoftware-Setup.exe [2012.07.05 18:09:06 | 216,268,903 | ---- | M] () -- C:\Users\xxx\Sprachkurs Englisch.wma [2012.07.05 15:22:15 | 000,043,453 | ---- | M] () -- C:\Users\xxx\tickets.pdf [2012.07.05 15:22:30 | 000,043,410 | ---- | M] () -- C:\Users\xxx\tickets2.pdf [2012.06.17 18:30:53 | 004,441,861 | ---- | M] ((c) 2006-2011, Tom Thielicke IT Solutions ) -- C:\Users\xxx\tipp10_win_v2-1-0.exe [2012.07.09 21:49:42 | 037,771,696 | ---- | M] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:551E1CB4 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:F878F14A @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5425B7F5 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:940ECC98 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:90E60569 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCDE7C60 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:91CF76E3 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:580E04D8 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0207454C @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B652B720 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6CEB2458 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:426796C0 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FF818E2B @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1CB8D545 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9AB338B9 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:01442FD8 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D88D995C @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9AB56A06 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:08F16DBB @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:550179F5 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:30C46519 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E1982A23 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D7FCCD3 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B54102AD @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0D31DA45 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3CF23EC3 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8C458D50 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B419A171 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9B52F176 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8FBE0E9C @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:90E3641D @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DDE7FCF4 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B14B4A95 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:588B60C7 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:37CE0F2E @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:34FC1C45 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:25005EFA @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:1C9565AC @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:1D6686D8 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:567AC0A6 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F50F1555 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.07.2012 18:56:29 - Run 6
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\xxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 36,05% Memory free
4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 3,49 Gb Free Space | 4,93% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 48,94 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
Computer Name: MRX | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- Reg Error: Key error. File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- Reg Error: Key error.
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2661263122-194117992-2275258509-1000]
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{346867F9-3C20-4C98-AAF6-B02529E263B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{37A0EB63-4D86-4336-BE5D-A7BFDC298198}" = lport=139 | protocol=6 | dir=in | app=system |
"{489D774C-7EB5-4FA6-8F66-2CD2942EBCEC}" = rport=137 | protocol=17 | dir=out | app=system |
"{63F6B6F2-16D0-4749-B18F-DCA26913933E}" = rport=138 | protocol=17 | dir=out | app=system |
"{71E48E32-6FA5-4F27-A447-F145C08A7857}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{89C7BE34-30F1-4390-9B56-ED10E45C1246}" = lport=445 | protocol=6 | dir=in | app=system |
"{962F518E-2483-468B-816F-C30594A17437}" = rport=139 | protocol=6 | dir=out | app=system |
"{C0A5897C-39FC-41FC-A672-BDD523F60B4D}" = rport=445 | protocol=6 | dir=out | app=system |
"{E063FE22-0CDF-49BF-9B6E-EC86F48FD4AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E182A16E-470D-4533-911C-E66759DB1A20}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B96488-3DBE-48C6-A6B8-90BE7007060B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{22BD631D-07B7-4449-AAD2-0B45E4F99711}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{52252B4E-4A05-4318-AD07-5D128B3A27A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6D69BB0F-6E76-4B8A-9A55-D8097D254FEB}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{733A0380-1825-4BAF-A4BA-AC24ADD6A735}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7CA02D95-F8B7-4D63-A5BC-7BB970EEFB79}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{8B9A559A-13E9-465F-A3B7-B96626D59100}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{9B0A00D7-84E9-4ED5-BBE7-A8425C8D9555}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{A2E669A7-30E2-44C6-A030-D7CD08F49352}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{B0A6DFCC-DA6B-47BF-8ECF-74B67C186D1C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BBA0D5BE-EC83-4E25-A88F-C581AC3EA841}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3DBE1E0-D3C4-48B7-8EC8-2965A31E6DD5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1773B6B-AB71-4350-8A93-858F51D6B287}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{F4B3F2A2-C754-4066-94FA-A97562DB2B93}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"TCP Query User{930CC031-DDEC-46FF-960F-87ADD530FAD1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{4D054CA8-C329-4F48-9F13-7F045EDB2D2B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Qtpfsgui 1.9.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93567BBD-4369-47B2-A621-78E008F8EA33}" = Lexware Elster
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D871EE71-6EBD-4EEC-9418-69E8782E6BBB}" = Lexware financial office 2009
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign 2.0" = Adobe InDesign 2.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GIF Animator" = Microsoft GIF Animator
"GIMP-2_is1" = GIMP 2.8.0
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"loadtbs-2.1" = loadtbs-2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MyCamera" = Canon Utilities MyCamera
"Neopets" = Neopets
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.3a
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Searchqu 417 MediaBar" = Windows Searchqu Toolbar
"Shockwave" = Shockwave
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"ST5UNST #1" = project dogwaffle
"ST5UNST #2" = project dogwaffle (c:\)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.1.0
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WavePad" = WavePad Audiobearbeitungs-Software
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Live Toolbar" = Windows Live Toolbar
"Winload Toolbar" = Winload Toolbar
"www.Freeware-download.com Toolbar" = Freeware Download - Free Software Downloads Toolbar
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.07.2012 10:26:27 | Computer Name = mrx | Source = VSS | ID = 12292
Description =
Error - 19.07.2012 10:26:27 | Computer Name = mrx | Source = System Restore | ID = 8193
Description =
Error - 19.07.2012 12:37:17 | Computer Name = mrx | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation
was canceled. You canceled the Security Essentials installation on your computer.
Error code:0x8004FF0A.
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 40
Description =
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 12292
Description =
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 40
Description =
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 12292
Description =
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 40
Description =
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 12292
Description =
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = System Restore | ID = 8193
Description =
[ OSession Events ]
Error - 25.02.2011 18:49:31 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 124
seconds with 60 seconds of active time. This session ended with a crash.
Error - 26.02.2011 06:38:57 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
seconds with 0 seconds of active time. This session ended with a crash.
Error - 26.02.2011 17:25:03 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.02.2011 04:11:03 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 129
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28.02.2011 17:58:33 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 122
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.03.2011 03:24:51 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3723
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.03.2011 04:18:15 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3724
seconds with 120 seconds of active time. This session ended with a crash.
Error - 01.03.2011 07:38:01 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3724
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.03.2012 06:49:02 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1237
seconds with 240 seconds of active time. This session ended with a crash.
Error - 03.06.2012 15:22:46 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 18.07.2012 23:56:36 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
Error - 19.07.2012 08:22:35 | Computer Name = mrx | Source = Service Control Manager | ID = 7000
Description =
Error - 19.07.2012 08:22:35 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
Error - 19.07.2012 08:23:01 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
Error - 19.07.2012 10:16:16 | Computer Name = mrx | Source = Service Control Manager | ID = 7000
Description =
Error - 19.07.2012 10:16:16 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
Error - 19.07.2012 10:16:33 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
Error - 19.07.2012 12:13:54 | Computer Name = mrx | Source = Service Control Manager | ID = 7000
Description =
Error - 19.07.2012 12:13:54 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
Error - 19.07.2012 12:14:11 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
GMER Logfile:
|
|
19.07.2012, 20:41
| #8 |
| | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden Hallo Markusg., ich hoffe dass ich jetzt alles richtig gemacht habe und nichts fehlt. Danke Marion defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:27 on 19/07/2012 (marion) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=-OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.07.2012 18:56:29 - Run 6 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\xxx\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 36,05% Memory free 4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 70,77 Gb Total Space | 3,49 Gb Free Space | 4,93% Space Free | Partition Type: NTFS Drive D: | 70,47 Gb Total Space | 48,94 Gb Free Space | 69,45% Space Free | Partition Type: NTFS Computer Name: MRX | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Users\xxx\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Mobility Center\MobilityService.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libglesv2.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libegl.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll () MOD - C:\Users\xxx\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll () MOD - C:\Users\xxx\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL () MOD - C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll () MOD - C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll () MOD - C:\Windows\System32\BatchCrypto.dll () MOD - C:\Windows\System32\ShowErrMsg.dll () MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll () ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (AWISp60) -- System32\Drivers\AWISp60.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\Windows\System32\drivers\se44unic.sys (MCCI) DRV - (se44obex) -- C:\Windows\System32\drivers\se44obex.sys (MCCI) DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\Windows\System32\drivers\se44nd5.sys (MCCI) DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\se44mgmt.sys (MCCI) DRV - (se44mdm) -- C:\Windows\System32\drivers\se44mdm.sys (MCCI) DRV - (se44mdfl) -- C:\Windows\System32\drivers\se44mdfl.sys (MCCI) DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\Windows\System32\drivers\se44bus.sys (MCCI) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\xxx\Music\Mammas musikk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_6&babsrc=SP_ss&mntrId=a008b45b0000000000000016d4cb915c IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKCU\..\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}: "URL" = hxxp://resultsmaster.com/SmartOffers/SmartOffers.aspx?HBHintSVC=resultsmaster&HBHintSearchTermFields=qu&qu={searchTerms}&opener=iesearchbox IE - HKCU\..\SearchScopes\{4E317010-F0AE-4905-BAE1-02F3402FA6DE}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=uuH9Yv5TERdTI-aou6w9nDZZ-FA?q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{E8E72B61-195D-4E48-808D-91814217DD05}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP_ss_cr&mntrId=a008b45b0000000000000016d4cb915c" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: dplauncher@digitalpublishing.de:1.1 FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.6.0.10 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@digitalpublishing.de/dpLaunch: C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com [2012.07.14 16:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2012.07.14 18:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions [2010.05.18 22:26:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.07.09 17:27:33 | 000,000,000 | ---D | M] (Freeware Download - Free Software Downloads Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7} [2009.04.01 09:29:36 | 000,000,000 | ---D | M] ("Neopets Toolbar") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{2cb97724-d789-4f43-8888-a763cbb8df6f} [2012.06.12 19:10:18 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012.07.15 18:37:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2009.10.24 10:23:36 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2012.04.15 13:50:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.30 17:28:16 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6} [2012.06.16 08:59:46 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2011.02.12 17:46:32 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\dplauncher@digitalpublishing.de [2011.01.22 20:21:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\engine@conduit.com [2011.12.19 17:42:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ffxtlbr@babylon.com [2009.08.26 08:53:54 | 000,000,000 | ---D | M] (Neopets Toolbar Add-on) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ntaddon@swordfire.net [2012.07.04 17:03:48 | 000,000,000 | ---D | M] ("SearchGBY") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\plugin@searchgby.com [2012.06.16 13:24:39 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\software@loadtubes.com [2011.12.02 01:12:34 | 000,000,931 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\conduit.xml [2012.07.14 13:10:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-1.xml [2008.07.02 23:40:32 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-10.xml [2008.07.16 20:08:10 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-11.xml [2008.10.24 14:08:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-12.xml [2008.11.15 00:19:31 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-13.xml [2008.12.20 00:38:12 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-14.xml [2009.02.06 23:27:51 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-15.xml [2009.03.09 07:42:22 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-16.xml [2009.03.28 09:59:43 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-17.xml [2009.04.24 13:43:05 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-18.xml [2009.05.01 08:00:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-19.xml [2007.10.20 17:07:55 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-2.xml [2009.06.12 19:28:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-20.xml [2009.07.23 09:45:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-21.xml [2009.08.05 13:51:18 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-22.xml [2009.09.11 06:44:54 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-23.xml [2009.10.30 23:25:26 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-24.xml [2009.12.12 21:20:19 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-25.xml [2009.12.20 09:54:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-26.xml [2010.01.06 23:01:57 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-27.xml [2010.02.28 08:07:23 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-28.xml [2010.04.21 15:27:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-29.xml [2007.11.03 14:17:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-3.xml [2011.01.21 18:09:17 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-30.xml [2011.02.17 21:48:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-31.xml [2007.11.28 10:41:54 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-4.xml [2007.12.08 18:57:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-5.xml [2008.02.11 12:26:46 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-6.xml [2008.03.26 22:34:04 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-7.xml [2008.04.17 13:16:11 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-8.xml [2008.06.19 07:16:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-9.xml [2007.09.15 17:50:14 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin.xml [2008.12.05 08:05:10 | 000,005,711 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\search-the-web.xml [2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\Search_Results.xml [2012.04.24 15:13:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.16 13:24:35 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012.07.06 17:41:28 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.12.30 14:27:06 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll CHR - plugin: dp Launcher Plugin (Enabled) = C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: DVDVideoSoftTB DE = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\2.3.15.10_0\ CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Toolbar = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: SearchGBY = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep\0.9.55_0\ CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Freeware Download - Free Software Downloads Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.) O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - !{26647ca4-a2a7-4eac-8a72-761aa9141de7} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found. O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (NCH DE Toolbar) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab (dp Launcher Plugin) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDEF664-F3C4-4C3F-9B36-77858D38808D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {FF151822-B0BF-11D1-A80D-000000000000} - C:\Programme\Common Files\System\Ole DB\oledb32.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\Pictures\Pictures\lisa+awaz.jpg O24 - Desktop BackupWallPaper: D:\Pictures\Pictures\lisa+awaz.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell - "" = AutoRun O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk /r \??\H:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: 捁牥吠畯敒業摮牥 - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2012.07.18 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2012.07.18 14:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.18 14:20:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.18 14:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.17 17:24:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2012.07.17 13:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.07.17 13:08:50 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.07.17 13:08:50 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.07.17 13:08:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.07.17 13:08:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\NCH Software [2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2012.07.15 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\CRE [2012.07.15 18:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB_DE [2012.07.15 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.15 18:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.07.15 18:36:55 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll [2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2012.07.15 18:32:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Digiarty [2012.07.15 18:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty [2012.07.15 18:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2012.07.15 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Abelssoft [2012.07.14 18:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012.07.14 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.07.14 18:35:23 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe [2012.07.14 16:17:27 | 000,154,416 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys [2012.07.14 16:17:01 | 000,033,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys [2012.07.14 14:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.14 12:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sirrix AG [2012.07.14 12:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sirrix AG [2012.07.14 11:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.07.14 10:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012.07.14 10:20:28 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe [2012.07.14 07:36:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\gegen Trojaner [2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Qoiwc [2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Akafu [2012.07.11 17:58:53 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.11 17:51:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.11 17:51:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.11 17:51:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.11 17:51:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.11 17:51:20 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.11 17:51:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.11 17:51:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.11 17:47:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.10 15:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.09 21:59:49 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.07.09 21:59:49 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.07.09 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.07.09 21:59:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2012.07.09 21:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012.07.09 21:50:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.07.09 21:50:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.07.09 21:48:48 | 037,771,696 | ---- | C] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe [2012.07.06 17:41:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar [2012.07.06 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar [2012.07.06 17:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.07.03 21:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\SearchGBY [2012.07.03 21:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\KB Piano 2 [2012.07.02 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ilivid Player [2012.06.21 19:23:47 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.21 19:23:47 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.21 19:23:00 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.21 19:23:00 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.21 19:23:00 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.21 19:22:44 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.21 19:22:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.06.17 18:30:40 | 004,441,861 | ---- | C] ((c) 2006-2011, Tom Thielicke IT Solutions ) -- C:\Users\xxx\tipp10_win_v2-1-0.exe [2012.04.04 15:55:01 | 006,951,776 | ---- | C] (digital publishing AG) -- C:\Users\xxx\dpLaunchSet.exe [2007.08.21 08:07:16 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxx\AppData\Local\cmdial32.dll [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.19 18:55:52 | 000,002,735 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Outlook 2007.lnk [2012.07.19 18:50:09 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.001 [2012.07.19 18:49:10 | 000,302,592 | ---- | M] () -- C:\Users\xxx\Desktop\d360pqyn.exe [2012.07.19 18:47:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job [2012.07.19 18:37:15 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.07.19 18:20:19 | 000,677,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.19 18:20:19 | 000,637,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.19 18:20:19 | 000,121,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.19 18:20:18 | 000,146,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.19 18:13:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.19 18:13:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.19 18:13:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.19 16:16:46 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat [2012.07.18 18:27:33 | 000,046,592 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.18 14:22:23 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.17 20:27:49 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2012.07.17 20:25:03 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe [2012.07.17 17:24:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2012.07.17 13:07:55 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.07.17 13:07:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.07.17 13:07:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.07.17 13:07:53 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.07.17 13:07:52 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.07.17 08:46:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job [2012.07.15 18:37:35 | 000,000,009 | ---- | M] () -- C:\END [2012.07.15 18:36:57 | 000,001,195 | ---- | M] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk [2012.07.15 15:50:44 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.15 15:50:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.14 18:37:50 | 000,002,065 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk [2012.07.14 18:35:23 | 000,739,856 | ---- | M] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe [2012.07.14 10:37:38 | 000,002,522 | ---- | M] () -- C:\Windows\System32\.crusader [2012.07.14 10:20:36 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe [2012.07.13 17:22:09 | 000,002,633 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Excel 2007.lnk [2012.07.11 18:30:01 | 000,004,135 | ---- | M] () -- C:\WirelessDiagLog.csv [2012.07.11 18:08:11 | 000,425,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.10 16:08:24 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.07.10 16:08:24 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.07.09 21:59:43 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.07.09 21:49:42 | 037,771,696 | ---- | M] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe [2012.07.09 18:05:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad [2012.07.08 12:56:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.07.06 17:41:39 | 000,000,725 | ---- | M] () -- C:\user.js [2012.07.05 18:10:57 | 070,101,919 | ---- | M] () -- C:\Users\xxx\Englisch für Anfänger.wma [2012.07.05 18:09:06 | 216,268,903 | ---- | M] () -- C:\Users\xxx\Sprachkurs Englisch.wma [2012.07.05 15:22:30 | 000,043,410 | ---- | M] () -- C:\Users\xxx\tickets2.pdf [2012.07.05 15:22:15 | 000,043,453 | ---- | M] () -- C:\Users\xxx\tickets.pdf [2012.07.03 21:02:46 | 000,030,520 | ---- | M] () -- C:\Windows\System32\midiwrap3405.deu [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.29 17:01:54 | 000,544,356 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf [2012.06.29 17:00:12 | 061,108,057 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma [2012.06.27 21:44:49 | 000,013,615 | ---- | M] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf [2012.06.26 17:28:07 | 000,218,587 | ---- | M] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf [2012.06.25 21:33:53 | 153,919,040 | ---- | M] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma [2012.06.22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.19 18:49:08 | 000,302,592 | ---- | C] () -- C:\Users\xxx\Desktop\d360pqyn.exe [2012.07.19 18:37:15 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.07.18 14:20:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.17 20:27:49 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2012.07.17 20:25:03 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe [2012.07.15 18:37:35 | 000,000,009 | ---- | C] () -- C:\END [2012.07.15 18:36:57 | 000,001,195 | ---- | C] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk [2012.07.14 18:37:50 | 000,002,065 | ---- | C] () -- C:\Users\xxx\Desktop\Google Chrome.lnk [2012.07.14 18:36:36 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job [2012.07.14 18:36:34 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job [2012.07.14 10:37:38 | 000,002,522 | ---- | C] () -- C:\Windows\System32\.crusader [2012.07.09 21:59:43 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012.07.09 21:59:43 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.07.08 12:46:33 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.07.08 12:46:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.07.05 18:09:23 | 070,101,919 | ---- | C] () -- C:\Users\xxx\Englisch für Anfänger.wma [2012.07.05 18:04:04 | 216,268,903 | ---- | C] () -- C:\Users\xxx\Sprachkurs Englisch.wma [2012.07.05 15:22:29 | 000,043,410 | ---- | C] () -- C:\Users\xxx\tickets2.pdf [2012.07.05 15:22:14 | 000,043,453 | ---- | C] () -- C:\Users\xxx\tickets.pdf [2012.07.03 21:02:46 | 000,030,520 | ---- | C] () -- C:\Windows\System32\midiwrap3405.deu [2012.06.29 17:01:53 | 000,544,356 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf [2012.06.29 16:58:56 | 061,108,057 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma [2012.06.27 21:44:49 | 000,013,615 | ---- | C] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf [2012.06.26 17:28:05 | 000,218,587 | ---- | C] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf [2012.06.25 21:30:17 | 153,919,040 | ---- | C] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma [2012.06.17 17:00:42 | 000,005,871 | ---- | C] () -- C:\Users\xxx\AppData\Local\recently-used.xbel [2012.06.16 15:41:37 | 000,068,608 | ---- | C] () -- C:\Users\xxx\Hat die Praktikantin.pub [2012.05.29 19:26:50 | 008,219,648 | ---- | C] () -- C:\Users\xxx\Meine Broschüre.pub [2012.05.19 16:47:59 | 000,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI [2012.05.07 18:51:22 | 173,966,408 | ---- | C] () -- C:\Users\xxx\Rossmann-Fotosoftware-Setup.exe [2012.04.23 21:06:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll [2012.03.21 16:38:37 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2011.12.23 19:14:03 | 000,084,405 | ---- | C] () -- C:\Users\xxx\Leseprobe Klugscheißer für Fake.pdf [2011.12.23 16:55:13 | 000,133,564 | ---- | C] () -- C:\Users\xxx\Leseprobe für Fake.pdf [2011.07.07 08:55:26 | 001,812,597 | ---- | C] () -- C:\Users\xxx\Monitorkalibrierung.zip [2011.06.30 14:06:46 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.06.25 22:32:22 | 002,948,218 | ---- | C] () -- C:\Users\xxx\Leseprobe.pdf [2011.06.03 14:20:31 | 000,184,192 | ---- | C] () -- C:\Users\xxx\BuT.pdf [2011.06.02 10:49:31 | 034,104,383 | ---- | C] () -- C:\Users\xxx\Kopie von context (5).pdf [2011.04.23 12:03:47 | 000,008,468 | ---- | C] () -- C:\Users\xxx\bildungspaket.pdf [2011.02.26 21:53:39 | 000,004,096 | -H-- | C] () -- C:\Users\xxx\AppData\Local\keyfile3.drm [2010.03.07 16:40:47 | 000,014,519 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2008.03.11 07:41:26 | 000,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat [2007.06.20 18:05:35 | 000,008,438 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\mdb.bin [2007.06.12 20:20:30 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.001 [2007.06.12 18:29:04 | 000,046,592 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.06.12 18:18:50 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat ========== LOP Check ========== [2012.07.13 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Akafu [2009.10.24 10:02:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Artweaver [2011.12.19 17:42:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon [2012.07.06 17:41:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar [2010.03.23 21:08:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon [2009.11.15 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CasualForge [2010.02.16 14:43:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\cerasus.media [2012.07.15 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Digiarty [2011.02.12 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\digital publishing [2012.07.15 18:38:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft [2012.07.15 18:37:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.10 15:59:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FreeScreenToVideo [2012.04.21 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GetRightToGo [2012.06.14 19:01:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0 [2007.09.15 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ [2008.03.10 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ Toolbar [2008.12.25 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech [2012.05.04 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware [2012.06.16 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\loadtbs [2007.12.24 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX [2010.11.14 18:43:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Merscom [2011.08.25 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\NCH Swift Sound [2009.04.01 09:29:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Neopets Toolbar [2011.06.09 22:18:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org [2008.03.02 15:07:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC-FAX TX [2009.08.08 20:06:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Peace Craft [2011.02.22 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PeerNetworking [2012.07.14 10:11:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Qoiwc [2007.06.20 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ScanSoft [2008.12.31 17:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spandex Force [2012.06.01 20:53:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TimePunch [2012.07.09 21:59:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2012.06.12 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Vodafone [2008.10.19 19:28:10 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job [2012.07.19 16:48:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.07.18 13:38:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2007.06.12 16:56:11 | 000,000,000 | ---D | M] -- C:\Acer [2007.01.19 20:02:16 | 000,000,000 | ---D | M] -- C:\Book [2009.09.20 20:51:22 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.06.12 16:49:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007.01.19 20:02:16 | 000,000,000 | ---D | M] -- C:\DRV [2012.04.27 18:46:10 | 000,000,000 | ---D | M] -- C:\F0 [2010.06.06 21:50:07 | 000,000,000 | ---D | M] -- C:\inetpub [2012.04.28 12:40:03 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.07.12 22:01:49 | 000,000,000 | ---D | M] -- C:\Multimedia Files [2012.05.02 19:55:51 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.07.18 14:20:47 | 000,000,000 | R--D | M] -- C:\Program Files [2012.04.23 21:06:25 | 000,000,000 | ---D | M] -- C:\Program1 [2012.07.18 13:59:07 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.06.12 16:49:58 | 000,000,000 | -HSD | M] -- C:\Programme [2012.07.09 21:58:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2007.06.14 22:04:44 | 000,000,000 | ---D | M] -- C:\temp [2007.06.12 16:53:35 | 000,000,000 | R--D | M] -- C:\Users [2012.07.19 18:37:15 | 000,000,000 | ---D | M] -- C:\Windows [2009.11.15 21:27:48 | 000,000,000 | ---D | M] -- C:\~QTWTMP.TMP < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.14 10:15:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 10:15:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.14 10:15:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: ENETHOOK.DLL > [2006.12.28 21:07:22 | 000,090,112 | ---- | M] (acer) MD5=D1DDFF67D47BD6762A6B2282E5C354AD -- C:\Acer\Empowering Technology\eNet\eNetHook.dll [2006.12.28 21:07:22 | 000,090,112 | ---- | M] (acer) MD5=D1DDFF67D47BD6762A6B2282E5C354AD -- C:\Windows\System32\eNetHook.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.11.15 08:15:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.11.15 08:15:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.06.13 12:37:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.06.13 12:37:25 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.06.25 21:33:53 | 153,919,040 | ---- | M] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma [2012.06.26 17:28:07 | 000,218,587 | ---- | M] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf [2012.06.27 21:44:49 | 000,013,615 | ---- | M] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf [2011.04.23 12:03:50 | 000,008,468 | ---- | M] () -- C:\Users\xxx\bildungspaket.pdf [2011.06.03 14:20:33 | 000,184,192 | ---- | M] () -- C:\Users\xxx\BuT.pdf [2012.07.14 18:35:23 | 000,739,856 | ---- | M] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe [2012.07.17 20:27:49 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2012.04.04 15:55:17 | 006,951,776 | ---- | M] (digital publishing AG) -- C:\Users\xxx\dpLaunchSet.exe [2012.07.05 18:10:57 | 070,101,919 | ---- | M] () -- C:\Users\xxx\Englisch für Anfänger.wma [2012.06.29 17:01:54 | 000,544,356 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf [2012.06.29 17:00:12 | 061,108,057 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma [2012.04.17 20:55:51 | 000,034,816 | ---- | M] () -- C:\Users\xxx\geschaeftsbrief-form-A-bezugszeichenzeile.doc [2012.06.16 15:41:38 | 000,068,608 | ---- | M] () -- C:\Users\xxx\Hat die Praktikantin.pub [2012.07.14 10:20:36 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe [2011.06.02 10:50:21 | 034,104,383 | ---- | M] () -- C:\Users\xxx\Kopie von context (5).pdf [2011.12.23 16:55:17 | 000,133,564 | ---- | M] () -- C:\Users\xxx\Leseprobe für Fake.pdf [2011.12.23 19:14:06 | 000,084,405 | ---- | M] () -- C:\Users\xxx\Leseprobe Klugscheißer für Fake.pdf [2011.06.26 10:25:21 | 002,948,218 | ---- | M] () -- C:\Users\xxx\Leseprobe.pdf [2012.05.29 20:41:11 | 008,219,648 | ---- | M] () -- C:\Users\xxx\Meine Broschüre.pub [2011.07.07 08:55:34 | 001,812,597 | ---- | M] () -- C:\Users\xxx\Monitorkalibrierung.zip [2012.07.19 18:56:46 | 005,505,024 | -HS- | M] () -- C:\Users\xxx\ntuser.dat [2012.07.19 18:56:46 | 000,262,144 | ---- | M] () -- C:\Users\xxx\ntuser.dat.LOG1 [2008.02.28 18:40:16 | 000,262,144 | -H-- | M] () -- C:\Users\xxx\ntuser.dat.LOG2 [2012.07.19 16:48:40 | 000,065,536 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012.06.08 22:38:17 | 000,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.07.19 16:48:40 | 000,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2007.06.12 16:53:35 | 000,000,020 | -HS- | M] () -- C:\Users\xxx\ntuser.ini [2012.05.07 18:55:58 | 173,966,408 | ---- | M] () -- C:\Users\xxx\Rossmann-Fotosoftware-Setup.exe [2012.07.05 18:09:06 | 216,268,903 | ---- | M] () -- C:\Users\xxx\Sprachkurs Englisch.wma [2012.07.05 15:22:15 | 000,043,453 | ---- | M] () -- C:\Users\xxx\tickets.pdf [2012.07.05 15:22:30 | 000,043,410 | ---- | M] () -- C:\Users\xxx\tickets2.pdf [2012.06.17 18:30:53 | 004,441,861 | ---- | M] ((c) 2006-2011, Tom Thielicke IT Solutions ) -- C:\Users\xxx\tipp10_win_v2-1-0.exe [2012.07.09 21:49:42 | 037,771,696 | ---- | M] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:551E1CB4 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:F878F14A @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5425B7F5 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:940ECC98 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:90E60569 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCDE7C60 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:91CF76E3 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:580E04D8 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0207454C @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B652B720 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6CEB2458 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:426796C0 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FF818E2B @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1CB8D545 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9AB338B9 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:01442FD8 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D88D995C @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9AB56A06 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:08F16DBB @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:550179F5 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:30C46519 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E1982A23 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D7FCCD3 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B54102AD @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0D31DA45 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3CF23EC3 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8C458D50 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B419A171 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9B52F176 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8FBE0E9C @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:90E3641D @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DDE7FCF4 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B14B4A95 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:588B60C7 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:37CE0F2E @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:34FC1C45 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:25005EFA @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:1C9565AC @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:1D6686D8 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:567AC0A6 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F50F1555 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.07.2012 18:56:29 - Run 6
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\xxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 36,05% Memory free
4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 3,49 Gb Free Space | 4,93% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 48,94 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
Computer Name: MRX | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- Reg Error: Key error. File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- Reg Error: Key error.
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2661263122-194117992-2275258509-1000]
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{346867F9-3C20-4C98-AAF6-B02529E263B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{37A0EB63-4D86-4336-BE5D-A7BFDC298198}" = lport=139 | protocol=6 | dir=in | app=system |
"{489D774C-7EB5-4FA6-8F66-2CD2942EBCEC}" = rport=137 | protocol=17 | dir=out | app=system |
"{63F6B6F2-16D0-4749-B18F-DCA26913933E}" = rport=138 | protocol=17 | dir=out | app=system |
"{71E48E32-6FA5-4F27-A447-F145C08A7857}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{89C7BE34-30F1-4390-9B56-ED10E45C1246}" = lport=445 | protocol=6 | dir=in | app=system |
"{962F518E-2483-468B-816F-C30594A17437}" = rport=139 | protocol=6 | dir=out | app=system |
"{C0A5897C-39FC-41FC-A672-BDD523F60B4D}" = rport=445 | protocol=6 | dir=out | app=system |
"{E063FE22-0CDF-49BF-9B6E-EC86F48FD4AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E182A16E-470D-4533-911C-E66759DB1A20}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B96488-3DBE-48C6-A6B8-90BE7007060B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{22BD631D-07B7-4449-AAD2-0B45E4F99711}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{52252B4E-4A05-4318-AD07-5D128B3A27A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6D69BB0F-6E76-4B8A-9A55-D8097D254FEB}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{733A0380-1825-4BAF-A4BA-AC24ADD6A735}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7CA02D95-F8B7-4D63-A5BC-7BB970EEFB79}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{8B9A559A-13E9-465F-A3B7-B96626D59100}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{9B0A00D7-84E9-4ED5-BBE7-A8425C8D9555}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{A2E669A7-30E2-44C6-A030-D7CD08F49352}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{B0A6DFCC-DA6B-47BF-8ECF-74B67C186D1C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BBA0D5BE-EC83-4E25-A88F-C581AC3EA841}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3DBE1E0-D3C4-48B7-8EC8-2965A31E6DD5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1773B6B-AB71-4350-8A93-858F51D6B287}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{F4B3F2A2-C754-4066-94FA-A97562DB2B93}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"TCP Query User{930CC031-DDEC-46FF-960F-87ADD530FAD1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{4D054CA8-C329-4F48-9F13-7F045EDB2D2B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Qtpfsgui 1.9.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93567BBD-4369-47B2-A621-78E008F8EA33}" = Lexware Elster
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D871EE71-6EBD-4EEC-9418-69E8782E6BBB}" = Lexware financial office 2009
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign 2.0" = Adobe InDesign 2.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GIF Animator" = Microsoft GIF Animator
"GIMP-2_is1" = GIMP 2.8.0
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"loadtbs-2.1" = loadtbs-2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MyCamera" = Canon Utilities MyCamera
"Neopets" = Neopets
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.3a
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Searchqu 417 MediaBar" = Windows Searchqu Toolbar
"Shockwave" = Shockwave
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"ST5UNST #1" = project dogwaffle
"ST5UNST #2" = project dogwaffle (c:\)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.1.0
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WavePad" = WavePad Audiobearbeitungs-Software
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Live Toolbar" = Windows Live Toolbar
"Winload Toolbar" = Winload Toolbar
"www.Freeware-download.com Toolbar" = Freeware Download - Free Software Downloads Toolbar
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.07.2012 10:26:27 | Computer Name = mrx | Source = VSS | ID = 12292
Description =
Error - 19.07.2012 10:26:27 | Computer Name = mrx | Source = System Restore | ID = 8193
Description =
Error - 19.07.2012 12:37:17 | Computer Name = mrx | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation
was canceled. You canceled the Security Essentials installation on your computer.
Error code:0x8004FF0A.
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 40
Description =
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 12292
Description =
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 40
Description =
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 12292
Description =
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 40
Description =
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 12292
Description =
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = System Restore | ID = 8193
Description =
[ OSession Events ]
Error - 25.02.2011 18:49:31 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 124
seconds with 60 seconds of active time. This session ended with a crash.
Error - 26.02.2011 06:38:57 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
seconds with 0 seconds of active time. This session ended with a crash.
Error - 26.02.2011 17:25:03 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.02.2011 04:11:03 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 129
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28.02.2011 17:58:33 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 122
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.03.2011 03:24:51 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3723
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.03.2011 04:18:15 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3724
seconds with 120 seconds of active time. This session ended with a crash.
Error - 01.03.2011 07:38:01 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3724
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.03.2012 06:49:02 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1237
seconds with 240 seconds of active time. This session ended with a crash.
Error - 03.06.2012 15:22:46 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 18.07.2012 23:56:36 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
Error - 19.07.2012 08:22:35 | Computer Name = mrx | Source = Service Control Manager | ID = 7000
Description =
Error - 19.07.2012 08:22:35 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
Error - 19.07.2012 08:23:01 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
Error - 19.07.2012 10:16:16 | Computer Name = mrx | Source = Service Control Manager | ID = 7000
Description =
Error - 19.07.2012 10:16:16 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
Error - 19.07.2012 10:16:33 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
Error - 19.07.2012 12:13:54 | Computer Name = mrx | Source = Service Control Manager | ID = 7000
Description =
Error - 19.07.2012 12:13:54 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
Error - 19.07.2012 12:14:11 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description =
GMER Logfile:
|
|
20.07.2012, 17:18
| #9 | |
| /// Malware-holic | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.07.2012, 18:41
| #10 |
| | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden Hallo markusg., war das der letzte Schritt und wenn ja wie kann ich mein System optimal schützen? Erst mal wieder danke - ohne Menschen wie euch wäre ich verloren gewesen. Ich muss allerdings zugeben dass mich das ganze enorm fasziniert... Gruß MarionCombofix Logfile: Code:
ATTFilter ComboFix 12-07-20.02 - xxx 20.07.2012 19:05:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.1108 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\IMinent Toolbar\tbHElper.dll
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
c:\programdata\Roaming
c:\users\xxx\chrome_installer200113247.exe
c:\users\xxx\Documents\~WRL2797.tmp
c:\users\xxx\HitmanPro36.exe
c:\users\xxx\Rossmann-Fotosoftware-Setup.exe
c:\users\xxx\tipp10_win_v2-1-0.exe
c:\users\xxx\TuneUpUtilities2012_de-DE.exe
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\~GLC0002.TMP
c:\windows\~GLH0000.TMP
c:\windows\~GLH0001.TMP
c:\windows\~GLH0002.TMP
c:\windows\IsUn0407.exe
c:\windows\System32\Desktop_.ini
c:\windows\system32\drivers\~GLH0014.TMP
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
c:\windows\system32\tmp81EB.tmp
c:\windows\system32\tmp8298.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-20 bis 2012-07-20 ))))))))))))))))))))))))))))))
.
.
2012-07-20 17:23 . 2012-07-20 17:24 -------- d-----w- c:\users\xxx\AppData\Local\temp
2012-07-20 17:23 . 2012-07-20 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-20 11:42 . 2012-06-28 23:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D5B8B65-635D-46AF-A620-50B3F875E52B}\mpengine.dll
2012-07-20 04:45 . 2012-07-20 04:45 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EE3BC89-85DB-4D12-90E4-1265939C3740}\gapaengine.dll
2012-07-20 04:45 . 2012-06-28 23:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 04:31 . 2012-07-20 04:32 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-20 04:30 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-07-18 12:21 . 2012-07-18 12:21 -------- d-----w- c:\users\xxx\AppData\Roaming\Malwarebytes
2012-07-17 11:09 . 2012-07-17 11:09 -------- d-----w- c:\program files\Common Files\Java
2012-07-17 11:08 . 2012-07-17 11:07 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-16 15:49 . 2012-07-16 15:49 -------- d-----w- c:\users\xxx\AppData\Roaming\NCH Software
2012-07-16 15:49 . 2012-07-16 15:49 -------- d-----w- c:\programdata\NCH Software
2012-07-15 16:37 . 2012-07-15 16:37 -------- d-----w- c:\users\xxx\AppData\Local\CRE
2012-07-15 16:37 . 2012-07-15 16:37 -------- d-----w- c:\users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
2012-07-15 16:36 . 2012-06-22 14:32 405144 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-07-15 16:36 . 2012-07-15 16:36 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2012-07-15 16:36 . 2012-07-15 16:36 -------- d-----w- c:\program files\DVDVideoSoft
2012-07-15 16:32 . 2012-07-15 16:32 -------- d-----w- c:\users\xxx\AppData\Roaming\Digiarty
2012-07-15 16:31 . 2012-07-15 16:31 -------- d-----w- c:\program files\Digiarty
2012-07-15 16:15 . 2012-07-15 16:15 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-07-15 16:15 . 2012-07-15 16:15 -------- d-----w- c:\users\xxx\AppData\Local\Abelssoft
2012-07-14 16:39 . 2012-07-14 16:55 -------- d-----w- c:\programdata\HitmanPro
2012-07-14 14:17 . 2011-06-24 13:46 154416 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-07-14 14:17 . 2011-06-24 13:46 33072 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-07-14 12:10 . 2012-07-14 12:10 -------- d-----w- c:\programdata\Malwarebytes
2012-07-14 10:25 . 2012-07-14 13:30 -------- d-----w- c:\programdata\Sirrix AG
2012-07-14 10:25 . 2012-07-14 12:56 -------- d-----w- c:\program files\Sirrix AG
2012-07-14 09:57 . 2012-07-14 09:57 -------- d-----w- c:\program files\Oracle
2012-07-14 08:21 . 2012-07-14 08:21 -------- d-----w- c:\program files\HitmanPro
2012-07-14 05:36 . 2012-07-14 11:20 -------- d-----w- c:\users\xxx\gegen Trojaner
2012-07-13 18:43 . 2012-07-14 08:11 -------- d-----w- c:\users\xxx\AppData\Roaming\Qoiwc
2012-07-13 18:43 . 2012-07-13 18:43 -------- d-----w- c:\users\xxx\AppData\Roaming\Akafu
2012-07-13 09:32 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{267B2F88-B6FF-40EC-B621-C0C2044845E8}\mpengine.dll
2012-07-11 15:58 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 15:47 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 15:47 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 15:47 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 15:47 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 15:47 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 15:47 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-09 19:59 . 2012-05-29 11:09 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-07-09 19:59 . 2012-05-29 11:09 21344 ----a-w- c:\windows\system32\authuitu.dll
2012-07-09 19:59 . 2012-07-09 19:59 -------- d-----w- c:\users\xxx\AppData\Roaming\TuneUp Software
2012-07-09 19:58 . 2012-07-09 19:59 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-07-09 19:50 . 2012-07-09 19:50 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-09 19:50 . 2012-07-09 19:50 -------- d--h--w- c:\programdata\Common Files
2012-07-06 15:41 . 2012-07-06 15:41 -------- d-----w- c:\users\xxx\AppData\Roaming\BabylonToolbar
2012-07-06 15:41 . 2012-07-06 15:41 -------- d-----w- c:\program files\BabylonToolbar
2012-07-06 15:41 . 2012-07-06 15:41 -------- d-----w- c:\programdata\Babylon
2012-07-03 19:03 . 2012-07-03 19:03 -------- d-----w- c:\program files\SearchGBY
2012-07-03 19:02 . 2012-07-03 19:02 30520 ----a-w- c:\windows\system32\midiwrap3405.deu
2012-07-03 19:02 . 2012-07-03 19:05 -------- d-----w- c:\program files\KB Piano 2
2012-07-02 20:15 . 2012-07-02 20:15 -------- d-----w- c:\users\xxx\AppData\Local\Ilivid Player
2012-06-21 17:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 17:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 17:23 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 17:23 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 17:23 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 17:23 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 17:23 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 17:22 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 17:22 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 11:07 . 2011-04-18 20:34 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-10 14:08 . 2011-12-16 10:48 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-10 14:08 . 2011-12-16 10:48 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-01 14:03 . 2012-06-14 13:12 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-14 13:12 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-14 13:12 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-14 13:12 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2010-07-07 16:22 . 2008-02-11 07:30 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof0.dll" [2010-10-18 3908192]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWin0.dll" [2010-10-18 3908192]
"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\program files\NCH_DE\prxtbNCH_.dll" [2011-01-17 175912]
"{26647ca4-a2a7-4eac-8a72-761aa9141de7}"= "c:\program files\www.Freeware-download.com\tbwww..dll" [2010-10-18 3908192]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_CLASSES_ROOT\clsid\{26647ca4-a2a7-4eac-8a72-761aa9141de7}]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 08:49 176936 ----a-w- c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26647ca4-a2a7-4eac-8a72-761aa9141de7}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\www.Freeware-download.com\tbwww..dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Winload\tbWin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54 2607872 ----a-w- c:\program files\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Softonic_Deutsch\tbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b106b661-3e1b-4015-af5c-195e909f35c6}]
2011-01-17 14:54 175912 ----a-w- c:\program files\NCH_DE\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof0.dll" [2010-10-18 3908192]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWin0.dll" [2010-10-18 3908192]
"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\program files\NCH_DE\prxtbNCH_.dll" [2011-01-17 175912]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B106B661-3E1B-4015-AF5C-195E909F35C6}"= "c:\program files\NCH_DE\prxtbNCH_.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-12 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-10 348624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Inhaltsverzeichnis.onetoc2 [2008-4-24 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-19 528384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\eNetHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e [?]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PaperPort PTD"=c:\program files\ScanSoft\PaperPort\pptd40nt.exe
"IndexSearch"=c:\program files\ScanSoft\PaperPort\IndexSearch.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
"Acer Tour Reminder"=c:\acer\AcerTour\Reminder.exe
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2661263122-194117992-2275258509-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2008-10-19 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 10:32]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 10:32]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
- c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-14 16:36]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
- c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-14 16:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP_ss&mntrId=a008b45b0000000000000016d4cb915c
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.arcor.de
mWindow Title = Arcor AG & Co. KG
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: Free YouTube to MP3 Converter - c:\users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {85C86CCC-2158-4123-9C7D-785190CED875} - hxxps://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-10 - (no file)
Toolbar-!{26647ca4-a2a7-4eac-8a72-761aa9141de7} - (no file)
Toolbar-!{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
Toolbar-!{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-Adobe InDesign 2.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Searchqu 417 MediaBar - c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-07-20 19:24
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6ddef664-f3c4-4c3f-9b36-77858d38808d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f0016d4
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{75a8b7a7-9e48-488e-88c2-8fdfea9da0b5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a68e9dec-c597-412f-9254-f7f9bafc28f8}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001302
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{af6bbb94-99d9-42ca-ba0b-28909748dce8}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0016d4
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\eNetHook.dll
.
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\eNetHook.dll
.
Zeit der Fertigstellung: 2012-07-20 19:29:14
ComboFix-quarantined-files.txt 2012-07-20 17:28
.
Vor Suchlauf: 3.174.076.416 Bytes frei
Nach Suchlauf: 3.855.273.984 Bytes frei
.
- - End Of File - - 72E69D8DEA6BBA8F773E7650269D6FDC
|
|
27.07.2012, 19:55
| #11 |
| /// Malware-holic | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden sorry für die wartezeit. wie läuft das system? lade den CCleaner standard: CCleaner Download - CCleaner 3.21.1767 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.07.2012, 16:50
| #12 |
| | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden Hallo markusg. diesmal muss ich mich entschuldigen - komme einfach zu nichts mehr. System läuft gut und wenn der Cleaner nur zum "aufräumen" ist, können wir uns den sparen. Mir ist bloß wichtig Trojaner und Viren frei zu sein. Offen gestanden weiß ich auch gar nicht so recht was ich nicht brauche. Auf jeden Fall vielen Dank für die schnelle und gründliche Hilfe  Gruß Marion |
|
02.08.2012, 17:20
| #13 |
| /// Malware-holic | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden es ist wichtig das auszuführen um lücken aufzuspüren um eine neuinfektion zu verhindern. du musst doch wissen welche programme du kennst, nicht kennst oder nicht benötigst...?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.08.2012, 19:06
| #14 |
| | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden Hallo markusg, bei Acer und Microsoft bin ich nicht sicher was ich wirklich brauche - unbekannt sind mir nur zwei Dinge. Nicht gekennzeichnetes ist schon immer drauf und selten genutzt. Die Apple Anwendungen sind von meiner Tochter - ich weiß daher nicht so genau... Ich hoffe ihr habt nicht all zu viele "Experten" wie mich... Noch mal vielen lieben Dank - das Board ist echt genial. Lieben Gruß Marion Acer Arcade Deluxe 1.0.3605a notwendig? Acer eDataSecurity Management HiTRUST Inc. 19.01.2007 28,4MB 2.5.3028 notwendig? Acer eLock Management Acer Inc. 18.01.2007 8,96MB 2.5.3006 notwendig? Acer Empowering Technology Acer Inc. 19.01.2007 2.5.3003 notwendig? Acer eNet Management Acer Inc. 19.01.2007 2.6.3002 notwendig? Acer ePower Management Acer Inc. 19.01.2007 2.5.3007 notwendig? Acer ePresentation Management Acer Inc. 19.01.2007 2.5.3003 notwendig? Acer eSettings Management Acer Inc. 19.01.2007 2.5.3003 notwendig? Acer GridVista 12.06.2007 1,28MB 2.61.102 notwendig? Acer Mobility Center Plug-In Acer Inc. 18.01.2007 5,55MB 1.0.3003 notwendig? Acer ScreenSaver Acer Inc. 12.06.2007 1.00.0000 notwendig? Acer Tour Acer Inc. 19.01.2007 1.1.3006 unnötig Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 19.01.2011 440MB 10.1.102.64 notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 17.08.2011 440MB 10.3.183.5 notwendig Adobe Illustrator 10 Adobe Systems, Inc. 28.04.2010 105MB 10 notwendig Adobe Reader 7.0 - Deutsch Adobe Systems Incorporated 25.12.2008 72,5MB 007.000.000 notwendig Adobe Shockwave Player Adobe Systems, Inc. 11.10.2007 10.2.0.23 notwendig Adobe SVG Viewer 3.0 Adobe Systems, Inc. 28.04.2010 4,30MB 3.0 notwendig Apple Application Support Apple Inc. 23.04.2011 50,9MB 1.5.1 notwendig Apple Mobile Device Support Apple Inc. 23.04.2011 21,7MB 3.4.0.25 notwendig? Apple Software Update Apple Inc. 03.03.2011 2,25MB 2.1.2.120 notwendig? Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program Atheros 10.03.2007 4,00KB 7.1 notwendig? Avira Free Antivirus Avira 10.07.2012 180MB 12.0.0.1125 notwendig Axel Juncker Wortschatztrainer 21.07.2012 unnötig Babylon toolbar on IE 06.07.2012 1,78MB notwendig BabylonObjectInstaller Babylon Ltd 06.07.2012 2,10MB 2.0.0.3 unnötig? Bewerbungsfoto-/Passbild-Generator v3.3a 06.01.2011 1,09MB notwendig Bonjour Apple Inc. 23.04.2011 1,10MB 2.0.5.0 unnötig? Broadcom Driver v4.102.15.63_Foxconn Installation Program Broadcom 11.03.2007 5.0 notwendig CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 19.03.2010 46,2MB 1.5.0.3 notwendig Canon Internet Library for ZoomBrowser EX Canon Inc. 19.03.2010 46,2MB 1.6.1.6 Canon RAW Image Task for ZoomBrowser EX Canon Inc. 19.03.2010 19,1MB 3.3.0.5 Canon Utilities CameraWindow Canon Inc. 19.03.2010 2,27MB 7.1.0.2 Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Inc. 19.03.2010 18,4MB 6.4.2.16 Canon Utilities Digital Photo Professional 3.4 Canon Inc. 19.03.2010 60,2MB 3.4.0.0 Canon Utilities EOS Utility Canon Inc. 19.03.2010 42,1MB 2.4.0.1 Canon Utilities MyCamera Canon Inc. 19.03.2010 15,5MB 6.4.0.5 Canon Utilities Original Data Security Tools Canon Inc. 19.03.2010 6,88MB 1.4.0.1 Canon Utilities PhotoStitch Canon Inc. 19.03.2010 6,14MB 3.1.21.45 Canon Utilities Picture Style Editor Canon Inc. 19.03.2010 61,7MB 1.3.0.0 Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Inc. 19.03.2010 16,2MB 1.7.1.9 Canon Utilities WFT-E1/E2/E3 Utility Canon Inc. 19.03.2010 2,27MB 3.2.1.1 Canon Utilities ZoomBrowser EX Canon Inc. 19.03.2010 46,2MB 6.1.1.21 Canon ZoomBrowser EX Memory Card Utility Canon Inc. 19.03.2010 19,7MB 1.1.0.8 CCleaner Piriform 24.07.2012 4,82MB 3.21 Deinstallation der Arcor Online Software Arcor AG & Co. KG 21.08.2007 6,10MB 5.0.0.6 Die Sims 2 Die Sims 2: Nightlife Die Sims™ 2 Gute Reise Electronic Arts Die Sims™ 2 Haustiere Die Sims™ 2 Vier Jahreszeiten DivX Web Player DivX,Inc. 1.4.0 DVDVideoSoftTB DE Toolbar DVDVideoSoftTB DE 15.07.2012 4,81MB 6.8.9.0 EOS USB WIA Driver Canon Inc. 19.03.2010 1,28MB 6.0.1.5 Firebird SQL Server - MAGIX Edition MAGIX AG 23.12.2007 6,73MB 2.0.0.20 Free YouTube to MP3 Converter version 3.11.26.706 DVDVideoSoft Ltd. 15.07.2012 15,2MB 3.11.26.706 GIMP 2.8.0 The GIMP Team 17.06.2012 224MB 2.8.0 Google Chrome Google Inc. 28.07.2012 189MB 20.0.1132.57 Google Desktop Google 07.07.2010 20,6MB 5.9.1005.12335 Google Earth Google 11.02.2008 66,5MB 4.2.205.5730 Google Toolbar for Internet Explorer Google Inc. 19.03.2012 9,69MB 7.3.2710.138 Google Updater Google Inc. 12.05.2009 3,59MB 2.4.1536.6592 HDAUDIO Soft Data Fax Modem with SmartCP 18.01.2007 1,01MB ICQ6 ICQ 15.09.2007 6.00.0000 IMinent Toolbar IMinent 16.06.2012 3,37MB 3.26.0 unbekannt Intel(R) PROSet/Wireless WiFi-Software Intel(R) Corporation 17.06.2012 78,4MB 12.02.0000 Italienisch - In 30 Tagen zum Erfolg 21.07.2012 unnötig iTunes Apple Inc. 23.04.2011 143MB 10.2.2.12 Java(TM) 7 Update 5 Oracle 17.07.2012 99,3MB 7.0.50 K-Lite Codec Pack 6.0.4 (Basic) 15.07.2012 14,6MB 6.0.4 Launch Manager 12.06.2007 2,06MB Lexware Elster Lexware GmbH & Co.KG 04.05.2012 38,9MB 7.73.00.0228 Lexware financial office 2009 Lexware GmbH & Co. KG 04.05.2012 528MB 13.00.00.0034 Lexware Info Service Lexware GmbH & Co. KG 04.05.2012 10,4MB 2.61.00.0033 LiveUpdate 3.2 (Symantec Corporation) Symantec Corporation 16.12.2010 19,4MB 3.2.0.68 unnötig? LiveUpdate Notice (Symantec Corporation) Symantec Corporation 21.01.2010 7,58MB 1.4.5 unnötig? loadtbs-2.1 16.06.2012 15,3MB unbekannt Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 11.08.2009 36,9MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.08.2009 36,9MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.06.2010 120MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.06.2010 24,5MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 15.07.2012 38,0MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 15.07.2012 7,50MB 4.0.30319 Microsoft GIF Animator 30.05.2010 1,48MB Microsoft Office 2000 Premium Microsoft Corporation 14.06.2007 116MB 9.00.2528 Microsoft Office Enterprise 2007 Microsoft Corporation 20.03.2012 691MB 12.0.6612.1000 Microsoft Office File Validation Add-In Microsoft Corporation 16.09.2011 7,95MB 14.0.5130.5003 Microsoft Office Live Add-in 1.5 Microsoft Corporation 17.06.2012 506KB 2.0.4024.1 Microsoft ReportViewer 2010 Redistributable Microsoft Corporation 01.06.2012 12,4MB 10.0.30319 Microsoft Security Essentials Microsoft Corporation 20.07.2012 19,2MB 4.0.1526.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 19.10.2008 1,74MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 30.07.2009 251KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 26.04.2012 2,68MB 8.0.56336 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 30.07.2009 199KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 19.04.2011 592KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 07.07.2011 233KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 03.05.2009 590KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.11.2010 589KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 594KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 18.10.2011 16,5MB 10.0.40219 MSXML 4.0 SP2 (KB927978) Microsoft Corporation 13.06.2007 1,23MB 4.20.9841.0 MSXML 4.0 SP2 (KB936181) Microsoft Corporation 16.08.2007 1,26MB 4.20.9848.0 MSXML 4.0 SP2 (KB941833) Microsoft Corporation 11.10.2007 1,26MB 4.20.9849.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.11.2008 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1,33MB 4.20.9876.0 Neopets Neopets, Inc. notwendig NTI Backup NOW! 4.7 NewTech Infosystems 19.01.2007 4 NTI CD & DVD-Maker NewTech Infosystems 18.01.2007 40,1MB 7 NVIDIA Drivers 10.03.2007 NVIDIA PhysX NVIDIA Corporation 08.04.2010 83,7MB 9.09.1112 OpenAL 08.04.2010 764KB PaperPort ScanSoft, Inc. 15.06.2007 52,0MB 9.02.0827 PDFCreator Frank Heindörfer, Philip Chinery 03.11.2008 30,8MB 0.9.6 PowerProducer unnötig project dogwaffle 03.12.2008 project dogwaffle (c:\) 03.12.2008 unnötig Qtpfsgui 1.9.3 Qtpfsgui Dev Team 06.06.2010 QuickTime Apple Inc. 03.03.2011 73,7MB 7.69.80.9 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 19.01.2007 6.0.1.5334 RENESIS® Player Browser Plugins examotion® GmbH 26.04.2012 1,83MB 1.1.1 unbekannt Shockwave 28.06.2009 SMSC Fast Infrared Driver SMSC 18.01.2007 132KB 1.00.0000 Softonic_Deutsch Toolbar 24.10.2009 9,23MB Synaptics Pointing Device Driver Synaptics 18.01.2007 12,7MB 9.0.3.0 TIPP10 Version 2.1.0 (c) 2006-2011, Tom Thielicke IT Solutions 17.06.2012 11,5MB WavePad Audiobearbeitungs-Software NCH Software 25.08.2011 5,03MB unnötig Windows Live Anmelde-Assistent Microsoft Corporation 06.03.2009 1,93MB 5.000.818.6 Windows Live Favorites für Windows Live Toolbar Microsoft Corporation 19.10.2008 1,80MB 03.01.0146 Windows Live Fotogalerie Microsoft Corporation 24.10.2008 20,6MB 12.0.1329.0201 Windows Live installer Microsoft Corporation 06.04.2008 1,70MB 12.0.1471.1025 Windows Live Toolbar Microsoft Corporation 19.10.2008 6,43MB 03.01.0146 Winload Toolbar 25.07.2012 12,8MB 6.8.5.1 Freeware Download - Free Software Downloads Toolbar Freeware Download - Free Software Downloads 21.04.2012 3,96MB 6.2.2.4 unnötig |
|
02.08.2012, 19:23
| #15 |
| /// Malware-holic | 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Axel Babylon : weg mit toolbars, sie sind ein risiko und können nutzerdaten dafür verwenden um zb geziehlt werbung zu machen BabylonObjectInstaller DVDVideoSoftTB : hier gilt das selbe! Google Toolbar IMinent PowerProducer Softonic_Deutsch Toolbar Windows Live Toolbar Winload Freeware Download - Free Software Downloads Toolbar öffne ccleaner, analysieren starten öffne otl, cleanup, pc startet neu testen wie er läuft. und, noch mal, keine toolbars!
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden |
| administrator, adware.smartshopper, anti-malware, autostart, bericht, browser, dateien, explorer, folge, folgen bka troyaner, free, gelöscht, helper, heuristiks/extra, heuristiks/shuriken, infizierte, internet, microsoft, quarantäne, seite, service, service pack 2, software, speicher, trojan.bho, trojaner, version, vista |
Linear-Darstellung
