Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Dieses Programm kann Webseite nicht anzeigen

Dieses Programm kann Webseite nicht anzeigen


Log-Analyse und Auswertung: Dieses Programm kann Webseite nicht anzeigen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.08.2012, 03:51   #1
marcor1980
 
Dieses Programm kann Webseite nicht anzeigen - Standard

Dieses Programm kann Webseite nicht anzeigen


Hallo zusammen,

ich habe folgendes Problem:

Ich habe mir heute einen Trojaner bzw. Virus eingefangen.

Zuerst wurde mein PC im laufenden Betrieb gesperrt und mein Bildschirm zeigte nur eine Seite der Bundespolizei an mit dem Hinweis, dass mein PC gesperrt ist, da ich verboten Seiten besucht habe.
Ich sollte 100 € via "ukash" bezahlen, was ich natürlich nicht gemacht habe.
Nach einer Bezahlung sollte mein PC wieder entschlüsselt werden.

Ich habe anschließend den "Kaspersky Windows Unlocker" downgeloaded und mir eine Boot-CD erstellt. (diesen Hinweis habe ich von einem Forum von Chip.de erhalten)

Nachdem ich mit dieser Boot-CD gestartet bin und den "Kaspersky Windows Unlocker" durchgeführt habe, kam der Bildschirm der Bundespolizei nicht mehr

Aber nun ging gleich nach dem Neustart ein Fenster auf mit dem Hinweis: "Dieses Programm kann Webseite nicht anzeigen" ...

Nach diesem neuen Problem gegoogelt, bin ich auf euer Forum gestoßen und erhoffe mir hierdurch Hilfe.
Ich habe auch schon den " Malwarebytes Anti-Malware " downgeloaded und einen vollständigen Scan durchgeführt.

Hier nun meine Logdatei:







Kann mir jemand einen Hinweis geben, wie nun weiter vorzugehen ist, um meinen PC wieder sauber zu bekommen?

Ich bin um jeden Hinweis dankbar.

Gruß Marco

Nachfolgend noch die Logdatei eines vollständigen Suchlaufs:


Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.10.01

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6002.18005
Marco :: MARCO-PC [Administrator]

Schutz: Deaktiviert

10.08.2012 05:04:37
mbam-log-2012-08-10 (06-09-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 414954
Laufzeit: 59 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 37
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt.
HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Keine Aktion durchgeführt.
HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Keine Aktion durchgeführt.
HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rtjfxwbdtnlajog (Trojan.Winlock.P) -> Daten: C:\ProgramData\rtjfxwbd.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Daten: 215 Apps -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files\I Want This (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Users\Marco\AppData\Local\I Want This (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Users\Marco\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Keine Aktion durchgeführt.

Infizierte Dateien: 17
C:\ProgramData\rtjfxwbd.exe (Trojan.Winlock.P) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Users\Marco\ms.exe (Trojan.Winlock.P) -> Keine Aktion durchgeführt.
C:\Users\Marco\AppData\Local\Temp\is1293846689\IWantThisAD_ROW.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want This.ini (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\fb.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want This.ico (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\jquery.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\json.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Users\Marco\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want This.dll (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

(Ende)

Ich habe auch eben mit OTL ein Scan durchgeführt.

Anbei die beiden .TXT-Dateien:

Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.08.2012 06:37:13 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Marco\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,57% Memory free
6,23 Gb Paging File | 5,23 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 310,58 Gb Free Space | 69,67% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,50 Gb Free Space | 47,52% Space Free | Partition Type: FAT32
 
Computer Name: MARCO-PC | User Name: Marco | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08185A7D-586C-4DBC-9BE4-7D700ACC4BDA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{09A0479D-6FEC-44EC-AE35-A11F3555DF76}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery | 
"{0A262E99-4947-4759-BD7B-911463933BAC}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{0DF471D0-95A8-4AD6-9EB1-B8FA47B6A334}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0EEDC8E6-25D2-446C-8E6A-128F78DE6FC0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{165234FE-9EA7-4CA2-A08A-B07389FE6CAE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2460708F-5CAD-48BD-AE9A-35F346B2DBBE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3102E2EC-C40A-4E3B-A8D2-16F710A5F14E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{331110EF-6112-4711-925E-425C46AC7E42}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4970F7CC-F8C9-471E-A3D3-3F1A03BBEAEF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{55CDE7DE-4CA2-404C-8370-9FA043FFAF0F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{65A96917-5F2D-44B0-A152-7BBDBDFB4725}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6600EB45-62E3-4F95-8D5C-7A94C9FEB7AE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{769EEBF4-D87F-40D9-AB62-F6416984AC0B}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery | 
"{90CCD5E8-DA97-4A95-A741-FDDA148DBD29}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B09161D9-2603-4AF6-B8A1-2B17C48836EC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C220F7FB-03EB-43A5-964A-B46DDD68CC62}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C42066E9-BD30-49D1-BCDD-00ECB091E7C1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C491C2EE-D7C6-4EDA-A607-807C2F45947F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C511CAA2-E919-461A-AC75-0C2C615D7D54}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C7D59A78-2548-4E07-8BB2-1B317BBCB244}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CC5312BC-AE12-4128-8FE2-4D8956734D17}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D369E3E7-CBF8-4156-B578-357240114372}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D99C0E5C-6FCA-49B4-A67F-9FC06C521857}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D9D457FB-1DFE-459D-A65E-E88728B2423A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EF1F110E-34C2-4A5D-B7EB-2CAA7C765799}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F6D57ABB-87C1-41C1-8124-01CB89DA7BEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F9292E6D-D036-4399-AA7F-6289BD0696E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A0AE7E-F2EB-42C8-9D13-DC2C76618033}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{13AD2E8B-1AD6-47CD-975D-FB6A7EF6B8B1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{1DCEA844-D992-4FE2-8312-8540CE4D2A9A}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{25C17431-E657-4DE1-9F6D-7FE040177985}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2B44AA27-E83A-4676-B5DC-6A0EB4180090}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2D9C4EB6-E293-40E0-B110-92D7C7B29919}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3370C3A2-A23A-4FEA-9D69-0200C24A2971}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{4476559C-A05F-42CF-BDC8-E6D7F9F44CD0}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{50351DA1-3E0E-402A-BAC5-40F66ABE81D1}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{528773B3-F9C5-42B3-B101-E0447E3CD334}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{564A544D-46DF-4243-8119-A78FC558CB14}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{64DCE4E0-BE06-4BB5-8602-7760B09F65F3}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{66B7A9A3-00BD-4648-9971-3C5984DB850C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6BEC0D4C-61EF-44C4-9A57-4E569F4BA5E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7D3CF706-04B0-4A39-84FC-3B34E4017780}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{9049EE37-C452-48D4-83A7-EE61CB57A8A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9B3530A5-683A-421A-A3C7-F67F3402E6B3}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{A5DBEF80-9F91-48E1-8C1A-56E48A5C0AD3}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
"{BB79AFEC-D995-495B-BB10-F0AB174FF109}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{CD09248C-9BFE-4662-B328-A71139BCEF61}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D383F04C-5757-4FE6-90E7-B48D22CB8919}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{FAE57EDA-E71F-4905-976F-FF8091FB39CD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{FF75AA81-46D7-40DC-9882-96A25F85D834}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"TCP Query User{1AC73AB8-9A8B-46D6-BBAE-3F95AB791D97}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{42CE7C28-60C1-4ABA-A410-A4437D1F4856}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{4781A004-0632-41EB-9CCD-EEE0D73993AB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{B1D33FD1-AC2E-49CF-803C-F0B50FE97D56}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{BBF69005-0008-44A1-89E2-311673301D1A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{DDA80566-D27E-4CB3-9D8C-DD7B24267FB5}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe | 
"UDP Query User{0D6AFE02-453C-4E47-8DC0-CD4B372ED5E8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{2F19E577-8DEF-4779-B99D-87A20CAF478A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{9F992E41-8FEE-4C3C-885A-49AF559089AF}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe | 
"UDP Query User{C2FE16F0-D801-41B5-89EA-1E962C9A11D8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{D298BA4E-8D52-4937-8341-2F1B8527E954}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{FF126A8F-539A-4581-9221-ABD81E32280E}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"3D Mühle_is1" = 3D Mühle 2.02
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced PC Tweaker_is1" = Advanced PC Tweaker v4.2
"ALDI Foto Manager Free Sued D" = ALDI Foto Manager Free Sued
"ALDI Online Druck Service (Sued)" = ALDI Online Druck Service (Sued)
"ALDI Sued Foto Service D" = ALDI Sued Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender
"ElsterFormular für Privatanwender und Unternehmer 11.5.3.5585" = ElsterFormular für Privatanwender und Unternehmer
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"I Want This" = I Want This
"ICQToolbar" = ICQ Toolbar
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars.net" = PokerStars.net
"PROSetDX" = Intel(R) PRO Network Connections 12.2.41.0
"Uninstall_is1" = Uninstall 1.0.0.1
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Uncompressor" = Uncompressor
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.01.2011 14:08:51 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 24.01.2011 19:32:04 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 24.01.2011 19:32:12 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 24.01.2011 19:32:12 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.01.2011 19:27:39 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.01.2011 19:27:59 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.01.2011 19:27:59 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.01.2011 19:25:21 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.01.2011 19:25:34 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.01.2011 19:25:34 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 09.08.2012 21:49:57 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.08.2012 21:49:57 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.08.2012 21:49:57 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.08.2012 22:19:17 | Computer Name = Marco-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.08.2012 22:19:24 | Computer Name = Marco-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.08.2012 22:19:26 | Computer Name = Marco-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.08.2012 22:19:27 | Computer Name = Marco-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.08.2012 22:19:29 | Computer Name = Marco-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 09.08.2012 22:20:39 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.08.2012 22:20:39 | Computer Name = Marco-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
--- --- ---



OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.08.2012 06:37:13 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Marco\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,57% Memory free
6,23 Gb Paging File | 5,23 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 310,58 Gb Free Space | 69,67% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,50 Gb Free Space | 47,52% Space Free | Partition Type: FAT32
 
Computer Name: MARCO-PC | User Name: Marco | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marco\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (GoogleDesktopManager) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TVECapSvc) -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (AlertService) -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (QualityManager) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel(R) Corporation)
SRV - (Remote UI Service) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (DHTRACE) -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel(R) Corporation)
SRV - (ISSM) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
SRV - (NMSCore) -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
SRV - (M1 Server) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (DQLWinService) -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109986&tt=050412_30b&babsrc=SP_ss&mntrId=94bc888d0000000000000015af729a12
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=f39d74c0-4a11-488f-8f2a-fa9ef09ec408&apn_sauid=F6518FD7-B55C-44B2-81A0-4D62CBBB84A6
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.01 21:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 18:24:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.01 21:02:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 18:24:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.01 21:02:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
[2008.10.17 19:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions
[2012.08.09 18:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5azl9574.default\extensions
[2012.07.26 22:26:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5azl9574.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.29 23:37:45 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5azl9574.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.13 23:59:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5azl9574.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.31 19:14:44 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5azl9574.default\extensions\crossriderapp2258@crossrider.com
[2012.04.07 15:08:26 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5azl9574.default\extensions\ffxtlbr@babylon.com
[2012.08.09 18:43:10 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5azl9574.default\extensions\toolbar@ask.com
[2012.03.20 20:25:07 | 000,000,853 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\11-suche.xml
[2012.08.09 18:43:11 | 000,002,413 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\askcom.xml
[2010.09.13 23:59:25 | 000,000,881 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\conduit.xml
[2012.03.20 20:25:07 | 000,002,226 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\englische-ergebnisse.xml
[2012.03.20 20:25:07 | 000,010,506 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\gmx-suche.xml
[2012.08.08 00:55:16 | 000,000,950 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\icqplugin-1.xml
[2012.04.07 13:45:42 | 000,000,950 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\icqplugin-2.xml
[2012.04.07 15:08:29 | 000,000,950 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\icqplugin-3.xml
[2012.06.17 19:40:21 | 000,000,950 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\icqplugin-4.xml
[2012.06.20 23:02:48 | 000,000,950 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\icqplugin-5.xml
[2012.06.21 22:11:11 | 000,000,950 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\icqplugin-6.xml
[2012.08.09 18:42:50 | 000,000,950 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\icqplugin-7.xml
[2011.11.26 00:49:27 | 000,000,944 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\icqplugin.xml
[2012.03.20 20:25:07 | 000,002,457 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\lastminute.xml
[2012.03.20 20:25:07 | 000,005,500 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\webde-suche.xml
[2011.07.11 23:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.11.05 23:20:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.03.20 20:25:05 | 000,577,982 | ---- | M] () (No name found) -- C:\USERS\MARCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5AZL9574.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.07.19 18:24:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.07 13:45:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.07 15:07:44 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.04.07 13:45:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.07 13:45:14 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.07 13:45:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.07 13:45:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.07 13:45:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: Babylon Search
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Babylon Search
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: QuickTime Plug-in 7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Avira Toolbar = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: I Want This = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.19.65_0\crossrider
CHR - Extension: I Want This = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.19.65_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Programme\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent File not found
O4 - HKCU..\Run: [rtjfxwbdtnlajog] C:\ProgramData\rtjfxwbd.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: elster.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: elsteronline.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7160123E-C3FF-4B03-A630-63613E275584}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4409347-01F5-42E6-8DC8-3018F90A800E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.10 06:35:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe
[2012.08.10 04:24:19 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.10 04:24:19 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\Malwarebytes
[2012.08.10 04:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.10 04:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.10 04:24:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.10 04:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.10 04:23:45 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Marco\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.09 23:38:19 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.08.09 19:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\kgdhpbjvtasbuyj
[2012.08.09 18:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.09 18:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.08.09 18:39:46 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\APN
[2011.07.11 23:16:26 | 013,523,912 | ---- | C] (Mozilla) -- C:\Users\Marco\Firefox Setup 5.0.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.10 06:35:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe
[2012.08.10 05:04:24 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.08.10 04:25:12 | 000,627,462 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.10 04:25:12 | 000,594,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.10 04:25:12 | 000,126,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.10 04:25:12 | 000,104,330 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.10 04:24:13 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.10 04:23:27 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Marco\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.10 04:19:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.10 04:03:10 | 000,008,268 | ---- | M] () -- C:\Users\Marco\AppData\Local\d3d9caps.dat
[2012.08.10 04:02:59 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012.08.10 04:02:59 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2012.08.10 03:46:22 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.10 03:46:22 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.10 03:35:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.10 03:34:45 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.10 03:30:28 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C3BCF4C7-35A0-46F4-92CF-9E2C60EA1F93}.job
[2012.08.10 03:29:55 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.09 19:09:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.09 19:02:51 | 000,000,051 | ---- | M] () -- C:\ProgramData\pkzymirgljhofdn
[2012.08.09 19:02:45 | 000,061,440 | ---- | M] () -- C:\ProgramData\rtjfxwbd.exe
[2012.08.09 19:02:45 | 000,061,440 | ---- | M] () -- C:\Users\Marco\ms.exe
[2012.08.09 18:42:45 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.04 19:08:31 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.04 19:08:31 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.22 10:35:38 | 000,010,950 | ---- | M] () -- C:\Users\Marco\Desktop\Busfahrten 2012-2013.pdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.10 04:24:13 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.10 04:02:59 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2012.08.10 04:02:59 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2012.08.09 19:02:51 | 000,061,440 | ---- | C] () -- C:\ProgramData\rtjfxwbd.exe
[2012.08.09 19:02:46 | 000,000,051 | ---- | C] () -- C:\ProgramData\pkzymirgljhofdn
[2012.08.09 19:02:45 | 000,061,440 | ---- | C] () -- C:\Users\Marco\ms.exe
[2012.07.22 10:35:38 | 000,010,950 | ---- | C] () -- C:\Users\Marco\Desktop\Busfahrten 2012-2013.pdf
[2012.06.04 19:12:13 | 000,002,625 | ---- | C] () -- C:\Users\Marco\ESt2011.elfo
[2011.08.29 12:46:10 | 000,057,406 | ---- | C] () -- C:\Users\Marco\Übertragungsprotokoll_ESt2010_Rautenberg_Marco.pdf
[2011.08.28 18:58:38 | 000,094,248 | ---- | C] () -- C:\Users\Marco\ESt2010_Rautenberg_Marco.elfo
[2011.08.09 18:22:35 | 000,320,327 | ---- | C] () -- C:\Users\Marco\Rechnung Reise Tunesien.pdf
[2010.12.28 16:57:56 | 000,010,060 | ---- | C] () -- C:\Users\Marco\ESt2009 Rautenberg Marco.elfo
[2010.05.18 15:45:44 | 025,478,952 | ---- | C] () -- C:\Users\Marco\A380_Special_LH_Magazin.pdf
[2009.06.06 12:18:43 | 000,010,231 | ---- | C] () -- C:\Users\Marco\MarcoRautenberg_Marco_elster_2048.pfx
[2008.11.06 22:43:58 | 000,012,800 | ---- | C] () -- C:\Users\Marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.06 19:46:27 | 000,054,634 | ---- | C] () -- C:\Users\Marco\Bestellbestaetigung_O2.pdf
[2008.04.30 19:17:55 | 000,008,268 | ---- | C] () -- C:\Users\Marco\AppData\Local\d3d9caps.dat
[2008.04.25 17:48:14 | 000,000,093 | ---- | C] () -- C:\Users\Marco\AppData\Local\fusioncache.dat

< End of report >
--- --- ---
Geändert von marcor1980 (10.08.2012 um 04:15 Uhr)

Alt 14.08.2012, 06:17   #2
t'john
/// Helfer-Team
 
Dieses Programm kann Webseite nicht anzeigen - Standard

Dieses Programm kann Webseite nicht anzeigen




Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) 
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) 
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109986&tt=050412_30b&babsrc=SP_ss&mntrId=94bc888d0000000000000015af729a12 
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=f39d74c0-4a11-488f-8f2a-fa9ef09ec408&apn_sauid=F6518FD7-B55C-44B2-81A0-4D62CBBB84A6 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" 
FF - prefs.js..browser.search.defaultthis.engineName: "Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot" 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" 
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
CHR - homepage: Babylon Search 
CHR - default_search_provider: Search the web (Babylon) (Enabled) 
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm 
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) 
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) 
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) 
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKCU..\Run: [rtjfxwbdtnlajog] C:\ProgramData\rtjfxwbd.exe () 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found 
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found 
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7160123E-C3FF-4B03-A630-63613E275584}: DhcpNameServer = 192.168.2.1 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
[2012.08.09 19:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\kgdhpbjvtasbuyj 
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] 
[2012.08.09 19:02:51 | 000,000,051 | ---- | M] () -- C:\ProgramData\pkzymirgljhofdn 
[2012.08.09 19:02:45 | 000,061,440 | ---- | M] () -- C:\ProgramData\rtjfxwbd.exe 
[2012.08.09 19:02:45 | 000,061,440 | ---- | M] () -- C:\Users\Marco\ms.exe 
[2012.08.09 18:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com 
[2012.08.09 18:42:45 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk 
[2011.11.26 00:49:27 | 000,000,944 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\5azl9574.default\searchplugins\icqplugin.xml 
[2012.08.10 03:35:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.10 03:30:28 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C3BCF4C7-35A0-46F4-92CF-9E2C60EA1F93}.job 
[2012.08.10 03:29:55 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.09 19:09:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________
Alt 27.09.2012, 19:36   #3
t'john
/// Helfer-Team
 
Dieses Programm kann Webseite nicht anzeigen - Standard

Dieses Programm kann Webseite nicht anzeigen


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
__________________
Antwort

Themen zu Dieses Programm kann Webseite nicht anzeigen
administrator, anzeige, autostart, avira searchfree toolbar, babylon toolbar, babylontoolbar, bestellbestaetigung, bildschirm, boot-cd, browser, chip.de, conduit, dateien, dieses programm kann webseite nicht anzeigen, explorer, gesperrt, google, helper, icq, install.exe, intranet, kaspersky, locker, malwarebytes, microsoft, neue, neustart, plug-in, problem, programm, search the web, seiten, software, temp, trojan.winlock.p, trojaner, virus, vista, windows


« UpgradeChecker.exe etc. im Autostart | Bundespolizei-Trojaner Ukash »


Ähnliche Themen: Dieses Programm kann Webseite nicht anzeigen


  1. Dieses Programm kann die Webseite nicht anzeigen
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (4)
  2. dieses programm kann die webseite nicht anzeigen
    Log-Analyse und Auswertung - 12.12.2012 (2)
  3. Dieses Programm kann die Webseite nicht anzeigen.
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (15)
  4. dieses programm kann die webseite nicht anzeigen
    Log-Analyse und Auswertung - 17.10.2012 (6)
  5. Dieses Programm kann die Webseite nicht anzeigen.
    Plagegeister aller Art und deren Bekämpfung - 16.10.2012 (15)
  6. Dieses Programm kann die Webseite nicht anzeigen. Windows XP
    Log-Analyse und Auswertung - 05.10.2012 (11)
  7. Bildschirm: Dieses Programm kann die Webseite nicht anzeigen
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (3)
  8. Dieses Programm kann die Webseite nicht anzeigen - Win 7, 32 Bit
    Log-Analyse und Auswertung - 02.10.2012 (3)
  9. Dieses Programm kann die Webseite nicht anzeigen - Win 7 64 bit
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (8)
  10. Dieses Programm kann die Webseite nicht anzeigen
    Log-Analyse und Auswertung - 29.09.2012 (32)
  11. Dieses Programm kann die Webseite nicht anzeigen - Win 7 32 bit
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (7)
  12. Dieses Programm kann die Webseite nicht anzeigen Windows XP
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (16)
  13. Dieses Programm kann die Webseite nicht anzeigen.
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (15)
  14. Dieses Programm kann die Webseite nicht anzeigen - Problem
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  15. Dieses Programm kann die Webseite nicht anzeigen//Win 7
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (1)
  16. Dieses Programm kann die Webseite nicht anzeigen.
    Log-Analyse und Auswertung - 30.04.2012 (1)
  17. Dieses Programm kann die Webseite nicht anzeigen.
    Log-Analyse und Auswertung - 21.03.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Dieses Programm kann Webseite nicht anzeigen - Hallo zusammen, ich habe folgendes Problem: Ich habe mir heute einen Trojaner bzw. Virus eingefangen. Zuerst wurde mein PC im laufenden Betrieb gesperrt und mein Bildschirm zeigte nur eine Seite - Dieses Programm kann Webseite nicht anzeigen...
Archiv
Du betrachtest: Dieses Programm kann Webseite nicht anzeigen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55