Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Log-Analyse und Auswertung: Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 14.08.2012, 17:48   #1
tantan
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Frage

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Hallo,
ich habe etwas von softronic.com heruntergeladen und installiert und na ja, jetzt muss ich um Hilfe bitten.
Das Problem: wenn ich den Browser (Mozilla) öffne muss ich seeeeeeeeehr lange warten bis sich einen neuen Tab öffnet. Bis dahin ist den Browser komplett blockiert.
Ich bekomme folgende Nachricht:
"Ein Skript auf dieser Seite ist eventuell beschäftigt oder es antwortet nicht mehr. Sie können das Skript jetzt stoppen oder fortsetzen, um zu sehen, ob das Skript fertig wird."
Egal, ob ich "Skript stoppen" oder "weiterlaufen" anklicke,
den Browser ist blockiert so lange wie den Skript das möchte.
Irgendwann bekomme ich einen neuen Tab mit incredibar … ( irgendwas ) und dann kann ich meine Recherchen weiter durchführen.
Aber wenn ich in einem geöffneten Tab eine neue Seite eintippe, dann kann ich problemlos (also ohne Warten) mein Ziel erreichen. Schnell öffnet sich auch neuen Tab/Fenster in dem ich die Option „in neuen Tab/Fenster öffnen“ einklicke. Manchmal (selten) zeigt sich jedoch die Nachricht von oben mit der entsprechenden Blockade, beim schon geöffneten Fenster.
Zudem - der Laptop ist die ganze Zeit irgendwie selbst am Arbeiten. Die Lüfter hören kaum auf sich stark zu drehen.
Nun bis jetzt, nachdem ich euch gefunden habe, bin so wie Sie es beschrieben haben vorgegangen:
1. Den Malwarebytes heruntergeladen und installiert
2. Dann den Scan durchlaufen gelassen
3. Es wurden 2 infizierte Objekte gefunden
4. Ich sehe keinen Bericht, den ich kopieren kann.(?)

Ansonsten habe ich Avira, die nichts gesehen hat. Ich benutze Win XP.

Danke schön!
Liebe Grüße

Alt 17.08.2012, 16:10   #2
t'john
/// Helfer-Team
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Standard

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)




1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 22.08.2012, 18:39   #3
tantan
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Pfeil

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Hallo,

als Erstens bedanke mich für Ihre Antwort.

Nun ich habe noch einmal die Scan mit dem Malawarebytes durchgeführt. Diesmal zeigte mir dass ich keine infizierte Objekte habe. Wobei beim ersten Scan hatte zwei böseartigen Objekte gefunden, die ich damals nicht gelöscht habe und auch nicht in die Quarantäne verschoben habe.

Die alte Ergebnisse sind:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.14.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: YOUR-8E8F8D6E2D [Administrator]

Schutz: Aktiviert

14.08.2012 16:50:32
mbam-log-2012-08-14 (19-50-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349101
Laufzeit: 1 Stunde(n), 49 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Program Files\SoftonicDownloader_for_winx-dvd-player.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Program Files\SoftonicDownloader_fuer_avs-media-player.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.

(Ende)

Die Ergebnisse vom heute, nach die Aktualisierung:


Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.22.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: YOUR-8E8F8D6E2D [Administrator]

Schutz: Aktiviert

22.08.2012 10:02:16
mbam-log-2012-08-22 (10-02-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 348873
Laufzeit: 2 Stunde(n), 45 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Die Ergebnisse vom OTL-Extras.Txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.08.2012 18:28:16 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Program Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,18 Gb Available Physical Memory | 9,72% Memory free
3,72 Gb Paging File | 1,34 Gb Available in Paging File | 35,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 186,26 Gb Free Space | 79,98% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-8E8F8D6E2D | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D0C2B1-866E-44B3-96F7-15D86D72E05B}" = PC Information Popup
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{128E898B-69B7-4E0F-8F89-A95678725DA1}" = PC Information Viewer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.467
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator LJB
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6B9C3E2C-2908-46CA-8E5F-37F398EAA367}" = Optical Disc Drive Letter-Setting Utility
"{6C09C770-3FC9-4103-85B4-470FC78E43EB}" = Economy Mode(ECO) Setting Utility
"{6DAA0AF0-3B51-4EE0-83CC-47A3582DFA51}" = Loupe Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E340C-07FF-4764-BD2A-A5F4AA680F8B}" = Ipsos Panel Plus
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{745CBEF4-9AF4-42BD-9C97-2A6B66BF55EA}" = Optical Disc Drive Power-Saving Utility
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.8.0
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8877DCCF-7796-48A6-B682-DF7D4BF6CA02}" = Power Saving Utility
"{8EA0C5C4-4016-4D26-9562-244B473D7EE1}" = Touch Pad Utility
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93994589-6A13-49BE-8AF6-12AAC9A28529}" = Icon Enlarger
"{943622A3-F5E9-464F-A025-90D02F3B8ACE}" = Hotkey Appendix
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{99733131-7B00-4E5C-8991-113CD61D8E2F}" = Panasonic Common Components
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C86387B5-B8A8-46FC-9D00-3693A1E5E448}" = Fan Control Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD5C2205-7BAD-4B87-BF9A-2BAC626B29C8}" = Battery Recalibration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D7ADFB4C-9794-472F-9C1B-432C10DCBA92}" = Intel(R) PROSet/Wireless WiFi Software
"{DEBACE7E-5DD1-42DB-AFE7-2B60E7CC80A8}" = Microsoft GB18030 Support Package
"{DEEFA812-64A6-4083-BB38-87F68B6BA820}" = Hotkey Settings
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator LJB
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FD95D9B1-CD01-4240-BE5F-A2CA21B553BC}" = Wireless Switch Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Media Player_is1" = AVS Media Player 4.1.6.80
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BetterAds" = BetterAds
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_10F70000" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"IIF2Installer" = Intel(R) Dynamic Power Performance Management
"incredibar" = Incredibar Toolbar  on IE
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD
"InstallShield_{99733131-7B00-4E5C-8991-113CD61D8E2F}" = Panasonic Common Components
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ProInst" = Intel PROSet Wireless
"Softonic" = Softonic toolbar  on IE
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinX DVD Player_is1" = WinX DVD Player 3.1.3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.08.2012 18:02:34 | Computer Name = YOUR-8E8F8D6E2D | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module unknown, version 0.0.0.0, fault address 0x043979c0.
 
Error - 08.08.2012 18:02:58 | Computer Name = YOUR-8E8F8D6E2D | Source = Application Error | ID = 1001
Description = Fault bucket 348391658.
 
Error - 16.08.2012 01:00:50 | Computer Name = YOUR-8E8F8D6E2D | Source = Application Hang | ID = 1002
Description = Hanging application dpLanguageTraining.exe, version 12.0.0.55, hang
 module hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 16.08.2012 01:26:26 | Computer Name = YOUR-8E8F8D6E2D | Source = DCOM | ID = 10016
Description = The Computerstandard permission settings do not grant Lokal Aktivierung
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

 to the user NT-AUTORITÄT\NETZWERKDIENST SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 17.08.2012 06:14:59 | Computer Name = YOUR-8E8F8D6E2D | Source = DCOM | ID = 10016
Description = The Computerstandard permission settings do not grant Lokal Aktivierung
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

 to the user NT-AUTORITÄT\NETZWERKDIENST SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 17.08.2012 06:15:00 | Computer Name = YOUR-8E8F8D6E2D | Source = DCOM | ID = 10016
Description = The Computerstandard permission settings do not grant Lokal Aktivierung
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

 to the user NT-AUTORITÄT\NETZWERKDIENST SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 17.08.2012 06:15:00 | Computer Name = YOUR-8E8F8D6E2D | Source = DCOM | ID = 10016
Description = The Computerstandard permission settings do not grant Lokal Aktivierung
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

 to the user NT-AUTORITÄT\NETZWERKDIENST SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 19.08.2012 23:09:15 | Computer Name = YOUR-8E8F8D6E2D | Source = DCOM | ID = 10016
Description = The Computerstandard permission settings do not grant Lokal Aktivierung
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

 to the user NT-AUTORITÄT\NETZWERKDIENST SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 19.08.2012 23:09:16 | Computer Name = YOUR-8E8F8D6E2D | Source = DCOM | ID = 10016
Description = The Computerstandard permission settings do not grant Lokal Aktivierung
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

 to the user NT-AUTORITÄT\NETZWERKDIENST SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 19.08.2012 23:09:16 | Computer Name = YOUR-8E8F8D6E2D | Source = DCOM | ID = 10016
Description = The Computerstandard permission settings do not grant Lokal Aktivierung
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

 to the user NT-AUTORITÄT\NETZWERKDIENST SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 22.08.2012 03:57:43 | Computer Name = YOUR-8E8F8D6E2D | Source = DCOM | ID = 10016
Description = The Computerstandard permission settings do not grant Lokal Aktivierung
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

 to the user NT-AUTORITÄT\NETZWERKDIENST SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 22.08.2012 03:57:44 | Computer Name = YOUR-8E8F8D6E2D | Source = DCOM | ID = 10016
Description = The Computerstandard permission settings do not grant Lokal Aktivierung
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

 to the user NT-AUTORITÄT\NETZWERKDIENST SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
Error - 22.08.2012 03:57:44 | Computer Name = YOUR-8E8F8D6E2D | Source = DCOM | ID = 10016
Description = The Computerstandard permission settings do not grant Lokal Aktivierung
 permission for the COM Server application with CLSID   {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

 to the user NT-AUTORITÄT\NETZWERKDIENST SID (S-1-5-20).  This security permission
 can be modified using the Component Services administrative tool.
 
 
< End of report >
--- --- ---

Die Ergebnise vom OTL.Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.08.2012 18:28:16 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Program Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,18 Gb Available Physical Memory | 9,72% Memory free
3,72 Gb Paging File | 1,34 Gb Available in Paging File | 35,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 186,26 Gb Free Space | 79,98% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-8E8F8D6E2D | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Documents and Settings\Administrator\Local Settings\Application Data\Ipsos Panel Plus\service\IpsosPanelPlusService.exe (Ipsos)
PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe (Panasonic Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Panasonic\PPopup\ppopup.exe (Panasonic Corporation)
PRC - C:\Program Files\Panasonic\WSwitch\WSwitch.exe (Panasonic Corporation)
PRC - C:\Program Files\Panasonic\WheelPad\TouchPad.exe (Panasonic Corporation)
PRC - C:\Program Files\Panasonic\pcinfo\PcInfoPi.exe (Panasonic Corporation)
PRC - C:\Program Files\Panasonic\CHGBMODE\ChgBmode.exe (Panasonic Corporation)
PRC - C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe (Panasonic Corporation)
PRC - C:\Program Files\Panasonic\OPDOFF\opdoff.exe (Panasonic Corporation)
PRC - C:\Program Files\Panasonic\Hotkey Appendix\hkeyapp.exe (Panasonic Corporation)
PRC - C:\WINDOWS\system32\etmservice.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Panasonic Corporation)
PRC - C:\WINDOWS\system32\RAMAsst.exe (Panasonic Corporation)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
PRC - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU ()
MOD - C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU ()
MOD - C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU ()
MOD - C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.DEU ()
MOD - C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.DEU ()
MOD - C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.DEU ()
MOD - C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu ()
MOD - C:\Documents and Settings\Administrator\Local Settings\Application Data\Ipsos Panel Plus\service\TrotiNet.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Adobe\Reader 10.0\Reader\Locale\de_DE\BRdlang32.DEU ()
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll ()
MOD - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Intel\WiFi\bin\iWMSProv.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (PcInfoSV) -- C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe (Panasonic Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (PcInfoPi) -- C:\Program Files\Panasonic\pcinfo\PcInfoPi.exe (Panasonic Corporation)
SRV - (OPDOFFSV) -- C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe (Panasonic Corporation)
SRV - (ETMService) -- C:\WINDOWS\system32\etmservice.exe (Intel Corporation)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Panasonic Corporation)
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (IviRegMgr) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HOTKEY) -- C:\WINDOWS\system32\drivers\hotkey.sys (Panasonic Corporation)
DRV - (NewMisc) -- C:\WINDOWS\system32\drivers\newmisc.sys (Panasonic Corporation)
DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (EtmFan) -- C:\WINDOWS\system32\drivers\EtmDevFan.sys (Intel Corporation)
DRV - (EtmDevGen) -- C:\WINDOWS\system32\drivers\EtmDevGen.sys (Intel Corporation)
DRV - (EtmGmchMem) -- C:\WINDOWS\system32\drivers\EtmDevGmch.sys (Intel Corporation)
DRV - (EtmCpu) -- C:\WINDOWS\system32\drivers\EtmDevCpu.sys (Intel Corporation)
DRV - (EtmDrvMgr) -- C:\WINDOWS\system32\drivers\EtmDrvMgr.sys (Intel Corporation)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Panasonic Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (IntcHdmiAddService) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (e1yexpress) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://panasonic.net/pavc/toughbook/site_info/global_link.html
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://panasonic.net/pavc/toughbook/site_info/global_link.html
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://panasonic.net/pavc/toughbook/site_info/global_link.html
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://panasonic.net/pavc/toughbook/site_info/global_link.html
 
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/?q=
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\SearchScopes\{27E9840D-D155-4819-BE9F-B4FD3FB68DF6}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=8339196b-be42-45c2-8c47-5433901c43c1&apn_sauid=5A593852-3EED-4F3C-8A4A-9415D441B183
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\SearchScopes\{B0C4CFAA-90B7-4E4D-92F4-61FFC22D746A}: "URL" = hxxp://search.softonic.com/INF1205T01/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=390
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyKoS8qxA&i=26
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Softonic)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/#hl=de&sclient=psy-ab&q=arbeitsvermittlung+bielefeld&oq=arbeitsvermitlung+biel&gs_l=hp.1.0.0i13l2j0i13i5i30l2.468.1072.1.2464.3.1.3.0.0.1.675.960.2-1j5-1.2.0...0.0...1c.zHduL7ffeT8&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.&fp=4b4a352b6e15cc0d&biw=1280&bih=633|hxxp://www.arbeitplus-bi.de/arbeitsuchende.html|hxxp://www.amg-personal.de/amg/index.php?template=CONTENT&cat_id=1140|https://amg.jobcenter24h.de/cgi-bin/public.pl?frontend=Public::Stellenangebote&application=StellenangeboteBewerber&command=browseList&SessionListnavigationStart=25|https://amg.jobcenter24h.de/cgi-bin/public.pl?frontend=StellenangebotDetails&application=StellenangeboteBewerber&command=showDetails&SessionId_stellenangebote=57352&SessionStellenboerse=amg|https://amg.jobcenter24h.de/cgi-bin/public.pl?frontend=StellenangebotDetails&application=StellenangeboteBewerber&command=showDetails&SessionId_stellenangebote=64429&SessionStellenboerse=amg|hxxp://www.stepstone.de/stellenangebote--Bezirksleiter-CPU-m-w-Gebiete-West-und-Mitte-Deutschland-Unilever-Deutschland-GmbH--2195578-inline.html|hxxp://www.stepstone.de/stellenangebote--Gebietsleiter-in-im-Aussendienst-NRW-Nordrhein-Westfalen-Jung-Verpackungen-GmbH--2237585-inline.html|hxxp://www.jung-design.de/de/Jung_Design_Stellenangebote|hxxp://www.fuetternundfit.de/Versand-und-Kosten/|hxxp://www.fuetternundfit.de/Katzen/Katzenfutter/|hxxp://www.fuetternundfit.de/Katzen/Katzenfutter/Royal-Canin-Katzen/RC-Katze-YOUNG-FEMALE-Trocken.html|https://client.helionresearch.com/get_in_touch_careers|hxxp://www.stepstone.de/stellenangebote--Account-Manager-m-w-Grossraum-Koeln-Gess-Partner-GmbH--2271879-inline.html?cid=MSEarch_DE_jobisjob_premium|hxxp://www.job-gess.de/de/fuer-bewerber/19.html|hxxp://www.job-gess.de/de/fuer-bewerber/stellenmarkt/detailansicht.html?id=15043|hxxp://www.youtube.com/watch?NR=1&v=JF32VLUBB4E&feature=endscreen|hxxp://www.youtube.com/watch?v=9yW9udLm4yg&feature=related|hxxp://de.jobrapido.com/?w=bulgarisch|hxxp://www.stepstone.de/5/ergebnisliste.html?offset=0&orderBy=DateDesc|hxxp://jobsuche.monster.de/Jobs/?q=bulgarisch&cy=de&sort=rv.di.dt|hxxp://stellenanzeige.monster.de/Transport-Manager-Disponenten-m-w-Job-M%c3%bcnchen-Unterhaching-Bayern-Deutschland-105183760.aspx|hxxp://www.google.de/#hl=de&gs_nf=1&cp=20&gs_id=ji&xhr=t&q=fahrschule+bad+rothenfelde&pf=p&output=search&sclient=psy-ab&oq=fahrschule+bad+rothe&gs_l=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.&fp=b12e711a618fbd98&biw=1280&bih=633|hxxp://www.meinestadt.de/bad-rothenfelde/auto/fahrschule|hxxp://www.cltnet.de/webmag/freestart.htm#isre|hxxp://jobboerse.arbeitsagentur.de/vamJB/stellenangeboteFinden.html?d_6827794_z=50&d_6827794_s=4&d_6827794_o=2&d_6827794_p=1&execution=e2s1|hxxp://www.stepstone.de/stellenangebote--Produktmanagement-Support-m-w-PAst-247-12-Freiburg-SICK-AG--2277717-inline.html?cid=JaJob-undefined-01-2012_undefined&jacid=3699406-01-2012|hxxp://www.stepstone.de/stellenangebote--Produktmanager-fuer-unsere-Studiengaenge-m-w-Essen-NRW-FOM-Hochschule-fuer-Oekonomie-Management--2276226-inline.html?cid=JaJob-undefined-01-2012_undefined&jacid=3699406-01-2012|hxxp://www.stepstone.de/stellenangebote--Business-Analyst-m-w-Duesseldorf-StepStone-Deutschland-GmbH--2067052-inline.html?cid=JaJob-undefined-01-2012_undefined&jacid=3679217-01-2012|hxxp://jobsuche.monster.de/Jobs/?rad=10&q=lidl&cy=de&sort=rv.di.dt|hxxp://stellenanzeige.monster.de/Filialverantwortlichen-w-m-und-Stellvertreter-w-m-Job-Velbert-Nordrhein-Westfalen-Deutschland-112030865.aspx|hxxp://stellenanzeige.monster.de/Filialverantwortliche-w-m-und-Stellvertreter-w-m-Job-R%c3%bcdesheim-Geisenheim-und-Eltville-Hessen-Deutschland-112542947.aspx|hxxp://karriere.nettodrom.de/index.php/stellenangebote/taetigkeit/marktleitung.html|hxxp://karriere.nettodrom.de/index.php/stellenangebot/items/177.html|hxxp://www.google.de/#q=lidl+filialverantwortlicher+gehalt&hl=de&prmd=imvns&psj=1&ei=DyciUMOnBKT74QTRs4CgBw&start=20&sa=N&bav=on.2,or.r_gc.r_pw.r_qf.&fp=1f64fdfcb0c2a439&biw=1280&bih=608|hxxp://support.google.com/websearch/bin/answer.py?hl=de&answer=463|hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@digitalpublishing.de/dpLaunch: C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@IpsosPanelPlus@ipsosinteractive.com: C:\Documents and Settings\Administrator\Local Settings\Application Data\Ipsos Panel Plus\toolbar_ff\plugins\npIpsosCommPlugin.dll (IDM)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.08 13:04:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.30 08:16:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\IpsosPanelPlus@ipsosinteractive.com: C:\Documents and Settings\Administrator\Local Settings\Application Data\Ipsos Panel Plus\toolbar_ff\ [2012.08.08 18:41:31 | 000,000,000 | ---D | M]
 
[2012.06.19 15:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012.08.08 13:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions
[2012.08.08 13:04:28 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\ffxtlbr@incredibar.com
[2012.08.08 13:04:44 | 000,000,000 | ---D | M] (softonic.com) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\ffxtlbra@softonic.com
[2012.08.08 13:04:17 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\searchplugins\MyStart Search.xml
[2012.08.08 12:59:42 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\searchplugins\softonic.xml
[2012.06.19 15:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.18 12:51:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.03 09:50:28 | 000,076,656 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LA8IGGYG.DEFAULT\EXTENSIONS\BETTERADS@BETTERADS.ORG.XPI
[2012.08.08 18:41:31 | 000,000,000 | ---D | M] (Ipsos Panel Plus) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\IPSOS PANEL PLUS\TOOLBAR_FF
[2012.08.08 13:04:23 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.07.30 08:16:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: dp Launcher Plugin (Enabled) = C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: BetterAds = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cacclhdpfoingihegojhoipnihfnoaki\1.5_0\
CHR - Extension: Web Assistant = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.467_0\
CHR - Extension: Ipsos Panel Plus = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jaomfkhlibpgkpmjjkfjpfjhebhbgcah\5.3.0_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
 
O1 HOSTS File: ([2004.08.04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (BetterAds) - {BA56787C-729F-4715-8F11-EB2A16908B91} - C:\Program Files\BetterAds\ScriptHost.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Panasonic Hotkey Manager] C:\Program Files\Panasonic\Hotkey Appendix\hkeyapp.exe (Panasonic Corporation)
O4 - HKLM..\Run: [PCinfo] C:\Program Files\Panasonic\pcinfo\PcInfoUt.exe (Panasonic Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe (Panasonic Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [setfan] C:\Program Files\Panasonic\setfan\setfan.exe (Panasonic Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WSwitch] C:\Program Files\Panasonic\WSwitch\WSwitch.exe (Panasonic Corporation)
O4 - HKU\S-1-5-21-3402263254-3905192389-2916328827-500..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3402263254-3905192389-2916328827-500..\Run: [Ipsos Panel Plus] C:\Documents and Settings\Administrator\Local Settings\Application Data\Ipsos Panel Plus\service\IpsosPanelPlusService.exe (Ipsos)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Economy Mode(ECO) Setting Utility.lnk = C:\Program Files\Panasonic\CHGBMODE\ChgBmode.exe (Panasonic Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Optical Disc Drive Power-Saving Utility.lnk = C:\Program Files\Panasonic\OPDOFF\opdoff.exe (Panasonic Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PC Information Popup.lnk = C:\Program Files\Panasonic\PPopup\ppopup.exe (Panasonic Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMAsst.exe (Panasonic Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Touch Pad Utility.lnk = C:\Program Files\Panasonic\WheelPad\TouchPad.exe (Panasonic Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49AC13DE-2744-4D9D-AE5A-BF0E88E628E1}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.07 21:59:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.22 18:24:56 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2012.08.21 20:23:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.08.20 22:07:49 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012.08.20 22:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2012.08.20 22:04:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012.08.20 22:04:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012.08.16 06:50:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.14 16:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012.08.14 16:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.14 16:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.08.14 16:43:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.14 16:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.14 16:41:29 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup-1.62.0.1300.exe
[2012.08.13 10:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\SPSS v17
[2012.08.11 13:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2012.08.11 13:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2012.08.10 12:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MySho
[2012.08.10 09:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Ebay-Photos
[2012.08.08 18:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ipsos Panel Plus
[2012.08.08 18:41:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Ipsos Panel Plus
[2012.08.08 18:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ipsos Panel Plus
[2012.08.08 18:40:24 | 008,321,680 | ---- | C] (Ipsos) -- C:\Program Files\IpsosPanelPlusSetup.exe
[2012.08.08 14:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\snimki
[2012.08.08 13:53:08 | 000,000,000 | ---D | C] -- C:\§SNIMKI
[2012.08.08 13:48:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ARBEIT
[2012.08.08 13:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaBA
[2012.08.08 13:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\BetterAds
[2012.08.08 13:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Incredibar.com
[2012.08.08 13:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.08.08 13:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2012.08.08 13:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.08.08 13:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digiarty
[2012.08.08 13:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2012.08.08 13:01:46 | 000,352,952 | ---- | C] (Softonic) -- C:\Program Files\SoftonicDownloader_for_winx-dvd-player.exe
[2012.08.08 12:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Softonic
[2012.08.08 12:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic
[2012.08.08 12:54:14 | 000,352,968 | ---- | C] (Softonic) -- C:\Program Files\SoftonicDownloader_fuer_avs-media-player.exe
[2012.08.08 12:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVS4YOU
[2012.08.08 12:37:04 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\libmfxsw32.dll
[2012.08.08 12:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2012.08.08 12:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\AVS4YOU
[2012.08.08 12:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVS4YOU
[2012.08.08 12:36:21 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2012.08.08 12:36:21 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2012.08.08 12:36:21 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2012.08.08 12:36:20 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2012.08.08 12:36:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2012.08.08 12:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2012.08.08 12:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2012.08.08 12:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2012.08.08 12:27:33 | 092,268,272 | ---- | C] (Online Media Technologies Ltd.                              ) -- C:\Program Files\AVSMediaPlayer419.exe
[2012.08.08 12:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2012.08.08 12:26:49 | 000,739,864 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
[2012.08.07 15:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\digital publishing
[2012.08.07 15:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\digital publishing
[2012.08.07 15:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\digital publishing
[2012.08.07 15:39:38 | 006,951,816 | ---- | C] (digital publishing AG) -- C:\Program Files\dpLaunchSet.exe
[2012.08.07 11:19:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012.08.07 11:14:11 | 000,000,000 | R--D | C] -- C:\Snimki
[2012.08.07 11:12:28 | 000,081,924 | ---- | C] (FUJI PHOTO FILM CO.,LTD.) -- C:\WINDOWS\System32\drivers\VC4CB104.SYS
[2012.08.07 11:12:28 | 000,065,536 | ---- | C] (FUJIFILM) -- C:\WINDOWS\System32\FINFCHECK.dll
[2012.08.07 11:12:28 | 000,045,056 | ---- | C] (FUJIFILM) -- C:\WINDOWS\System32\FINFCOPY.dll
[2012.08.07 11:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\REGSHAVE
[2012.08.07 11:12:24 | 000,069,632 | ---- | C] (FUJIFILM) -- C:\WINDOWS\System32\FREGSHEX.DLL
[2012.08.07 11:12:24 | 000,045,056 | ---- | C] (FUJIFILM) -- C:\WINDOWS\System32\FCLKBTN.DLL
[2012.08.07 11:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\FinePix_USB
[2012.08.07 11:08:35 | 002,453,107 | ---- | C] (A.I.SOFT,INC.) -- C:\Program Files\USBdrvWinXP.exe
[2012.08.02 23:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PDF24
[2012.08.01 05:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF24
[2012.08.01 05:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2012.08.01 05:14:36 | 010,494,632 | ---- | C] (Geek Software GmbH                                          ) -- C:\Program Files\pdf24-creator.exe
[2012.07.31 21:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2012.07.30 22:34:34 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012.07.30 22:34:34 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012.07.30 20:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012.07.30 20:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.07.30 20:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.07.30 20:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012.07.30 20:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.07.30 20:12:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012.07.30 20:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012.07.30 20:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.07.30 20:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012.07.30 20:12:01 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.07.30 09:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ControlCenter3
[2012.07.30 09:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother
[2012.07.30 09:53:00 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2012.07.30 09:52:57 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2012.07.30 09:48:20 | 000,094,208 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBTOOL.EXE
[2012.07.30 09:48:20 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BRLMW03A.DLL
[2012.07.30 09:48:20 | 000,024,223 | ---- | C] (brother Industries Ltd) -- C:\WINDOWS\System32\BRLM03A.DLL
[2012.07.30 09:48:15 | 001,397,248 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia07b.dll
[2012.07.30 09:48:15 | 000,045,568 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrUsi07b.dll
[2012.07.30 09:48:13 | 000,057,856 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll
[2012.07.30 09:48:12 | 000,163,840 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2012.07.30 09:48:12 | 000,094,208 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2012.07.30 09:48:12 | 000,016,384 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2012.07.30 09:48:12 | 000,012,288 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2012.07.30 09:48:10 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BroSNMP.dll
[2012.07.30 09:48:02 | 000,131,072 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll
[2012.07.30 09:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2012.07.30 09:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2012.07.30 09:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2012.07.30 09:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2012.07.30 09:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012.07.30 09:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.07.30 09:39:07 | 081,129,568 | ---- | C] (A.I.SOFT,INC.) -- C:\Program Files\DCP-7030-inst-B2-de.EXE
[2012.07.26 19:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2012.07.26 19:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012.07.26 19:19:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012.06.19 15:49:13 | 016,420,744 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 13.0.1.exe
[2012.06.14 22:38:12 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB936929-SP3-x86-ENU.exe
[2012.06.14 22:37:37 | 000,629,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB932823-v3-x86-ENU.exe
[2012.06.14 22:37:19 | 010,592,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2618444-x86-ENU.exe
[2012.06.14 22:37:10 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.22 18:57:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.08.22 18:51:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.22 18:38:00 | 000,001,222 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3402263254-3905192389-2916328827-500UA.job
[2012.08.22 18:24:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2012.08.22 17:45:09 | 000,439,066 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Wohnung in Bad Rothenfelde.pdf
[2012.08.22 17:34:22 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012.08.22 17:11:34 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2012.08.22 12:38:01 | 000,001,170 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3402263254-3905192389-2916328827-500Core.job
[2012.08.22 10:00:45 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.08.22 09:58:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.22 09:57:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.22 09:57:16 | 2007,736,320 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.22 03:01:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.08.22 02:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-YOUR-8E8F8D6E2D-Administrator.job
[2012.08.20 22:07:40 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012.08.20 22:07:40 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012.08.20 22:04:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012.08.20 22:01:14 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.16 16:58:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.08.16 16:58:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.08.16 07:18:28 | 003,650,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.08.14 17:25:00 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup-1.62.0.1300.exe
[2012.08.14 16:43:46 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ Malwarebytes Anti-Malware .lnk
[2012.08.13 17:07:15 | 000,262,834 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VR-120_test.pdf
[2012.08.13 17:03:41 | 025,564,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1242f8236feb2a502564e2b819439b18.PDF
[2012.08.12 15:21:34 | 072,901,823 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ebook_Kelby_Photoshop CS4.pdf
[2012.08.11 13:18:36 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.08.10 00:06:02 | 000,008,882 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Nokia Handy.odt
[2012.08.10 00:01:42 | 000,006,201 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Radarwarner Announce Vorbild.odt
[2012.08.08 18:41:51 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012.08.08 18:40:42 | 008,321,680 | ---- | M] (Ipsos) -- C:\Program Files\IpsosPanelPlusSetup.exe
[2012.08.08 13:04:29 | 000,000,558 | ---- | M] () -- C:\user.js
[2012.08.08 13:03:15 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Player.lnk
[2012.08.08 13:01:46 | 000,352,952 | ---- | M] (Softonic) -- C:\Program Files\SoftonicDownloader_for_winx-dvd-player.exe
[2012.08.08 12:54:15 | 000,352,968 | ---- | M] (Softonic) -- C:\Program Files\SoftonicDownloader_fuer_avs-media-player.exe
[2012.08.08 12:36:58 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AVS Media Player.lnk
[2012.08.08 12:36:10 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012.08.08 12:35:41 | 092,268,272 | ---- | M] (Online Media Technologies Ltd.                              ) -- C:\Program Files\AVSMediaPlayer419.exe
[2012.08.08 12:26:50 | 000,739,864 | ---- | M] (Google Inc.) -- C:\Program Files\ChromeSetup.exe
[2012.08.08 12:14:29 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop CS6.lnk
[2012.08.08 09:28:47 | 000,382,337 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\oo_1082291.pdf
[2012.08.08 09:19:32 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad (2).lnk
[2012.08.07 15:39:46 | 006,951,816 | ---- | M] (digital publishing AG) -- C:\Program Files\dpLaunchSet.exe
[2012.08.07 11:08:55 | 002,453,107 | ---- | M] (A.I.SOFT,INC.) -- C:\Program Files\USBdrvWinXP.exe
[2012.08.03 20:12:20 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint 2010.lnk
[2012.08.01 05:40:21 | 000,001,531 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PDF24 Editor.lnk
[2012.08.01 05:15:05 | 010,494,632 | ---- | M] (Geek Software GmbH                                          ) -- C:\Program Files\pdf24-creator.exe
[2012.07.31 21:34:32 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2012.07.30 22:33:45 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Picture Manager.lnk
[2012.07.30 22:33:42 | 000,002,056 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2012.07.30 22:33:38 | 000,002,022 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft OneNote 2010.lnk
[2012.07.30 22:25:58 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ControlCenter3.lnk
[2012.07.30 10:01:10 | 002,182,347 | ---- | M] () -- C:\Program Files\brxtwain_340-228b.dmg
[2012.07.30 09:55:31 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee Security Scan Plus.lnk
[2012.07.30 09:53:11 | 000,000,416 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012.07.30 09:53:11 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\bd7030.dat
[2012.07.30 09:41:15 | 081,129,568 | ---- | M] (A.I.SOFT,INC.) -- C:\Program Files\DCP-7030-inst-B2-de.EXE
[2012.07.26 19:15:28 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MSN Installer.lnk
[2012.07.26 17:14:10 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012.07.26 13:08:46 | 000,000,044 | ---- | M] () -- C:\WINDOWS\SMWizard.INI
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.22 17:45:09 | 000,439,066 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Wohnung in Bad Rothenfelde.pdf
[2012.08.22 17:34:22 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012.08.20 22:04:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012.08.14 16:43:46 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ Malwarebytes Anti-Malware .lnk
[2012.08.13 17:07:15 | 000,262,834 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VR-120_test.pdf
[2012.08.13 17:02:48 | 025,564,881 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1242f8236feb2a502564e2b819439b18.PDF
[2012.08.12 15:20:49 | 072,901,823 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ebook_Kelby_Photoshop CS4.pdf
[2012.08.10 00:07:56 | 000,008,882 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Nokia Handy.odt
[2012.08.10 00:07:56 | 000,006,201 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Radarwarner Announce Vorbild.odt
[2012.08.08 18:41:51 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012.08.08 13:03:15 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Player.lnk
[2012.08.08 12:59:46 | 000,000,558 | ---- | C] () -- C:\user.js
[2012.08.08 12:36:58 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AVS Media Player.lnk
[2012.08.08 12:36:10 | 000,002,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012.08.08 12:27:01 | 000,001,222 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3402263254-3905192389-2916328827-500UA.job
[2012.08.08 12:27:01 | 000,001,170 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3402263254-3905192389-2916328827-500Core.job
[2012.08.08 12:14:29 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop CS6.lnk
[2012.08.08 12:14:03 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-YOUR-8E8F8D6E2D-Administrator.job
[2012.08.08 12:11:28 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012.08.08 12:10:16 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012.08.08 12:07:55 | 000,001,000 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012.08.08 12:07:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012.08.08 09:28:50 | 000,382,337 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\oo_1082291.pdf
[2012.08.07 11:13:30 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.01 05:40:21 | 000,001,531 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\PDF24 Editor.lnk
[2012.07.31 21:34:32 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2012.07.30 22:33:45 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Picture Manager.lnk
[2012.07.30 22:33:42 | 000,002,056 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2012.07.30 22:33:38 | 000,002,022 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft OneNote 2010.lnk
[2012.07.30 22:33:35 | 000,002,565 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint 2010.lnk
[2012.07.30 22:33:21 | 000,002,523 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2012.07.30 22:25:58 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ControlCenter3.lnk
[2012.07.30 10:01:10 | 002,182,347 | ---- | C] () -- C:\Program Files\brxtwain_340-228b.dmg
[2012.07.30 09:55:31 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee Security Scan Plus.lnk
[2012.07.30 09:53:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.07.30 09:49:33 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7030.dat
[2012.07.30 09:48:20 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012.07.30 09:48:02 | 000,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.bmp
[2012.07.30 09:44:22 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.07.30 09:44:02 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012.07.26 19:16:15 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad (2).lnk
[2012.07.26 19:15:28 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MSN Installer.lnk
[2012.07.26 17:14:09 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012.07.26 13:08:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2012.07.16 15:12:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.06.19 14:17:22 | 002,500,792 | ---- | C] () -- C:\Program Files\AdobeDownloadAssistant.exe
[2012.06.17 12:22:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.14 11:48:26 | 099,308,192 | ---- | C] () -- C:\Program Files\avira_free_antivirus_de.exe
 
========== LOP Check ==========
 
[2012.06.16 17:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AskToolbar
[2012.06.19 14:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.08.07 15:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\digital publishing
[2012.07.26 19:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2012.08.08 13:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Incredibar.com
[2012.08.08 18:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ipsos Panel Plus
[2012.06.19 16:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PDAppFlex
[2012.08.08 12:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Softonic
[2012.08.08 12:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009.05.08 00:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2012.08.22 18:57:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

----



Mit besten Grüßen
__________________
Alt 22.08.2012, 22:32   #4
t'john
/// Helfer-Team
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Standard

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
MOD - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe () 
SRV - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe () 
DRV - (WDICA) -- File not found 
DRV - (PDRFRAME) -- File not found 
DRV - (PDRELI) -- File not found 
DRV - (PDFRAME) -- File not found 
DRV - (PDCOMP) -- File not found 
DRV - (PCIDump) -- File not found 
DRV - (lbrtfdc) -- File not found 
DRV - (i2omgmt) -- File not found 
DRV - (Changer) -- File not found 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.softonic.com/?q= 
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} 
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\SearchScopes\{27E9840D-D155-4819-BE9F-B4FD3FB68DF6}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=8339196b-be42-45c2-8c47-5433901c43c1&apn_sauid=5A593852-3EED-4F3C-8A4A-9415D441B183 
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\SearchScopes\{B0C4CFAA-90B7-4E4D-92F4-61FFC22D746A}: "URL" = http://search.softonic.com/INF1205T01/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=390 
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyKoS8qxA&i=26 
IE - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.selectedEngine: "Search the web (Softonic)" 
FF - prefs.js..keyword.URL: "http://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q=" 
FF - prefs.js..network.proxy.type: 0 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.08 13:04:23 | 000,000,000 | ---D | M] 
CHR - Extension: Web Assistant = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.467_0\ 
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () 
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) 
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) 
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com) 
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com) 
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) 
O3 - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKU\S-1-5-21-3402263254-3905192389-2916328827-500..\Run: [AdobeBridge] File not found 
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-21-3402263254-3905192389-2916328827-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.05.07 21:59:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] 
[2012.08.08 13:01:46 | 000,352,952 | ---- | C] (Softonic) -- C:\Program Files\SoftonicDownloader_for_winx-dvd-player.exe 
[2012.08.08 12:54:14 | 000,352,968 | ---- | C] (Softonic) -- C:\Program Files\SoftonicDownloader_fuer_avs-media-player.exe 

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
[2012.08.08 13:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaBA 
[2012.08.08 13:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\BetterAds 
[2012.08.08 13:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Incredibar.com 
[2012.08.08 13:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Perion 
[2012.08.08 13:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com 
[2012.08.08 13:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant 
[2012.08.08 13:04:29 | 000,000,558 | ---- | M] () -- C:\user.js 

[2012.07.30 09:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.08.2012, 09:55   #5
tantan
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Frage

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Hallo t'john,

ich habe versucht die von dir empfohlene Schritte zu folgen.
Zuerst habe ich den OTL vom Ordner "Programme" auf dem Desktop übertragen.
Danach habe ich den OTL.exe geöffnet und den Skript rein kopiert.
Danach habe ich den Avira deaktieviert und die restliche Fenster geschloßen.
Nach dem ich das FIX-Button gedrückt habe, habe ich eine Nachricht bekommen, dass Malwarebytes Anti-Malware stört. Danach habe ich Malwarebytes Anti-Malware ausgeschaltet und erneut den FIX gedrückt. Denn 4 Stunden in der Nacht nichts passierte, wurde den Laptop ausgeschaltet.
Heute habe ich wieder versucht - also den Skript rein kopiert und FIX gedrückt.
Schon 4 Stunden sehe ich keine Änderung.
Es steht, dass OTL "not Responding" und unten ist geschrieben "Killing processes. DO NOT INTERRUPT ..."

Also jetzt weiss ich nicht soll ich einfach lange warten, oder läuft bei mir etwas schief.
Außerdem in der vorherigen Betrag stand ich solle die Funde von Malwarebytes Anti-Malware löschen. Denn beim zweiten Scan keine Funde vorhanden waren, habe ich die beide böseartigen Objekte nicht gelöscht. Ist so korrekt?

Ansonsten mittlerweile habe ich gemerkt, dass meine gespeicherte Passwords nicht mehr gespeichert sind. Wenn ich das Internet-Explorer öffne, dann bekomme ich in der Mitte vom Bildschirm immer irgendwelche kleine Fensterchen mit vershciedenen Werbung, die nicht so leicht weg zu bekommen sind und sofort nach der Schließung öffnet sich eine weitere.

Und die Malwarebytes Anti-Malware läuft in 3 Tage aus, falls das von Bedeutung ist.

Danke schön für die Unterstüzung!
Ich sehe, dass allein kann ich dieses Problem gar nicht lösen ...

Schöne Grüße
tantan


Alt 25.08.2012, 16:13   #6
t'john
/// Helfer-Team
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Standard

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Bitte mal im abgesicherten Starten und dort probieren.
__________________
--> Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)

Alt 25.08.2012, 18:21   #7
tantan
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Standard

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Ich habe den abgesicherten Modus gestartet.
So habe ich keine Internetverbindung.
Aber auch kann ich durch Copy-Paste den Text in OTL nicht einfügen.

Spielt eine Rolle, dass mein Windows in Englisch ist?

Grüße
tantan

Alt 26.08.2012, 01:18   #8
t'john
/// Helfer-Team
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Standard

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Du kannst dir den Fix in eine Text-Datei kopieren.

Start - Programme - Zubehoer - Editor
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.08.2012, 07:15   #9
tantan
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Icon24

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Hallo t'john,

danke sehr!

OTL hat es geschafft. Den Bericht finden Sie unten meine Nachricht.

Ich sehe, dass der Compi erstmal normal schnell funktioniert.
Aber
1.als Startseite habe ich folgendes:
hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc=
2.Ich habe auf der Festplastte noch
C:\Program Files\Softonic\Softonic\1.6.7.4
3.Irgendwelche Fensterchen in blau mit Werbung zeigen sich immer noch.
4. Wenn ich einen Tab öffne, habe ich eine Leiste mit "incredibar" mit Suchmöglichkeit sowie irgendwelche Werrbebuttons.

Gibt es Möglichkeit diese auch zu löschen?

Vielmals Danke !!!!


Die Ergebnisse von OTL:

All processes killed
========== OTL ==========
Service Web Assistant Updater stopped successfully!
Service Web Assistant Updater deleted successfully!
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe moved successfully.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3402263254-3905192389-2916328827-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\SearchScopes\{27E9840D-D155-4819-BE9F-B4FD3FB68DF6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27E9840D-D155-4819-BE9F-B4FD3FB68DF6}\ not found.
Registry key HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\SearchScopes\{B0C4CFAA-90B7-4E4D-92F4-61FFC22D746A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0C4CFAA-90B7-4E4D-92F4-61FFC22D746A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
HKU\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Search the web (Softonic)" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
C:\Program Files\Web Assistant\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\Web Assistant\Firefox\defaults folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\skin folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\locale folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\resources folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\libraries folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome folder moved successfully.
C:\Program Files\Web Assistant\Firefox folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.467_0\resources folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.467_0\libraries folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.467_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
C:\Program Files\Web Assistant\Extension32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
C:\Program Files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ deleted successfully.
C:\Program Files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ deleted successfully.
C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Program Files\SoftonicDownloader_for_winx-dvd-player.exe moved successfully.
C:\Program Files\SoftonicDownloader_fuer_avs-media-player.exe moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaBA folder moved successfully.
C:\Program Files\BetterAds folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Incredibar.com\incredibar folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Incredibar.com folder moved successfully.
C:\Program Files\Perion\NewTab folder moved successfully.
C:\Program Files\Perion folder moved successfully.
C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh folder moved successfully.
C:\Program Files\Incredibar.com\incredibar\1.5.11.14 folder moved successfully.
C:\Program Files\Incredibar.com\incredibar folder moved successfully.
C:\Program Files\Incredibar.com folder moved successfully.
C:\Program Files\Web Assistant\resources folder moved successfully.
C:\Program Files\Web Assistant\libraries folder moved successfully.
C:\Program Files\Web Assistant folder moved successfully.
C:\user.js moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp\Adobe\Acrobat\10.0 folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp\Adobe\Acrobat folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp\Adobe folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 173321930 bytes
->Temporary Internet Files folder emptied: 44006134 bytes
->FireFox cache emptied: 459976934 bytes
->Google Chrome cache emptied: 7581174 bytes
->Flash cache emptied: 59310 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56478 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33043 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Photohop

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12541725 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 144597176 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 970338927 bytes

Total Files Cleaned = 1.729,00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08262012_073518

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF90DC.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF90E9.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9143.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9150.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9256.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9263.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 26.08.2012, 23:57   #10
t'john
/// Helfer-Team
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Standard

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Sehr gut!


1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.08.2012, 17:59   #11
tantan
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Icon24

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Hallo t'john,

ja, für dich mehrere daumenhoch :-)

Heute habe ich die nächste Schritte schon erledigt und unten finde bitte die beiden Berichte.
Nun leider gestern hatte ich weiter Probleme mit Mozzila. Irgendwelche Seiten öffnen sich ab und zu und blockieren den Browser.
Heute: Die blaue Fensterchen springen immer noch und
hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc=
öffnet sich immer noch als favorite.

Beim Internet Explorer ist alles sauber, sogar habe diese Seite als erste, die ich mir wünsche.

Vom Herzen vielen Dank! Ich fühle mich geretet :-)

Und die Malwarebytes kann ich nur noch 1 Tag nutzen.

Schöne Grüße
tantan



Nun die Berichte

vom Schritt 1:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.27.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: YOUR-8E8F8D6E2D [Administrator]

Schutz: Aktiviert

27.08.2012 09:53:07
mbam-log-2012-08-27 (09-53-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 341020
Laufzeit: 2 Stunde(n), 44 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Vom Schritt 2

# AdwCleaner v1.801 - Logfile created 08/27/2012 at 18:36:17
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - YOUR-8E8F8D6E2D
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Documents and Settings\Administrator\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Administrator\Application Data\Softonic
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\ffxtlbr@incredibar.com
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\ffxtlbra@softonic.com
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Softonic
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\searchplugins\MyStart Search.xml
File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\searchplugins\softonic.xml
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Web Assistant
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Found : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Found : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc=

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\prefs.js

Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6OyKoS8qxA&loc=FF_NT");
Found : user_pref("extensions.Softonic.admin", false);
Found : user_pref("extensions.Softonic.aflt", "SD");
Found : user_pref("extensions.Softonic.autoRvrt", "false");
Found : user_pref("extensions.Softonic.cntry", "DE");
Found : user_pref("extensions.Softonic.cv", "cv5");
Found : user_pref("extensions.Softonic.dfltLng", "de");
Found : user_pref("extensions.Softonic.dfltSrch", true);
Found : user_pref("extensions.Softonic.dfltlng", "de");
Found : user_pref("extensions.Softonic.dfltsrch", true);
Found : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
Found : user_pref("extensions.Softonic.dspOld", "Ask.com");
Found : user_pref("extensions.Softonic.envrmnt", "production");
Found : user_pref("extensions.Softonic.excTlbr", false);
Found : user_pref("extensions.Softonic.hdrMd5", "44E6943E13884C59062D01287B6BB8E2");
Found : user_pref("extensions.Softonic.hmpg", true);
Found : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=1[...]
Found : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&[...]
Found : user_pref("extensions.Softonic.hpOld", "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&local[...]
Found : user_pref("extensions.Softonic.hrdid", "84d8779c000000000000002306d95d81");
Found : user_pref("extensions.Softonic.id", "84d8779c000000000000002306d95d81");
Found : user_pref("extensions.Softonic.instlDay", "15560");
Found : user_pref("extensions.Softonic.instlRef", "INF1205T01");
Found : user_pref("extensions.Softonic.instlday", "15560");
Found : user_pref("extensions.Softonic.instlref", "INF1205T01");
Found : user_pref("extensions.Softonic.isdcmntcmplt", "false");
Found : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSourc[...]
Found : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSourc[...]
Found : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.412:59:45");
Found : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Found : user_pref("extensions.Softonic.newTab", true);
Found : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource[...]
Found : user_pref("extensions.Softonic.newtab", true);
Found : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource[...]
Found : user_pref("extensions.Softonic.prdct", "Softonic");
Found : user_pref("extensions.Softonic.prtnrId", "softonic");
Found : user_pref("extensions.Softonic.prtnrid", "softonic");
Found : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Found : user_pref("extensions.Softonic.sg", "cz");
Found : user_pref("extensions.Softonic.smplGrp", "none");
Found : user_pref("extensions.Softonic.smplgrp", "none");
Found : user_pref("extensions.Softonic.srch", "");
Found : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Found : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)");
Found : user_pref("extensions.Softonic.tlbrId", "base");
Found : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...]
Found : user_pref("extensions.Softonic.tlbrid", "base");
Found : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...]
Found : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
Found : user_pref("extensions.Softonic.vrsnTs", "1.6.7.412:59:45");
Found : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
Found : user_pref("extensions.Softonic.vrsnts", "1.6.7.412:59:45");
Found : user_pref("extensions.Softonic_i.dnsErr", true);
Found : user_pref("extensions.Softonic_i.hmpg", true);
Found : user_pref("extensions.Softonic_i.newTab", true);
Found : user_pref("extensions.Softonic_i.smplGrp", "none");
Found : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.412:59:45");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Found : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,ffxtlbra@softonic.com:1.6.0,bett[...]
Found : user_pref("extensions.incredibar.actvtyRptTime", "1345671063867");
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "EN");
Found : user_pref("extensions.incredibar.dfltlng", "EN");
Found : user_pref("extensions.incredibar.dfltsrch", "false");
Found : user_pref("extensions.incredibar.did", "10665");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.hdrMd5", "");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.hrdid", "0");
Found : user_pref("extensions.incredibar.id", "");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlday", "");
Found : user_pref("extensions.incredibar.instlref", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", false);
Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Found : user_pref("extensions.incredibar.keywordurl", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1413:04:29");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.newtab", "false");
Found : user_pref("extensions.incredibar.newtaburl", "");
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.prtnrid", "");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.smplgrp", "none");
Found : user_pref("extensions.incredibar.srch", "");
Found : user_pref("extensions.incredibar.srchprvdr", "");
Found : user_pref("extensions.incredibar.tlbrid", "base");
Found : user_pref("extensions.incredibar.tlbrsrchurl", "");
Found : user_pref("extensions.incredibar.upn2", "6OyKoS8qxA");
Found : user_pref("extensions.incredibar.upn2n", "92261895051392810");
Found : user_pref("extensions.incredibar.vrsn", "");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1413:04:29");
Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.1413:04:29");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10665");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "84d8779c000000000000002306d95d81");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15560");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyKoS8qxA&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6OyKoS8qxA");
Found : user_pref("extensions.incredibar_i.upn2n", "92261895051392810");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:04:29");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://search.softonic.[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://search.softo[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v21.0.1180.83

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found : "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6OyKoS8qxA&i=26" ]
Found : "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6OyKoS8qxA&i=26" ]

*************************

AdwCleaner[R1].txt - [20755 octets] - [27/08/2012 18:36:17]

########## EOF - C:\AdwCleaner[R1].txt - [20884 octets] ##########

Alt 28.08.2012, 15:26   #12
t'john
/// Helfer-Team
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Standard

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 28.08.2012, 19:33   #13
tantan
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Daumen hoch

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Das gibt es nicht!!! Ich habe noch 3 Trojaner

Soll ich die in die Quaranäne verschieben?

Na ja ohne Deine/Eure Hilfe will ich nicht mal denken wie ich mich befreien könnte.

Mittlerweile funktioniert die Mozzila Firefox schon normal und ich sehe keine blaue Fensterchen.

Mit noch Milliarden Mal DANKE sende ich die nächste Berichte
tantan

1. Schritt

# AdwCleaner v1.801 - Logfile created 08/28/2012 at 16:57:06
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - YOUR-8E8F8D6E2D
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Softonic
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\ffxtlbr@incredibar.com
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\extensions\ffxtlbra@softonic.com
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Softonic
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\searchplugins\MyStart Search.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\searchplugins\softonic.xml
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc= --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\prefs.js

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la8iggyg.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6OyKoS8qxA&loc=FF_NT");
Deleted : user_pref("extensions.Softonic.admin", false);
Deleted : user_pref("extensions.Softonic.aflt", "SD");
Deleted : user_pref("extensions.Softonic.autoRvrt", "false");
Deleted : user_pref("extensions.Softonic.cntry", "DE");
Deleted : user_pref("extensions.Softonic.cv", "cv5");
Deleted : user_pref("extensions.Softonic.dfltLng", "de");
Deleted : user_pref("extensions.Softonic.dfltSrch", true);
Deleted : user_pref("extensions.Softonic.dfltlng", "de");
Deleted : user_pref("extensions.Softonic.dfltsrch", true);
Deleted : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
Deleted : user_pref("extensions.Softonic.dspOld", "Ask.com");
Deleted : user_pref("extensions.Softonic.envrmnt", "production");
Deleted : user_pref("extensions.Softonic.excTlbr", false);
Deleted : user_pref("extensions.Softonic.hdrMd5", "3C0F1FCFF3186AFEFBE33E2BB484A809");
Deleted : user_pref("extensions.Softonic.hmpg", true);
Deleted : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=1[...]
Deleted : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&[...]
Deleted : user_pref("extensions.Softonic.hpOld", "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&local[...]
Deleted : user_pref("extensions.Softonic.hrdid", "84d8779c000000000000002306d95d81");
Deleted : user_pref("extensions.Softonic.id", "84d8779c000000000000002306d95d81");
Deleted : user_pref("extensions.Softonic.instlDay", "15560");
Deleted : user_pref("extensions.Softonic.instlRef", "INF1205T01");
Deleted : user_pref("extensions.Softonic.instlday", "15560");
Deleted : user_pref("extensions.Softonic.instlref", "INF1205T01");
Deleted : user_pref("extensions.Softonic.isdcmntcmplt", "false");
Deleted : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSourc[...]
Deleted : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSourc[...]
Deleted : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.412:59:45");
Deleted : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.Softonic.newTab", true);
Deleted : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource[...]
Deleted : user_pref("extensions.Softonic.newtab", true);
Deleted : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource[...]
Deleted : user_pref("extensions.Softonic.prdct", "Softonic");
Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");
Deleted : user_pref("extensions.Softonic.prtnrid", "softonic");
Deleted : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Deleted : user_pref("extensions.Softonic.sg", "az");
Deleted : user_pref("extensions.Softonic.smplGrp", "none");
Deleted : user_pref("extensions.Softonic.smplgrp", "none");
Deleted : user_pref("extensions.Softonic.srch", "");
Deleted : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Deleted : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)");
Deleted : user_pref("extensions.Softonic.tlbrId", "base");
Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...]
Deleted : user_pref("extensions.Softonic.tlbrid", "base");
Deleted : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...]
Deleted : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
Deleted : user_pref("extensions.Softonic.vrsnTs", "1.6.7.412:59:45");
Deleted : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
Deleted : user_pref("extensions.Softonic.vrsnts", "1.6.7.412:59:45");
Deleted : user_pref("extensions.Softonic_i.dnsErr", true);
Deleted : user_pref("extensions.Softonic_i.hmpg", true);
Deleted : user_pref("extensions.Softonic_i.newTab", true);
Deleted : user_pref("extensions.Softonic_i.smplGrp", "none");
Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.412:59:45");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,ffxtlbra@softonic.com:1.6.0,bett[...]
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1346085424638");
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltlng", "EN");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10665");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.hdrMd5", "");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlday", "");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1413:04:29");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrid", "");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "");
Deleted : user_pref("extensions.incredibar.upn2", "6OyKoS8qxA");
Deleted : user_pref("extensions.incredibar.upn2n", "92261895051392810");
Deleted : user_pref("extensions.incredibar.vrsn", "");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1413:04:29");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1413:04:29");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10665");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "84d8779c000000000000002306d95d81");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15560");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyKoS8qxA&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6OyKoS8qxA");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92261895051392810");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:04:29");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://search.softonic.[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://search.softo[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6OyKoS8qxA&i=26" ]
Deleted : "urls_to_restore_on_startup": [ "hxxp://mystart.incredibar.com/mb165?a=6OyKoS8qxA&i=26" ]

*************************

AdwCleaner[R1].txt - [20886 octets] - [27/08/2012 18:36:17]
AdwCleaner[S1].txt - [21308 octets] - [28/08/2012 16:57:06]

########## EOF - C:\AdwCleaner[S1].txt - [21437 octets] ##########


2. Schritt

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 28.08.2012 17:40:23

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 28.08.2012 18:06:08

C:\§SNIMKI\mama\Christmas.exe gefunden: Trojan.Win32.XmasAds.AMN!E1
C:\§SNIMKI\LidMi\Christmas.exe gefunden: Trojan.Win32.XmasAds.AMN!E1
C:\Documents and Settings\Administrator\Desktop\snimki\mama\Christmas.exe gefunden: Trojan.Win32.XmasAds.AMN!E1

Gescannt 635336
Gefunden 3

Scan Ende: 28.08.2012 20:00:17
Scan Zeit: 1:54:09

Alt 29.08.2012, 03:12   #14
t'john
/// Helfer-Team
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Standard

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.08.2012, 18:27   #15
tantan
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Reden

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)




D A N K E!!!

Super Helfer :-)

---------------

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4c7bfa88d9b50945b0c7f116a6107d44
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-29 03:01:33
# local_time=2012-08-29 05:01:33 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 6385494 6385494 0 0
# compatibility_mode=8192 67108863 100 0 186 186 0 0
# scanned=320369
# found=8
# cleaned=8
# scan_time=7497
C:\_OTL\MovedFiles\08262012_073518\C_Program Files\SoftonicDownloader_for_winx-dvd-player.exe a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08262012_073518\C_Program Files\SoftonicDownloader_fuer_avs-media-player.exe a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\snimki\mama\Christmas.exe a variant of Win32/XmasAds.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\snimki\snimki\mama\Christmas.exe a variant of Win32/XmasAds.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\snimki\snimki\Lid\Christmas.exe a variant of Win32/XmasAds.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\E von compi\Externe Festplatte\Sept. 2010\Downloads\AVI.Codec.Pack.Pro.V2.2.0.Setup.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\E von compi\Externe Festplatte\Sept. 2010\Downloads\HSS-1.51-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\E von compi\Externe Festplatte\Juli 2011\Laptop Dell Juli 2011 außer Fotos!!!\Downloads\AVI.Codec.Pack.Pro.V2.2.0.Setup.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Antwort
Seite 1 von 2 1 2

Themen zu Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)
"my start incredibar" entfernen, avira, bericht, browser, folge, gruppe, infizierte, installiert, klicke, komplett, kopieren, laptop, lüfter, malwarebytes, mozilla, neue, neue seite, neuen, neues, nichts, problem, scan, schnell, seite, softronic, start, tab, virus, win


« Problem mit Snap.do | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. »


Ähnliche Themen: Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


  1. Windows 8.1 Kaspersky Warnungen "Programm möchte verbindung zu Computer XXX erstellen"
    Log-Analyse und Auswertung - 17.01.2015 (10)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. Widows Vista 32bit. "Softwareupdater.UI.exe" möchte sich bei jedem Start öffnen
    Log-Analyse und Auswertung - 02.09.2014 (15)
  4. Vielen Dank an Mitglied "deeprybka"
    Lob, Kritik und Wünsche - 06.05.2014 (1)
  5. Browser: Suchmaschine und "Start" / "Neuer Tab" - Seite und kurze Hintergrundprogramme
    Log-Analyse und Auswertung - 05.01.2014 (11)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. Windows XP Nach Installation von HP Player immer zwei Startseiten beim Öffnen von Google chrome "start.iminent.com" und "Search gol"
    Log-Analyse und Auswertung - 08.10.2013 (5)
  8. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  9. Nach Start kommt Meldung : "Es besteht noch keine Internetverbindung" Bitte warten
    Log-Analyse und Auswertung - 23.01.2012 (6)
  10. Win XP Start " Net Reactor 10 Fenster"danach "Firefox Problem 2 Fenster" danach "Blue Screen"
    Log-Analyse und Auswertung - 09.07.2011 (3)
  11. ICQ spamt: "Wie findest du mein neues Foto denn so ;D "
    Plagegeister aller Art und deren Bekämpfung - 22.06.2010 (27)
  12. ICQ Virus: "Wie findest du mein neues Foto denn so ;D "
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (3)
  13. "TR/Dropper.Gen" wütet im "Eigene Dateien"-Ordner, Hijackthis bitte auswerten!
    Log-Analyse und Auswertung - 10.09.2009 (9)
  14. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  15. Suche Mitglied "Trojanboard"
    Mülltonne - 17.12.2005 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Hallo, ich habe etwas von softronic.com heruntergeladen und installiert und na ja, jetzt muss ich um Hilfe bitten. Das Problem: wenn ich den Browser (Mozilla) öffne muss ich seeeeeeeeehr lange - Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)...
Archiv
Du betrachtest: Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131