hallo und dank im vorraus für alle die sich mit mir abmühen

ich habe mir obiges problem irgendwie eingefangen... keine ahnung wie und benötige hilfe fürs entfernen.

malwarebytes antimalware ist mit quickscan gelaufen und hat einige sachen gefunden, welche ich bereinigt habe. anschließend habe ich neustart gemacht nochmal gescant und keine probleme mehr gefunden.

die nächste action war HijackThis scan und logfileauswertung... hat 2 probleme mit incredibar gefunden, aber der fix ist fehlgeschlagen (hatte alle programme geschlossen und rechner auch neu gestartet) es ist aber unverändert da.

der nächste schritt denke ich ist otr, möcht ich aber nicht allein machen, weil davon habe ich keinen plan.

im anhang mein hijack logfile

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:31:16, on 17.08.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\silvia\AppData\Local\Skillbrains\lightshot\2.6.5.55\LightShot.exe
C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Users\silvia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\silvia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\silvia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\silvia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\silvia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\silvia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\silvia\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\silvia\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\silvia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [LightShot] C:\Users\silvia\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
O4 - HKCU\..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto 
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11568 bytes
         

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

• Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Wähle Scanne Alle Benuzer
• Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
• Unter Extra Registrierung, wähle bitte Benutze SafeList
• Klicke nun auf Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

1. schritt ist erledigt... hat 2 dinge nochmal gefunden. sind gelöscht.

2 schritt auch erledigt....

hier die logfiles:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 8/17/2012 7:30:04 PM - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\silvia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 6.59 Gb Available Physical Memory | 82.56% Memory free
15.96 Gb Paging File | 14.46 Gb Available in Paging File | 90.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1849.90 Gb Total Space | 1791.00 Gb Free Space | 96.82% Space Free | Partition Type: NTFS
Drive D: | 13.01 Gb Total Space | 1.60 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
Drive E: | 7.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SILVIA-HP | User Name: silvia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\silvia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\silvia\AppData\Local\Skillbrains\lightshot\2.6.5.55\LightShot.exe (Skillbrains)
PRC - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
PRC - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor14.dll ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE ()
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{7F49A903-BC76-42EF-9C39-4C4E201D1222}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{7F49A903-BC76-42EF-9C39-4C4E201D1222}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found
IE - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb143/?loc=IB_DS&a=6OyDqIPf6j&&i=26&search="
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\silvia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/30 14:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/30 14:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 07:09:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 07:09:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/02/29 20:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\silvia\AppData\Roaming\mozilla\Extensions
[2012/08/11 19:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\silvia\AppData\Roaming\mozilla\Firefox\Profiles\149mxx13.default\extensions
[2012/05/18 09:53:32 | 000,000,000 | ---D | M] (WOT) -- C:\Users\silvia\AppData\Roaming\mozilla\Firefox\Profiles\149mxx13.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/07/31 18:52:41 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\silvia\AppData\Roaming\mozilla\Firefox\Profiles\149mxx13.default\extensions\crossriderapp3491@crossrider.com
[2012/05/30 14:59:50 | 000,002,203 | ---- | M] () -- C:\Users\silvia\AppData\Roaming\Mozilla\Firefox\Profiles\149mxx13.default\searchplugins\MyStart Search.xml
[2012/07/19 06:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/03/29 18:20:26 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2012/07/19 06:30:30 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com
[2012/05/30 14:59:57 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012/08/11 19:11:36 | 000,340,132 | ---- | M] () (No name found) -- C:\USERS\SILVIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\149MXX13.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/03/15 08:18:43 | 000,009,524 | ---- | M] () (No name found) -- C:\USERS\SILVIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\149MXX13.DEFAULT\EXTENSIONS\{3E9A3920-1B27-11DA-8CD6-0800200C9A66}.XPI
[2012/07/18 10:55:08 | 000,004,028 | ---- | M] () (No name found) -- C:\USERS\SILVIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\149MXX13.DEFAULT\EXTENSIONS\{AA6F0803-145A-4200-8E5E-68898D02B5B3}.XPI
[2012/07/18 08:46:44 | 000,061,700 | ---- | M] () (No name found) -- C:\USERS\SILVIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\149MXX13.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
[2012/07/22 07:28:15 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\SILVIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\149MXX13.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/06/20 21:43:35 | 001,101,250 | R--- | M] () (No name found) -- C:\USERS\SILVIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\149MXX13.DEFAULT\EXTENSIONS\79REBELLIOUS@FRIENDLYGAMINGSIMPLIFIER.XPI
[2012/05/21 15:18:42 | 000,010,013 | ---- | M] () (No name found) -- C:\USERS\SILVIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\149MXX13.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2012/07/18 07:09:46 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\silvia\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\silvia\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\silvia\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Fancy Gaming Simplifier = C:\Users\silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\2.0.0.1_0\
CHR - Extension: YouTube = C:\Users\silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Website Logon = C:\Users\silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\
CHR - Extension: Click Trap Remover = C:\Users\silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekpkgapgggolafebmclbpdpnojfjlff\1.0.0_0\
CHR - Extension: Vid-Saver = C:\Users\silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.19.31_0\crossrider
CHR - Extension: Vid-Saver = C:\Users\silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.19.31_0\
CHR - Extension: Google Mail = C:\Users\silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Yann Arthus-Bertrand = C:\Users\silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaekpceeonanmjojailaojkconcgofc\3_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2861308168-92542282-2839993929-1000..\Run: [Facebook Update] C:\Users\silvia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2861308168-92542282-2839993929-1000..\Run: [LightShot] C:\Users\silvia\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKU\S-1-5-21-2861308168-92542282-2839993929-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKU\S-1-5-21-2861308168-92542282-2839993929-1000..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0558AB6B-1811-4094-AED1-E09B24851DF7}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA4B1FC4-C42E-4312-9F7E-91B2A1F7F690}: DhcpNameServer = 10.73.136.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/17 14:42:14 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\silvia\Desktop\OTL.exe
[2012/08/17 13:07:10 | 000,000,000 | ---D | C] -- C:\Users\silvia\AppData\Roaming\Malwarebytes
[2012/08/17 13:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/17 13:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/17 13:06:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/17 13:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/16 01:24:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/16 01:24:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/16 01:24:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/16 01:24:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/16 01:24:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/16 01:24:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/16 01:24:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/16 01:24:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/16 01:24:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/16 01:24:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/16 01:24:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/16 01:24:01 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/16 01:24:01 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 16:04:41 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2012/08/15 06:37:49 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 06:37:48 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 06:37:48 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 06:37:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 06:37:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 06:37:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 06:37:48 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 06:37:47 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/08 12:03:45 | 000,000,000 | ---D | C] -- C:\save
[2012/07/24 22:11:54 | 000,041,704 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2012/07/21 09:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series
[2012/07/21 09:32:47 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/07/21 09:32:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/07/21 09:32:36 | 000,336,896 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMA1.DLL
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/17 19:28:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 19:28:25 | 2132,406,271 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/17 19:10:00 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2012/08/17 18:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/17 17:21:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2861308168-92542282-2839993929-1000UA.job
[2012/08/17 15:58:00 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-2861308168-92542282-2839993929-1000.job
[2012/08/17 14:42:15 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\silvia\Desktop\OTL.exe
[2012/08/17 14:20:21 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 14:20:21 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 23:21:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2861308168-92542282-2839993929-1000Core.job
[2012/08/16 07:05:56 | 000,298,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 20:16:38 | 000,200,576 | ---- | M] () -- C:\Users\silvia\.recently-used.xbel
[2012/08/15 19:39:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 19:39:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/15 19:39:10 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/08/07 19:48:39 | 001,619,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/07 19:48:39 | 000,698,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/08/07 19:48:39 | 000,654,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/07 19:48:39 | 000,148,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/08/07 19:48:39 | 000,121,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/03 07:33:07 | 000,000,545 | ---- | M] () -- C:\Users\silvia\AppData\Local\UserProducts.xml
[2012/07/24 22:11:54 | 000,041,704 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
 
========== Files Created - No Company Name ==========
 
[2012/08/15 20:16:38 | 000,200,576 | ---- | C] () -- C:\Users\silvia\.recently-used.xbel
[2012/06/10 15:59:40 | 000,000,545 | ---- | C] () -- C:\Users\silvia\AppData\Local\UserProducts.xml
[2012/05/29 17:15:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/02/29 18:36:25 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/01/06 02:39:31 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
[2012/01/06 02:31:08 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/06/21 10:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 19:15:43 | 001,640,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >
         

hier extras.txt ... danke für die hilfe

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 8/17/2012 7:30:04 PM - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\silvia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 6.59 Gb Available Physical Memory | 82.56% Memory free
15.96 Gb Paging File | 14.46 Gb Available in Paging File | 90.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1849.90 Gb Total Space | 1791.00 Gb Free Space | 96.82% Space Free | Partition Type: NTFS
Drive D: | 13.01 Gb Total Space | 1.60 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
Drive E: | 7.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SILVIA-HP | User Name: silvia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{294DCD3A-A989-47D6-8B5D-D2C2F99FA114}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7AC5B30F-8D05-47BB-9268-11B123C98E88}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{089FB93F-0739-48A1-917C-9507CA832583}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{16785FFB-BB46-44C2-9BDA-A59D1A5AFCDF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{2FC44AE8-F8C1-4DCB-BAAB-DFF3CD859451}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{4F0A5785-5EFD-4861-A731-8B49C8EB0BCF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{61EC04DB-66DF-44A6-B943-300C7D46EC9B}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"{66296034-AC36-4A2F-8E64-EB9500E1D958}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{665E1610-22A2-4CC7-B70F-729B19D35DF8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{742B7056-1697-41A6-B87E-F3CF104C5642}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | 
"{78E32DC8-DB33-410C-85FE-AE2A01D06033}" = dir=in | app=c:\users\silvia\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{7EFE306D-DD95-4586-972C-CAA2B42315A6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{8AF90475-2FD8-4C75-AFBA-314207F3672F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe | 
"{8B7324F8-9E04-4BEC-9645-397009C3BBC2}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{9C8B16B9-7B78-4179-9291-DA303A5A6DDB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{9D8C0D4A-C278-4F84-8807-5948BDB8F4E0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{A209C0E5-930E-41E9-9949-A658D89EC139}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C285B655-317A-44B8-9F53-881FA715A2B6}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe | 
"{D608F2CE-59EC-4B00-8C3F-6B162D53C6C9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{EF3ECB8D-9867-4B6E-B12B-222D75680FE3}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"{F6B29540-CD15-40E7-B8BA-1E4266D6B9DF}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{212C22C8-8F29-423D-9ED6-1729D3236AFB}C:\program files\charles\charles.exe" = protocol=6 | dir=in | app=c:\program files\charles\charles.exe | 
"TCP Query User{5C4150FC-9439-46C4-90F3-1B9FBCE5C3DF}C:\farmvillebot_2.1\farmvillebot_lite.exe" = protocol=6 | dir=in | app=c:\farmvillebot_2.1\farmvillebot_lite.exe | 
"TCP Query User{8B0AC57D-AE9D-4B94-BAD5-A6A309715507}C:\program files (x86)\charles\charles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\charles\charles.exe | 
"TCP Query User{D24E42AE-782A-4F64-98CD-4946AF262C02}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{7DA6BA92-1138-4789-B0F7-4CBC050A3042}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{99C06379-BFA2-4D32-A0F2-86A3EB05660A}C:\program files\charles\charles.exe" = protocol=17 | dir=in | app=c:\program files\charles\charles.exe | 
"UDP Query User{BC0B41FF-957C-452D-BB84-0A576276B043}C:\program files (x86)\charles\charles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\charles\charles.exe | 
"UDP Query User{C7A40FD1-24DD-4754-A5E0-B92531C1AD0D}C:\farmvillebot_2.1\farmvillebot_lite.exe" = protocol=17 | dir=in | app=c:\farmvillebot_2.1\farmvillebot_lite.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.440
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.95
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11745B8A-E942-4674-B729-39110F5962AA}_is1" = FarmVilleBot 2.2.3.8
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-2.6.5.55
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34681D92-5958-406A-A654-1B57E7A7B3DC}" = HP Support Assistant
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98CD205B-7280-448E-AF5D-D6964A9A58A6}" = Charles 3.6.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A431FF-FDB1-40E5-B5F3-215290FD62DE}" = TP-LINK Drahtlos Tool
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D027A83A-719E-4AC1-BC02-084CA10C2F9D}" = faceBot - Farmville Edition
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AvantBrowser" = Avant Browser (remove only)
"EasyBits Magic Desktop" = Magic Desktop
"faceBot - Farmville Edition 2.0.1.97" = faceBot - Farmville Edition
"FilesFrog Update Checker" = FilesFrog Update Checker
"HotspotShield" = Hotspot Shield 2.65
"incredibar" = Incredibar Toolbar  on IE
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.64.1403" = Opera 11.64
"PDF Complete" = PDF Complete Special Edition
"TeamViewer 7" = TeamViewer 7
"VIP Access SDK" = VIP Access SDK (1.0.1.4) 
"VLC media player" = VLC media player 2.0.0
"WildTangent hp Master Uninstall" = HP Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WTA-15977ed2-7d6f-4040-b78d-3fbc6b536426" = Vacation Quest - The Hawaiian Islands
"WTA-2216822d-13a6-4fc9-82b8-55924e622668" = Polar Bowler
"WTA-23b85e41-3f07-4788-8e48-423d50ca87d0" = Cake Mania
"WTA-23d705ac-44a6-47ce-af70-c1e277a2c679" = Bejeweled 3
"WTA-3dc2e5a8-e379-4088-a9e3-5fe9b574281f" = Namco All-Stars: PAC-MAN
"WTA-40836c26-c0f3-4a37-b239-e74ac9433aae" = Slingo Deluxe
"WTA-5c7d2b7d-b317-4655-8533-8819c2974db7" = Chuzzle Deluxe
"WTA-613581d9-f354-471f-b3ad-cac679804629" = Plants vs. Zombies - Game of the Year
"WTA-61d5c83f-e479-42ac-b0e7-05e5f1e3abb5" = Agatha Christie - Peril at End House
"WTA-6967359a-79b2-4ce8-9dad-3fbcf704b7bb" = Blasterball 3
"WTA-7fa62d3e-3970-4575-b95c-d4b4fcaa5c90" = Jewel Quest Solitaire
"WTA-877312e8-c369-4068-9fdf-bcded4de0ad1" = Cradle of Rome 2
"WTA-8e38a4a2-8cc5-4ebc-b409-82dd93364055" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-944d35f2-13ef-461f-b6d7-b75cd5f05e15" = Zuma Deluxe
"WTA-94a23c0a-d220-4900-90ff-f49b3ecc08a6" = Farm Frenzy
"WTA-a33cf244-e953-4328-9cc1-8f067766c6d7" = Mah Jong Medley
"WTA-aec92e55-da6f-481a-b179-67e0016ff365" = Virtual Villagers - The Secret City
"WTA-b2e8e728-cfc4-4ec8-95cb-f03e7e34fa1d" = Governor of Poker 2 Premium Edition
"WTA-d368fb4d-4801-48ce-9a6a-60f89c88b95a" = Penguins!
"WTA-d7daae4b-6ba4-4950-add9-1421c7b72fa6" = Mystery of Mortlake Mansion
"WTA-e6eebbfb-fed3-4be3-9447-02691d806419" = Bounce Symphony
"WTA-eb69373b-a556-40df-8e6f-9bcfcd046f56" = Chronicles of Albian
"WTA-f1701fec-d5c1-41b9-aa0d-898571204c61" = FATE
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZinioReader4" = Zinio Reader 4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2861308168-92542282-2839993929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/10/2012 1:01:37 AM | Computer Name = silvia-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_262.exe,
 Version: 11.3.300.262, Zeitstempel: 0x4fe20fae  Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll,
 Version: 11.3.300.262, Zeitstempel: 0x4fe21212  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00490fb1  ID des fehlerhaften Prozesses: 0x404  Startzeit der fehlerhaften Anwendung:
 0x01cd5e5332f1d079  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
Berichtskennung:
 53385afb-ca4c-11e1-aad1-2c4138ae8dac
 
Error - 7/11/2012 1:41:16 AM | Computer Name = silvia-HP | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 7/11/2012 1:41:18 AM | Computer Name = silvia-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: faceBot.exe, Version: 2.0.2.3, Zeitstempel:
 0x4fb3e552  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x12b8  Startzeit der fehlerhaften Anwendung: 0x01cd5f1b7da1d52d  Pfad der
 fehlerhaften Anwendung: C:\faceBot_Farmville\faceBot.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 090ae1d5-cb1b-11e1-8d10-2c4138ae8dac
 
Error - 7/11/2012 1:41:25 AM | Computer Name = silvia-HP | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 7/11/2012 1:41:25 AM | Computer Name = silvia-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: faceBot.exe, Version: 2.0.2.3, Zeitstempel:
 0x4fb3e552  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x1468  Startzeit der fehlerhaften Anwendung: 0x01cd5f27cf92f0b7  Pfad der
 fehlerhaften Anwendung: C:\faceBot_Farmville\faceBot.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 0d58917a-cb1b-11e1-8d10-2c4138ae8dac
 
Error - 7/12/2012 12:48:16 AM | Computer Name = silvia-HP | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 7/12/2012 12:48:17 AM | Computer Name = silvia-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: faceBot.exe, Version: 2.0.2.3, Zeitstempel:
 0x4fb3e552  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x94c  Startzeit der fehlerhaften Anwendung: 0x01cd5fe4b809a296  Pfad der
 fehlerhaften Anwendung: C:\faceBot_Farmville\faceBot.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: cb385721-cbdc-11e1-8730-2c4138ae8dac
 
Error - 7/14/2012 5:56:55 PM | Computer Name = silvia-HP | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 4a4    Startzeit: 
01cd6185ce361f1a    Endzeit: 126    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 d09f4ef0-cdfe-11e1-a36e-2c4138ae8dac  
 
Error - 7/18/2012 1:58:40 AM | Computer Name = silvia-HP | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 718    Startzeit: 
01cd64a38ce783df    Endzeit: 28    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 9d0f050d-d09d-11e1-a4d1-2c4138ae8dac  
 
Error - 7/18/2012 7:26:40 AM | Computer Name = silvia-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: farmvillebot_lite.exe, Version: 1.0.3.6,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xbd0  Startzeit der fehlerhaften Anwendung: 0x01cd64d833a2a9d2  Pfad der
 fehlerhaften Anwendung: C:\FarmVilleBot_2.1\farmvillebot_lite.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 71789ee7-d0cb-11e1-a4d1-2c4138ae8dac
 
[ System Events ]
Error - 7/10/2012 10:23:34 AM | Computer Name = silvia-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 7/11/2012 12:03:44 AM | Computer Name = silvia-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 7/11/2012 11:53:24 PM | Computer Name = silvia-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 7/12/2012 11:45:08 AM | Computer Name = silvia-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 7/12/2012 11:15:10 PM | Computer Name = silvia-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 7/14/2012 1:56:49 AM | Computer Name = silvia-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 7/15/2012 1:46:15 AM | Computer Name = silvia-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 7/16/2012 12:16:38 AM | Computer Name = silvia-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 7/16/2012 10:35:26 PM | Computer Name = silvia-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 7/17/2012 5:31:34 AM | Computer Name = silvia-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
 
< End of report >
         

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

• Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
• Starte die OTL.exe.
  Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
• Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
SRV:64bit: - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox 
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF 
IE:64bit: - HKLM\..\SearchScopes\{7F49A903-BC76-42EF-9C39-4C4E201D1222}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} 
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF 
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} 
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox 
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF 
IE - HKLM\..\SearchScopes\{7F49A903-BC76-42EF-9C39-4C4E201D1222}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} 
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF 
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} 
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found 
IE - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox 
IE - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} 
IE - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.startup.homepage: "about:home" 
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: "" 
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0 
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" 
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false 
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: "" 
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0 
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: "" 
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0 
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 0 
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1" 
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888 
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: "" 
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false 
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: "" 
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0 
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1" 
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888 
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1 
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb143/?loc=IB_DS&a=6OyDqIPf6j&&i=26&search=" 
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" 
FF - prefs.js..network.proxy.type: 0 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/30 14:59:57 | 000,000,000 | ---D | M] 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/30 14:59:57 | 000,000,000 | ---D | M] 
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll () 
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) 
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () 
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) 
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) 
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) 
O3 - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. 
O3 - HKU\S-1-5-21-2861308168-92542282-2839993929-1000\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found. 
O4 - HKLM..\Run: [] File not found 
O4 - HKU\S-1-5-21-2861308168-92542282-2839993929-1000..\Run: [LightShot] C:\Users\silvia\AppData\Local\Skillbrains\lightshot\LightShot.exe () 
O4 - HKU\S-1-5-21-2861308168-92542282-2839993929-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) 
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
 
[2012/08/17 19:10:00 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\update-sys.job 
[2012/08/17 18:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012/08/17 17:21:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2861308168-92542282-2839993929-1000UA.job 
[2012/08/17 15:58:00 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-2861308168-92542282-2839993929-1000.job 
[2012/08/16 23:21:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2861308168-92542282-2839993929-1000Core.job 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         

• Schließe alle Programme.
• Klicke auf den Fix Button.
• Wenn OTL einen Neustart verlangt, bitte zulassen.
• Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
  Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

otr-fix ist gelaufen. neustart erledigt. 1000 dank für die hilfe
hier das logfile:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Service Web Assistant Updater stopped successfully!
Service Web Assistant Updater deleted successfully!
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F49A903-BC76-42EF-9C39-4C4E201D1222}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F49A903-BC76-42EF-9C39-4C4E201D1222}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F49A903-BC76-42EF-9C39-4C4E201D1222}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F49A903-BC76-42EF-9C39-4C4E201D1222}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2861308168-92542282-2839993929-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
HKEY_USERS\S-1-5-21-2861308168-92542282-2839993929-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2861308168-92542282-2839993929-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2861308168-92542282-2839993929-1000\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
HKU\S-1-5-21-2861308168-92542282-2839993929-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: "" removed from extensions.charles.settings.disabled.network.proxy.http
Prefs.js: 0 removed from extensions.charles.settings.disabled.network.proxy.http_port
Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from extensions.charles.settings.disabled.network.proxy.no_proxies_on
Prefs.js: false removed from extensions.charles.settings.disabled.network.proxy.share_proxy_settings
Prefs.js: "" removed from extensions.charles.settings.disabled.network.proxy.socks
Prefs.js: 0 removed from extensions.charles.settings.disabled.network.proxy.socks_port
Prefs.js: "" removed from extensions.charles.settings.disabled.network.proxy.ssl
Prefs.js: 0 removed from extensions.charles.settings.disabled.network.proxy.ssl_port
Prefs.js: 0 removed from extensions.charles.settings.disabled.network.proxy.type
Prefs.js: "127.0.0.1" removed from extensions.charles.settings.enabled.network.proxy.http
Prefs.js: 8888 removed from extensions.charles.settings.enabled.network.proxy.http_port
Prefs.js: "" removed from extensions.charles.settings.enabled.network.proxy.no_proxies_on
Prefs.js: false removed from extensions.charles.settings.enabled.network.proxy.share_proxy_settings
Prefs.js: "" removed from extensions.charles.settings.enabled.network.proxy.socks
Prefs.js: 0 removed from extensions.charles.settings.enabled.network.proxy.socks_port
Prefs.js: "127.0.0.1" removed from extensions.charles.settings.enabled.network.proxy.ssl
Prefs.js: 8888 removed from extensions.charles.settings.enabled.network.proxy.ssl_port
Prefs.js: 1 removed from extensions.charles.settings.enabled.network.proxy.type
Prefs.js: "hxxp://mystart.incredibar.com/mb143/?loc=IB_DS&a=6OyDqIPf6j&&i=26&search=" removed from keyword.URL
Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
C:\Program Files\Web Assistant\Extension64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
C:\Program Files\Web Assistant\Extension32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ deleted successfully.
C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2861308168-92542282-2839993929-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2861308168-92542282-2839993929-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2861308168-92542282-2839993929-1000\Software\Microsoft\Windows\CurrentVersion\Run\\LightShot deleted successfully.
C:\Users\silvia\AppData\Local\Skillbrains\lightshot\LightShot.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2861308168-92542282-2839993929-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Messenger (Yahoo!) deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Windows\Tasks\update-sys.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2861308168-92542282-2839993929-1000UA.job moved successfully.
C:\Windows\Tasks\update-S-1-5-21-2861308168-92542282-2839993929-1000.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2861308168-92542282-2839993929-1000Core.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\silvia\Desktop\cmd.bat deleted successfully.
C:\Users\silvia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: silvia
->Temp folder emptied: 734940259 bytes
->Temporary Internet Files folder emptied: 2417995302 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 72301465 bytes
->Google Chrome cache emptied: 503579255 bytes
->Opera cache emptied: 19501066 bytes
->Flash cache emptied: 59828 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 147180152 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 104844926 bytes
 
Total Files Cleaned = 3,815.00 mb
 
 
OTL by OldTimer - Version 3.2.57.0 log created on 08182012_231624

Files\Folders moved on Reboot...
C:\Users\silvia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\silvia\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Search.
• Nach Ende des Suchlaufs öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

wenn ich firefox starte und im startbildschirm in google einen suchbegriff eingebe bekommen ich das mysearch immer noch :-(

ich lass jetzt die scans laufen.

Bitte mit Logfiles wieder melden.

malwarebytes hat nix gefunden


adwcleaner:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/19/2012 at 18:45:21
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : silvia - SILVIA-HP
# Boot Mode : Normal
# Running from : C:\Users\silvia\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Save
Folder Found : C:\Users\silvia\AppData\Local\Conduit
Folder Found : C:\Users\silvia\AppData\LocalLow\Conduit
Folder Found : C:\Users\silvia\AppData\LocalLow\PriceGong
Folder Found : C:\Program Files\Web Assistant
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
File Found : C:\Users\silvia\Desktop\Check for Updates.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\user.js

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\Cr_Installer
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\InstalledBrowserExtensions
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
[x64] Key Found : HKLM\SOFTWARE\Classes\I
[x64] Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
[x64] Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
[x64] Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
[x64] Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\silvia\AppData\Roaming\Mozilla\Firefox\Profiles\149mxx13.default\prefs.js

Found : user_pref("extensions.crossriderapp3491@crossrider.com.install-event-fired", true);
Found : user_pref("extensions.ffxtlbr@incredibar.com.install-event-fired", true);
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10643");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "5abd0b4300000000000000ffea4b1fc4");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15490");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "1");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyDqIPf6j&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6OyDqIPf6j");
Found : user_pref("extensions.incredibar_i.upn2n", "92261499144450155");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1415:00:00");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v17.0.963.83

File : C:\Users\silvia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.64.1403.0

File : C:\Users\silvia\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14837 octets] - [19/08/2012 18:45:21]

########## EOF - C:\AdwCleaner[R1].txt - [14966 octets] ##########
         

Sehr gut!

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Delete.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

delete with adwcleaner ist erledigt. anti malware mache ich jetzt

logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/19/2012 at 19:14:20
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : silvia - SILVIA-HP
# Boot Mode : Normal
# Running from : C:\Users\silvia\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Save
Folder Deleted : C:\Users\silvia\AppData\Local\Conduit
Folder Deleted : C:\Users\silvia\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\silvia\AppData\LocalLow\PriceGong
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
File Deleted : C:\Users\silvia\Desktop\Check for Updates.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\user.js

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\silvia\AppData\Roaming\Mozilla\Firefox\Profiles\149mxx13.default\prefs.js

C:\Users\silvia\AppData\Roaming\Mozilla\Firefox\Profiles\149mxx13.default\user.js ... Deleted !

Deleted : user_pref("extensions.crossriderapp3491@crossrider.com.install-event-fired", true);
Deleted : user_pref("extensions.ffxtlbr@incredibar.com.install-event-fired", true);
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10643");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "5abd0b4300000000000000ffea4b1fc4");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15490");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "1");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyDqIPf6j&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6OyDqIPf6j");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92261499144450155");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1415:00:00");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v17.0.963.83

File : C:\Users\silvia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.64.1403.0

File : C:\Users\silvia\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14832 octets] - [19/08/2012 18:45:21]
AdwCleaner[S1].txt - [11300 octets] - [19/08/2012 19:14:20]

########## EOF - C:\AdwCleaner[S1].txt - [11429 octets] ##########
         

Emsisoft Log?

emisoft ist jetzt fertig

Code: Alles auswählenAufklappen

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 8/19/2012 7:25:32 PM

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	8/19/2012 7:51:40 PM


Gescannt	633989
Gefunden	0

Scan Ende:	8/19/2012 8:09:20 PM
Scan Zeit:	0:17:40
         

Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

• Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
• Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
• Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

• Lade und starte Eset Smartinstaller
• Haken setzen bei YES, I accept the Terms of Use.
• Klick auf Start.
• Haken setzen bei Remove found threads und Scan archives.
• Klick auf Start.
• Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Finish drücken.
• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

eset ist erledigt

logfile:

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e90fbea2dacb5140b07f95e3ceee3ad6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-19 08:22:48
# local_time=2012-08-19 10:22:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 14826559 97030963 0 0
# compatibility_mode=8192 67108863 100 0 159 159 0 0
# scanned=215445
# found=31
# cleaned=31
# scan_time=6654
C:\FarmVilleBot_2.1\main.php	PHP/Kryptik.AE trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\FarmVilleBot_2.1\plugins\rrUGCmats\main.php	PHP/Obfuscated.F application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\AB_DinoIsland.rar	PHP/Obfuscated.F application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\alsLeakingPub.rar	PHP/Kryptik.AE trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\AmanFunWithPigs_v1.3.rar	PHP/Obfuscated.F application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\Fairydust_downloader_by_Fonts101.exe	a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\Fairytale_downloader_by_SchriftartenFontsde.exe	a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\Mystery_EggOpener xml added.rar	PHP/Obfuscated.F application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\plugins fv bot.rar	PHP/Kryptik.AE trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\rrUGCmats V2.2.rar	PHP/Obfuscated.F application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\rrUGCmats.rar	PHP/Obfuscated.F application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\ScriptG731_downloader_by_Fonts101.exe	a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\VTCSikleCell_downloader_by_Fonts101.exe	a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\alsLeakingPub\alsLeakingPub\main.php	PHP/Kryptik.AE trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\alsLeakingPub\alsLeakingPub\alsLeakingPub\main.php	PHP/Kryptik.AE trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\Harvester\plugins\AB_DinoIsland\main.php	PHP/Obfuscated.F application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\Harvester\plugins\FvBotPremiumGifts\main.php	PHP/Obfuscated.F application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\Harvester\plugins\rrGetGopherTreat\main.php	PHP/Kryptik.AE trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\Harvester\plugins\rrUGCmats\main.php	PHP/Obfuscated.F application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\plugins\AB_NMultiHack\main.php	PHP/Obfuscated.F application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\plugins\alsLeakingPub\alsLeakingPub\main.php	PHP/Kryptik.AE trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\plugins\AmanFunWithPigs\main.php	PHP/Obfuscated.F application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\plugins\GL_GetCashz\main.php	PHP/Kryptik.AE trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\plugins\Mystery_EggOpener\main.php	PHP/Obfuscated.F application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\plugins\rrGetGopherTreat\main.php	PHP/Kryptik.AE trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\plugins\TN_BOTPAGE\main.php	PHP/Obfuscated.F application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\plugins fv bot\GL_Dna7x.[fix] .rar	PHP/Kryptik.AE trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\plugins fv bot\rrGetGopherTreat.rar	PHP/Kryptik.AE trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\silvia\Downloads\plugins neu\alsLeakingPub\main.php	PHP/Kryptik.AE trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
G:\musik\5-ccdl_1.rar	probably a variant of Win32/IRCBot.LOYFYKV trojan (deleted - quarantined)	00000000000000000000000000000000	C
G:\musik\The.Panorama.Factory.v4.4.m32.Edition.Incl.Keygen-dT\setup_pack\keygen.exe	probably a variant of Win32/Agent.EZZUYZZ trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C