| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google WeiterleitungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.08.2012, 22:58
| #1 |
| |  Google Weiterleitung Hallo zusammen, ich habe heute auf 2 unterschiedlichen Rechnern ein Update von CCleaner, tema viewer und glary utilities gemacht. Seit dem werde ich, wenn ich google.de in den Browser eingebe automatisch auf irgendwelche wilkürlichen Websites weitergeleitet. Ccleaner und Sbyboot sowie Antivir und Malwarebyte haben keine Meldungen gebracht. Von einem Rechner mal Hijack this Logfile anbei: Browser: IE9, System: Vista Wer kann hier helfen. HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:40:42, on 21.08.2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\PLFSetI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Users\MICHAE~1\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\conime.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\xxxxxxxxxx\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0511&m=aspire_7738 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0511&m=aspire_7738 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0511&m=aspire_7738 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxxxxxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: cyberJack PC/SC COM Service (cjpcsc) - REINER SCT - C:\Windows\system32\cjpcsc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe O23 - Service: StarMoney 8.0 OnlineUpdate - Star Finanz - Software Entwicklung und Vertriebs GmbH - C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 9175 bytes Der 2. REchner Win XP und IE8: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:39:11, on 21.08.2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\cjpcsc.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\Programme\TeamViewer\Version7\TeamViewer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\TeamViewer\Version7\tv_w32.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Besitzer\Desktop\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Vielen Dank schon mal BG Newbie Geändert von newbi (21.08.2012 um 23:18 Uhr) |
|
22.08.2012, 23:07
| #2 |
| /// Helfer-Team  | Google Weiterleitung 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
23.08.2012, 21:23
| #3 |
| | Google Weiterleitung Hallo,
__________________Malwarantibyte Logfile von Rechner 1: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.23.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 XXXXXXXXXXXXXXX :: XXXXXXXXX [Administrator] Schutz: Deaktiviert 23.08.2012 22:03:09 mbam-log-2012-08-23 (22-03-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 191032 Laufzeit: 7 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL von diesem Rechner:OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 23.08.2012 22:02:33 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\XXXXXXXXXXX\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 50,87% Memory free 6,19 Gb Paging File | 4,32 Gb Available in Paging File | 69,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 452,99 Gb Total Space | 217,89 Gb Free Space | 48,10% Space Free | Partition Type: NTFS Computer Name: XXXXXXXXXX | User Name: XXXXXXXXXXX| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XXXXXXXXXXX\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\XXXXXXXXXX\AppData\Local\Temp\is-F5VTD.tmp\mbam-setup-1.62.0.1300.tmp () PRC - C:\Users\XXXXXXXXXXXX\Desktop\mbam-setup-1.62.0.1300.exe (Malwarebytes Corporation ) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT) PRC - C:\Users\XXXXXXXXX\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe (TOSHIBA CORPORATION.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Win32 Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (btwrchid) -- system32\DRIVERS\btwrchid.sys File not found DRV - (btwavdt) -- system32\drivers\btwavdt.sys File not found DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT) DRV - (Tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (Tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (FPSensor) -- C:\Windows\System32\drivers\FPSensor.sys (Egis) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0511&m=aspire_7738 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0511&m=aspire_7738 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2962711823-1018034334-430022026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0511&m=aspire_7738 IE - HKU\S-1-5-21-2962711823-1018034334-430022026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-2962711823-1018034334-430022026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2962711823-1018034334-430022026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKU\S-1-5-21-2962711823-1018034334-430022026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2962711823-1018034334-430022026-1000\..\SearchScopes,DefaultScope = {0035A850-9D90-4D6B-B32B-81EB85B3C43F} IE - HKU\S-1-5-21-2962711823-1018034334-430022026-1000\..\SearchScopes\{0035A850-9D90-4D6B-B32B-81EB85B3C43F}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-2962711823-1018034334-430022026-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2962711823-1018034334-430022026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012.08.11 10:13:13 | 000,443,998 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15252 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2962711823-1018034334-430022026-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2962711823-1018034334-430022026-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXXXXXXXXXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19092BE6-6103-4BBE-9880-D69150BD2DC2}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D74B10A0-DB46-4F8C-B92E-976490BE8DD1}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.23 22:01:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\XXXXXXXXXXXXXXXXX\Desktop\OTL.exe [2012.08.23 22:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.23 22:01:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.23 22:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.23 21:54:37 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\XXXXXXXXXXXXXXXXXX\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.22 09:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.08.22 01:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities [2012.08.22 01:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities [2012.08.22 00:59:07 | 003,907,920 | ---- | C] (Piriform Ltd) -- C:\Users\XXXXXXXXXXXXXXXxxx\Desktop\ccsetup321.exe [2012.08.21 23:20:25 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXXXXXXx\AppData\Roaming\Malwarebytes [2012.08.21 23:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.21 18:30:21 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXXX\temp [2012.08.21 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.08.14 20:04:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.14 20:04:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.14 20:04:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.14 20:04:03 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.14 20:04:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.14 20:04:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.14 20:04:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.14 20:03:33 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.29 21:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2012.07.29 21:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2012.07.29 21:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2012.07.29 21:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest update [2012.07.29 21:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest [2012.07.29 20:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Bluetooth SDK [2012.07.21 14:11:41 | 018,164,784 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware_5.5.1006.exe [2012.03.24 22:51:50 | 077,738,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ExcelViewer.exe [2012.02.08 19:46:56 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe [2011.12.24 11:09:38 | 151,583,952 | ---- | C] (MAGIX AG) -- C:\Program Files\Music_Maker_17_DE_CHIP.exe [2011.12.22 21:21:27 | 060,506,288 | ---- | C] (Ashampoo GmbH & Co. KG ) -- C:\Program Files\ashampoo_burning_studio_2012_10.0.15_9751.exe [2011.12.13 19:15:48 | 004,575,560 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp5623_lite_de-de.exe [2011.12.07 21:31:30 | 025,362,536 | ---- | C] (Abelssoft ) -- C:\Program Files\sparfuchs-chip.exe [2011.12.04 15:37:11 | 030,464,973 | ---- | C] (GIANTS ) -- C:\Program Files\Landwirtschaftssimulator2008_v2_Addon_Deutsch.exe [2011.12.04 15:35:31 | 044,055,432 | ---- | C] (GIANTS Software ) -- C:\Program Files\FarmingSimulator2008v5DE_ChipEdition.exe [2011.11.21 23:23:06 | 157,952,016 | ---- | C] (NVIDIA Corporation) -- C:\Program Files\285.62-notebook-win7-winvista-32bit-international-whql.exe [2011.05.28 23:49:34 | 036,564,992 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install_virtualdj_home_v7.0.4.exe [2011.05.23 22:38:04 | 019,159,080 | ---- | C] (Sony Ericsson ) -- C:\Program Files\Sony__Ericsson__PC__Suite_6.011.00_Web_DEU.exe ========== Files - Modified Within 30 Days ========== [2012.08.23 22:01:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\XXXXXXXXXXXXXX\Desktop\OTL.exe [2012.08.23 22:01:23 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.23 21:48:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.08.23 21:47:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.23 21:47:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.23 21:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.22 21:15:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.08.22 20:54:44 | 000,001,744 | ---- | M] () -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\MyMicroBalanceConfig.ini [2012.08.22 20:49:55 | 000,002,393 | ---- | M] () -- C:\Users\Public\Desktop\MyMicroBalance.lnk [2012.08.22 19:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.22 01:19:45 | 000,400,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.22 00:59:08 | 003,907,920 | ---- | M] (Piriform Ltd) -- C:\Users\XXXXXXXXXXXXXXXXXXXXX\Desktop\ccsetup321.exe [2012.08.21 18:30:05 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.08.14 20:28:36 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.14 20:28:36 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.13 20:50:54 | 000,632,502 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.13 20:50:54 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.13 20:50:54 | 000,127,714 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.13 20:50:54 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.11 10:13:13 | 000,443,998 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.07.29 21:42:02 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk ========== Files Created - No Company Name ========== [2012.08.23 22:01:23 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.22 01:23:20 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job [2012.08.22 01:18:19 | 000,400,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.21 18:30:06 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.08.21 18:30:03 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.07.29 21:42:02 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2012.02.10 23:55:57 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2012.02.08 19:00:06 | 087,262,320 | ---- | C] () -- C:\Program Files\avira_free_antivirus1200872_de.exe [2011.12.13 13:05:42 | 021,073,936 | ---- | C] () -- C:\Program Files\vlc-1.1.11-win32.exe [2011.07.08 20:14:31 | 000,000,099 | ---- | C] () -- C:\Windows\WirelessFTP.INI [2011.06.22 21:01:04 | 000,003,170 | ---- | C] () -- C:\Users\XXXXXXXXXXXXXXXX\.ganttproject [2011.06.12 15:49:05 | 000,019,968 | ---- | C] () -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.23 22:02:37 | 000,001,356 | ---- | C] () -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Local\d3d9caps.dat [2011.05.23 21:43:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.05.23 21:43:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.05.23 13:04:31 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll [2011.05.23 13:04:31 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll [2011.05.23 10:07:19 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.05.23 10:07:19 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.05.23 10:07:19 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.05.23 10:07:19 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.05.23 10:07:19 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.05.23 10:07:19 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.05.23 10:07:19 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.05.23 10:07:19 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.05.23 10:07:19 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.05.23 10:07:19 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.05.23 10:07:19 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.05.23 10:07:19 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.05.23 10:07:19 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.05.23 10:07:19 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.05.23 10:07:19 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.05.23 10:07:19 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.05.23 10:07:19 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.05.23 10:07:19 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.05.23 10:07:19 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011.05.23 05:37:48 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2011.05.23 01:34:36 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2011.05.23 01:02:13 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2011.05.23 00:39:06 | 000,001,744 | ---- | C] () -- C:\Users\XXXXXXXXXXXXXXX\AppData\Roaming\MyMicroBalanceConfig.ini [2011.05.22 23:53:24 | 000,000,089 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.05.22 23:53:09 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini [2011.05.22 23:47:52 | 000,000,574 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2011.05.22 21:11:10 | 003,004,832 | ---- | C] () -- C:\Program Files\BitTorrent-6.3.exe [2011.05.22 21:11:02 | 048,132,096 | ---- | C] () -- C:\Program Files\zaSetup_92_105_000_de.exe [2011.05.22 21:10:15 | 005,279,114 | ---- | C] () -- C:\Program Files\SopCast329.zip [2011.05.22 21:09:55 | 002,062,304 | ---- | C] () -- C:\Program Files\installspeedfan443.exe [2011.05.22 20:47:27 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2011.05.22 20:16:58 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011.05.22 20:16:58 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2011.05.22 20:16:58 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini [2011.05.22 20:11:27 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2011.05.22 20:11:27 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2011.05.22 20:11:27 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011.05.22 20:11:27 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011.05.22 20:11:26 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2011.05.22 20:11:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011.05.22 20:04:03 | 000,178,961 | ---- | C] () -- C:\Windows\hphins26.dat ========== LOP Check ========== [2011.05.22 20:19:31 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\Acer [2009.03.12 05:07:02 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\Acer GameZone Console [2011.05.22 22:20:13 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\Ashampoo [2011.12.11 16:26:54 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\CBL-Electronics [2011.10.05 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\DVDVideoSoft [2011.06.26 10:06:26 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.23 23:09:31 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\EA [2011.12.04 15:38:55 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\FarmingSimulator2008 [2011.05.23 20:52:29 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\GlarySoft [2012.02.10 23:33:18 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\MAGIX [2011.05.22 22:46:33 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\OpenOffice.org [2011.05.26 16:38:15 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\Panasonic [2012.02.12 15:49:59 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\Phase6 [2012.01.28 22:49:53 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\PowerCinema [2012.01.28 22:31:51 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\SoftDMA [2011.05.23 22:19:59 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\Sony [2011.07.09 18:37:42 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXXXXXXXXXX\AppData\Roaming\TeamViewer [2012.08.23 21:48:00 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2012.08.22 21:15:53 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:8750DCE4 < End of report > --- --- --- und:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.08.2012 22:02:33 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\XXXXXXXXXXXX\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 50,87% Memory free
6,19 Gb Paging File | 4,32 Gb Available in Paging File | 69,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 217,89 Gb Free Space | 48,10% Space Free | Partition Type: NTFS
Computer Name: XXXXXXXXXXXXXXXXXXXXXXXXXx | User Name: XXXXXXXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D5127DB-8BFF-4E3A-A121-E693267DEC08}" = rport=445 | protocol=6 | dir=out | app=system |
"{3250F9AC-DC52-4CEE-88CF-8D4929C96234}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{44200AB5-F9D2-4557-9FF4-4879E698008F}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F364397-4767-470C-A89C-EDB30C013647}" = rport=137 | protocol=17 | dir=out | app=system |
"{8536CF18-158B-4D2A-9421-534E5512C545}" = lport=137 | protocol=17 | dir=in | app=system |
"{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ADE03EF9-9DBC-4BA4-B7CA-9ABC7AE3EB77}" = rport=138 | protocol=17 | dir=out | app=system |
"{B7B9789E-32BE-4914-BCED-4B6BA12E528A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E05E45C4-FEB3-40AD-9878-A5AB78129D7A}" = lport=139 | protocol=6 | dir=in | app=system |
"{E9C6AC71-7C5D-4F5B-92E0-14F422655F2A}" = rport=139 | protocol=6 | dir=out | app=system |
"{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F3152136-5859-4CE6-AB8B-38E69BED6008}" = lport=445 | protocol=6 | dir=in | app=system |
"{FC14BD76-1191-4C4B-BE88-6DB181E2A160}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005AEAFE-74B1-4936-AA1C-32A94320552D}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{057C2482-35E5-4640-B1CE-112280F9A432}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{07F6E0D9-FD9A-4D3E-926B-2666D2D4A4F4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{28D47296-8925-47EF-A872-C7EBB0C102C5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{371AD853-4205-4904-BF42-1500BC71066E}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe |
"{3C90F487-2614-4FEE-9F77-4103E484B395}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{44889AC9-9867-429E-8BA8-748B683CBD8D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5ACF69B9-4FAE-4F3B-86AD-DFB47660275E}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{6F80B5B4-0A24-4CE6-829C-EF2317F8CFAC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{7611F65F-475C-412D-ABCD-F3EF547E4C13}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8128CFE7-81C0-4305-A369-9DBA801E3E5D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9000D365-0E42-4984-9C9D-96FE8A64D821}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 s-edition\app\starmoney.exe |
"{A0652328-07D9-4136-9A49-D988D9B7788F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B8214A8E-3317-40FA-AADE-95509AE12FE1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{DA1D2ED9-39CB-40CC-8340-E3E0EBD7495D}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{E06B0F9F-C493-4345-9A0D-022534CC7C55}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EDC42E76-564E-4CE1-8264-C012E7FC1095}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{F43275EC-4383-46AC-AAB7-88968B7A610C}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 s-edition\app\starmoney.exe |
"{F516E0A3-3C5F-4B8B-BF47-14D181F2A83D}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe |
"{F9FF4B4F-E83E-44F8-8117-2A1C88A5AFDC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{FA0B3D57-4CF9-48B4-9642-853D52539896}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FB6C6776-FD77-4983-8CFB-C66AF1AF475F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{19981591-E830-40B0-852C-50F1CC64534C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{4D09A463-304C-4F0B-BC7D-2F8B1BC61C59}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{6508BF0B-3631-4880-BD68-2AE153296C1C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9F8D4090-BCC5-4D28-B823-0611D61B303B}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{A0E9EC0D-4588-4AF4-B379-E16180ACFCD5}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{6DFDA6D1-CCE1-48D5-9CC6-8414B4FBE039}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7BED7538-E0E0-4690-99F5-71EA23C3A71F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{BB235C19-0A8B-4AEB-9FC7-28CA8FB761E1}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{D18E9790-CE84-48C3-858F-E8532661815B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{D97A44D9-C3F9-4E48-9B9A-2EF34F8F2DA9}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser und SDK
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{398E4B12-9DF4-40E7-901C-494C6E99D2DC}" = StarMoney
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4DF4CAB9-B628-4924-AD9A-1C457DD2960A}" = VirtualDJ Home FREE
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E653036-DE31-4BFD-96BB-421CC72E06FC}" = PHOTOfunSTUDIO 6.1 HD Lite Edition
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOKR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{93E28602-B57A-4487-AA65-97BB5C97AD00}" = StarMoney
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.79.326
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.079
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB90F7-3DAE-4797-8A1F-091A98285F3E}" = MyMicroBalance
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB22B66C-4294-4C21-82D5-929AEF12472E}" = StarMoney 8.0 S-Edition
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"EADM" = EA Download Manager
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Glary Utilities_is1" = Glary Utilities 2.48.0.1568
"GridVista" = Acer GridVista
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.OUTLOOKR" = Microsoft Outlook 2010
"Race On_is1" = Race On
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"Volvo - The Game_is1" = Volvo - The Game
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.03.2012 15:28:13 | Computer Name = XXXXXXXXXXXXXX | Source = Application Hang | ID = 1002
Description = Programm MyMicroBalance.exe, Version 2.5.0.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1594 Anfangszeit: 01ccf973a3f51902 Zeitpunkt
der Beendigung: 0
Error - 05.03.2012 15:09:53 | Computer Name = XXXXXXXXXXXXX| Source = Windows Search Service | ID = 3024
Description =
Error - 18.03.2012 09:28:04 | Computer Name = XXXXXXXXXXXXXX | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SearchIndexer.exe, Version 7.0.6002.18005, Zeitstempel
0x49e02459, fehlerhaftes Modul TQUERY.DLL, Version 7.0.6002.18005, Zeitstempel
0x49e0382e, Ausnahmecode 0xc0000005, Fehleroffset 0x000b1f69, Prozess-ID 0xb68, Anwendungsstartzeit
01cd0505bf2cb5d4.
Error - 20.03.2012 16:18:58 | Computer Name = XXXXXXXXX | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: ba4 Anfangszeit: 01cd06d64fcec7a0 Zeitpunkt
der Beendigung: 16
Error - 24.03.2012 06:18:43 | Computer Name = XXXXXXXXX | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 17c4 Anfangszeit: 01cd09a4adbb1d59 Zeitpunkt
der Beendigung: 10
Error - 24.03.2012 06:30:32 | Computer Name = XXXXXXXXXXXXXXX | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 40c Anfangszeit: 01cd09a469243739 Zeitpunkt
der Beendigung: 0
Error - 24.03.2012 06:52:26 | Computer Name = XXXXXXXXXXX | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 110c Anfangszeit: 01cd09ab059efef9 Zeitpunkt
der Beendigung: 16
Error - 24.03.2012 17:47:59 | Computer Name = XXXXXXXXXXXXX | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x45b456f8, Ausnahmecode 0xc0000005, Fehleroffset 0x09e64730, Prozess-ID 0xea8,
Anwendungsstartzeit 01cd0a068f080825.
Error - 09.04.2012 15:53:30 | Computer Name = XXXXXXXX | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nvxdsync.exe, Version 8.17.12.9573, Zeitstempel
0x4f3476db, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
Ausnahmecode 0xc0000374, Fehleroffset 0x000b06b7, Prozess-ID 0x6b8, Anwendungsstartzeit
01cd165e7e553329.
Error - 01.05.2012 10:15:32 | Computer Name = XXXXXXXXX | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul jvm.dll, Version 21.0.0.17, Zeitstempel 0x4e0856df,
Ausnahmecode 0xc0000005, Fehleroffset 0x000a7a1b, Prozess-ID 0x13cc, Anwendungsstartzeit
01cd27a4c3973740.
[ System Events ]
Error - 22.08.2012 02:52:57 | Computer Name = XXXXXXXXX | Source = Service Control Manager | ID = 7022
Description =
Error - 22.08.2012 03:29:10 | Computer Name = XXXXXXXXX | Source = Service Control Manager | ID = 7000
Description =
Error - 22.08.2012 03:29:49 | Computer Name = XXXXXXXXX | Source = Service Control Manager | ID = 7043
Description =
Error - 22.08.2012 03:29:50 | Computer Name = XXXXXXXXX | Source = DCOM | ID = 10005
Description =
Error - 22.08.2012 10:32:34 | Computer Name = XXXXXXXXX | Source = Service Control Manager | ID = 7000
Description =
Error - 22.08.2012 10:34:14 | Computer Name = XXXXXXXXX | Source = Service Control Manager | ID = 7022
Description =
Error - 22.08.2012 14:48:03 | Computer Name = XXXXXXXXX | Source = Service Control Manager | ID = 7000
Description =
Error - 22.08.2012 14:49:40 | Computer Name = XXXXXXXXX | Source = Service Control Manager | ID = 7022
Description =
Error - 23.08.2012 15:47:57 | Computer Name = XXXXXXXXX | Source = Service Control Manager | ID = 7000
Description =
Error - 23.08.2012 15:49:30 | Computer Name = XXXXXXXXX | Source = Service Control Manager | ID = 7022
Description =
< End of report >
hier machen mich sachen wie 007guard.com etc stutzig. Hier weiß ich nicht, wie ich die bekommen habe. Rechner 2 folgt: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.23.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Besitzer :: XXXXXXXXXXXXX [Administrator] Schutz: Deaktiviert 23.08.2012 22:27:52 mbam-log-2012-08-23 (22-27-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 189790 Laufzeit: 31 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) BG Newbi Geändert von newbi (23.08.2012 um 22:03 Uhr) |
|
24.08.2012, 00:25
| #4 |
| /// Helfer-Team | Google Weiterleitung Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL
PRC - C:\Users\XXXXXXXXX\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (btwrchid) -- system32\DRIVERS\btwrchid.sys File not found
DRV - (btwavdt) -- system32\drivers\btwavdt.sys File not found
DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2962711823-1018034334-430022026-1000\..\SearchScopes,DefaultScope = {0035A850-9D90-4D6B-B32B-81EB85B3C43F}
IE - HKU\S-1-5-21-2962711823-1018034334-430022026-1000\..\SearchScopes\{0035A850-9D90-4D6B-B32B-81EB85B3C43F}: "URL" = http://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-2962711823-1018034334-430022026-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2962711823-1018034334-430022026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:8750DCE4
[2012.08.22 01:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2012.08.22 01:23:20 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.08.21 18:30:21 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXXXXXXX\Temp
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
24.08.2012, 08:52
| #5 |
| | Google Weiterleitung Hallo, ich kann seit heute wieder normal surfen auf google. Wir hatten letzte Nacht Gewitter und Stromausfall, so das ich den Router aus der Steckdose genommen und wieder eingesteckt habe. Seit dem keine Probleme mehr. Hat hier evtl. unser Provider Probleme gehabt? Wenn nicht, führe ich die Aktion noch aus gem. Beschreibung. BG newbi |
|
24.08.2012, 16:00
| #6 |
| /// Helfer-Team | Google Weiterleitung Bitte fortfaren, dann wissen wir mehr.
__________________ --> Google Weiterleitung |
|
25.08.2012, 15:50
| #7 |
| | Google Weiterleitung Hallo, anbei das Ergebnis: All processes killed ========== OTL ========== No active process named RtkBtMnt.exe was found! Error: No service named SBSDWSCService was found to stop! Service\Driver key SBSDWSCService not found. File C:\Program Files\Spybot File not found not found. Error: No service named NwlnkFwd was found to stop! Service\Driver key NwlnkFwd not found. File system32\DRIVERS\nwlnkfwd.sys File not found not found. Error: No service named NwlnkFlt was found to stop! Service\Driver key NwlnkFlt not found. File system32\DRIVERS\nwlnkflt.sys File not found not found. Error: No service named IpInIp was found to stop! Service\Driver key IpInIp not found. File system32\DRIVERS\ipinip.sys File not found not found. Error: No service named btwrchid was found to stop! Service\Driver key btwrchid not found. File system32\DRIVERS\btwrchid.sys File not found not found. Error: No service named btwavdt was found to stop! Service\Driver key btwavdt not found. File system32\drivers\btwavdt.sys File not found not found. Error: No service named btwaudio was found to stop! Service\Driver key btwaudio not found. File system32\drivers\btwaudio.sys File not found not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-21-2962711823-1018034334-430022026-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2962711823-1018034334-430022026-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0035A850-9D90-4D6B-B32B-81EB85B3C43F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0035A850-9D90-4D6B-B32B-81EB85B3C43F}\ not found. Registry key HKEY_USERS\S-1-5-21-2962711823-1018034334-430022026-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\S-1-5-21-2962711823-1018034334-430022026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Starting removal of ActiveX control {1E54D648-B804-468d-BC78-4AFFED8E262F} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1E54D648-B804-468d-BC78-4AFFED8E262F}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1E54D648-B804-468d-BC78-4AFFED8E262F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E54D648-B804-468d-BC78-4AFFED8E262F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1E54D648-B804-468d-BC78-4AFFED8E262F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E54D648-B804-468d-BC78-4AFFED8E262F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File C:\autoexec.bat not found. Unable to delete ADS C:\ProgramData\Temp:B203B914 . Unable to delete ADS C:\ProgramData\Temp:798A3728 . Unable to delete ADS C:\ProgramData\Temp:35759C73 . Unable to delete ADS C:\ProgramData\Temp:B623B5B8 . Unable to delete ADS C:\ProgramData\Temp:BB24555F . Unable to delete ADS C:\ProgramData\Temp:8750DCE4 . Folder C:\Program Files\Glary Utilities\ not found. File C:\Windows\tasks\GlaryInitialize.job not found. Folder C:\Users\XXXXXXXXXXXXXXXXXX\Temp\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\XXXXXXXXXXXXXX\Desktop\cmd.bat deleted successfully. C:\Users\XXXXXXXXXXXXXX\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: XXXXXXXXXXXXXXXXXXXXXXX ->Temp folder emptied: 2441891 bytes ->Temporary Internet Files folder emptied: 60259110 bytes ->Java cache emptied: 10926028 bytes ->Flash cache emptied: 1532 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 27166 bytes RecycleBin emptied: 15522799 bytes Total Files Cleaned = 85,00 mb Error: Unable to interpret < Schließe alle Programme. > in the current context! OTL by OldTimer - Version 3.2.58.1 log created on 08252012_164301 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... BG Newbi |
|
25.08.2012, 18:07
| #8 |
| /// Helfer-Team | Google Weiterleitung Sehr gut!  1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
25.08.2012, 18:41
| #9 |
| | Google Weiterleitung Hallo, anbei Malwareantibytes Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.08.25.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 XXXXXXXXXXXXXXXXXXXXXX [Administrator] Schutz: Deaktiviert 25.08.2012 19:35:28 mbam-log-2012-08-25 (19-35-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 190592 Laufzeit: 5 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) anbei ADW Cleaner: # AdwCleaner v1.801 - Logfile created 08/25/2012 at 19:36:23 # Updated 14/08/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # User : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx # Boot Mode : Normal # Running from : C:\Users\XXXXXXXXXXXXXXXXXXXXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9K7STRRO\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Inbox ***** [Registry] ***** ***** [Registre - GUID] ***** ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [677 octets] - [25/08/2012 19:36:23] ########## EOF - C:\AdwCleaner[R1].txt - [804 octets] ########## Problem oder ISP Fehler? BG Newbi |
|
26.08.2012, 01:13
| #10 |
| /// Helfer-Team | Google Weiterleitung Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
26.08.2012, 09:50
| #11 |
| | Google Weiterleitung Hi, ADWCleaner: # AdwCleaner v1.801 - Logfile created 08/26/2012 at 10:26:02 # Updated 14/08/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # User : XXXXXXXXXXXXXXXXXXXXXX # Boot Mode : Normal # Running from : C:\Users\XXXXXXXXXXXXXXXXXXXx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9K7STRRO\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Inbox ***** [Registry] ***** ***** [Registre - GUID] ***** ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [804 octets] - [25/08/2012 19:36:23] AdwCleaner[R2].txt - [863 octets] - [26/08/2012 10:23:33] AdwCleaner[R3].txt - [922 octets] - [26/08/2012 10:25:56] AdwCleaner[S1].txt - [856 octets] - [26/08/2012 10:26:02] ########## EOF - C:\AdwCleaner[S1].txt - [983 octets] ########## Emsisoft: Emnisoft: Emsisoft Anti-Malware - Version 6.6 Letztes Update: 26.08.2012 11:04:48 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\ Archiv Scan: An ADS Scan: An Scan Beginn: 26.08.2012 11:05:58 c:\program files\freerip3 gefunden: Trace.File.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> allowmultipleinstances gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> cddevice gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> converterusesfilenames gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> defaulttargetformat gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> ejectafterrip gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> encodedbypreset gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> filenameformat gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_channels gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> autosearchfreedb gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> forceaspi gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> autochecknewversion gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_level gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> beepafterrip gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> freedbtimeout gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> freeripdbautosearch gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> freedbserver gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> lastregreminderdate gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> freedbemail gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> language gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> freedbautochoose1 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dx gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dy gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_channels gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcy gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_bitrate gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcx gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_mode gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_vbrquality gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writecrcs gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writeid3 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dx gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dy gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> proxyserver gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> proxyport gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> readcdtext gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> regcode gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> proxyuser gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> proxypwd gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> outputpath gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> regname gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> regreminderdays gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> showfullfilename gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> runathigherpriority gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> runscounter gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> ripvolume gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> useproxy gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> slowspeedmode gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> uselocaldb gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> showsplash gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_channels gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_writeinfotags gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> wmaenc_mode gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_channels gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_quality gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_bitspersample gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> wndcloseafterrip gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> writecdplayerini gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> writelrcfile gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3 --> writeplaylist gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> barsize_32772 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> version gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar0 --> barid gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#2 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#0 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#1 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> barid gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> barid gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bars gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar1 --> barid gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> docking gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockrightpos gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudocktoppos gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockleftpos gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockbottompos gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockid gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatstyle gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> ypos gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatypos gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screencx gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatxpos gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> bars gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> xpos gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screency gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthconv --> n gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 3 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 4 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 2 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 0 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 1 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> n gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 0 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 1 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> n gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 3 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 4 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 2 gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_current_user\software\mgshareware\freerip3\freedbserverlist --> n gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayicon gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayname gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayversion gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: user gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: icon group gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> installlocation gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: app path gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> norepair gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: setup version gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> nomodify gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> uninstallstring gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> urlinfoabout gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> quietuninstallstring gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> installdate gefunden: Trace.Registry.freerip v3.0!E1 Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> publisher gefunden: Trace.Registry.freerip v3.0!E1 Gescannt 686048 Gefunden 113 Scan Ende: 26.08.2012 14:00:51 Scan Zeit: 2:54:53 BG Newbi |
|
27.08.2012, 00:27
| #12 |
| /// Helfer-Team | Google Weiterleitung Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
07.10.2012, 00:31
| #13 |
| /// Helfer-Team | Google Weiterleitung Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Google Weiterleitung |
| acrobat update, antivir, avg, avira, besitzer, bho, browser, converter, defender, desktop, flash player, google, hijack, hijack this, hijackthis, hkus\s-1-5-18, internet, internet explorer, launch, logfile, mp3, plug-in, realtek, registry, rundll, safer networking, security, software, starmoney, superantispyware, system, windows |
Linear-Darstellung
