|
Log-Analyse und Auswertung: Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöschtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.09.2012, 10:41 | #1 |
| Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht Hallo! Beim der Installation der Software VCD Video Converter wurde auch die Leiste Mystart im Hintergrund installiert und diese bekomme ich nun nicht mehr aus dem Firefox. Beim Öffnen eines neuen tabs wird immer die Mystart-Homepage geöffnet. Zudem hat sich nach der Installation die Schriftwart in meinem Browser in der Eingabezeile und in der Lesezeichen-Leiste geändert. Da ich die Software Malwarebytes bereits kannte habe ich sie laufen lassen und den Fund gelöscht, jedoch bevor ich auf dieses Forum gestoßen bin. Das Mystart-Problem existiert weiterhin. - Defogger habe ich entsprechend der Anleitung ausgeführt - OTL habe ich entsprechend der Anleitung ausgeführt. Die Inhalte sie unten. - Mein System ist ein 32bit-System - Gmer habe ich ausgeführt, Ergebnis siehe unten Und wie gehts nun weiter? Grüße, scrooge75 OTL.txt: OTL logfile created on: 9/19/2012 10:42:47 AM - Run 2 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Markus.Ortlieb\Downloads Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3.16 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 34.17% Memory free 6.33 Gb Paging File | 4.12 Gb Available in Paging File | 65.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119.24 Gb Total Space | 38.03 Gb Free Space | 31.89% Space Free | Partition Type: NTFS Computer Name: BIBLPORTLIEB | User Name: Markus.Ortlieb | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/19 10:33:04 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Markus.Ortlieb\Downloads\OTL.exe PRC - [2012/09/09 12:07:16 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/08/31 09:52:22 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012/08/31 09:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/08/31 09:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2012/08/28 17:09:56 | 000,188,760 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012/05/14 16:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\NTRtScan.exe PRC - [2012/05/14 03:34:06 | 001,113,984 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\PccNTMon.exe PRC - [2012/05/12 00:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\TmListen.exe PRC - [2012/05/04 18:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\BM\TMBMSRV.exe PRC - [2012/03/15 15:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\TmProxy.exe PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\Messenger\YahooMessenger.exe PRC - [2012/02/20 04:00:00 | 000,981,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\CcmExec.exe PRC - [2012/02/17 10:37:46 | 015,963,936 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE PRC - [2012/01/11 11:51:36 | 000,207,932 | ---- | M] (Infonautics GmbH Switzerland) -- C:\Screencapture\ScreenCapturePrint.exe PRC - [2011/10/31 11:45:34 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\CNTAoSMgr.exe PRC - [2011/10/04 00:31:50 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2011/10/04 00:31:48 | 000,505,720 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2011/10/04 00:31:48 | 000,057,680 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2011/10/04 00:31:48 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2011/10/04 00:31:42 | 000,072,296 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe PRC - [2011/10/04 00:31:40 | 000,536,668 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2011/10/04 00:31:40 | 000,274,514 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2011/10/04 00:31:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe PRC - [2011/07/28 15:43:26 | 001,459,056 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell System Manager\DCPSysMgr.exe PRC - [2011/07/28 15:39:42 | 000,390,000 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/02/15 15:50:52 | 000,686,704 | ---- | M] () -- C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010/11/20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010/10/25 09:33:04 | 000,826,272 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe PRC - [2010/10/25 09:33:04 | 000,032,160 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe PRC - [2010/10/15 19:14:08 | 002,843,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2010/10/15 19:14:08 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2010/10/15 19:14:08 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2010/09/27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010/08/16 17:42:08 | 000,153,560 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe PRC - [2010/08/16 17:42:04 | 000,202,712 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe PRC - [2010/07/27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010/06/17 22:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2010/04/06 00:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe PRC - [2010/01/09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2008/09/01 18:38:08 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Programme\iPass\iPassConnect\iPassPeriodicUpdateService.exe PRC - [2008/09/01 18:38:06 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Programme\iPass\iPassConnect\iPassPeriodicUpdateApp.exe ========== Modules (No Company Name) ========== MOD - [2012/09/18 09:02:47 | 000,115,137 | ---- | M] () -- C:\Users\Markus.Ortlieb\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll MOD - [2012/09/18 09:02:23 | 015,399,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\002b4b1af5f8145bf6b6afe21d4f1db2\Kies.Theme.ni.dll MOD - [2012/09/18 09:02:23 | 000,608,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\de1a504d1535e5005fbae8f6a4d97ce5\DevicePodcast.ni.dll MOD - [2012/09/18 09:02:23 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\ee12ab3bf308cbe22f373afbddf0be6b\DeviceVideo.ni.dll MOD - [2012/09/18 09:02:22 | 002,778,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\23fd65cd04b03d19931758d7472e38a4\PodcastService.ni.dll MOD - [2012/09/18 09:02:22 | 000,367,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\e5e58a020638d28d3740195f1d0738da\DevicePhoto.ni.dll MOD - [2012/09/18 09:02:22 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\0377dd6ed6a5e92a0b8d6eb7d0b64f79\DeviceMusic.ni.dll MOD - [2012/09/18 09:02:21 | 000,461,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\1d941bea2e28bc074d74327844bb0777\VideoManager.ni.dll MOD - [2012/09/18 09:02:20 | 001,143,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\65018f5e3da23293d642168f7b132d40\Podcaster.ni.dll MOD - [2012/09/18 09:02:19 | 000,607,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\6f522f515d38e08db4ebab8d1f25d68b\PhotoManager.ni.dll MOD - [2012/09/18 09:02:16 | 005,676,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\df1a05b63f8fefaf91d097225e726b12\DeviceHost.ni.dll MOD - [2012/09/18 09:02:11 | 001,843,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\c826afe2d03c8006229ab80a2d7126c7\Phonebook.ni.dll MOD - [2012/09/18 09:02:09 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8465ae2b954384776b5cd98d69c0108d\Kies.Common.DeviceServiceLib.FirmwareUpdate.Firmw areUpdateAgentHelper.ni.dll MOD - [2012/09/18 09:02:07 | 001,008,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\94d167be7a5ae09d21349ce6fd3d8a9e\CPKTMusicPlugin.ni.dll MOD - [2012/09/18 09:02:06 | 000,963,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\3908b9456a6e3665f83d56161f21198c\MusicManager.ni.dll MOD - [2012/09/18 09:02:04 | 000,320,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\e5c8f9e08db50fb625c029361147f47e\EBookManager.ni.dll MOD - [2012/09/18 09:02:03 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\ed8a6670f7dbe1ae78aa091a0935fb87\BATPlugin.ni.dll MOD - [2012/09/18 09:02:02 | 000,507,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\25823a7264f74e67158031f485c0bb23\Kies.Common.MediaDB.ni.dll MOD - [2012/09/18 09:02:02 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\c209d4b3c25507564757710f6d4a4570\AllShareController.ni.dll MOD - [2012/09/18 09:02:01 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\81bb58061bcd2a4c3bf4136abe041d20\ASF_cSharpAPI.ni.dll MOD - [2012/09/18 09:02:01 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\b9360cef783c6eb105c636c3721b7cc9\Kies.Common.AllShare.ni.dll MOD - [2012/09/18 09:02:01 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\d9eca4746981ac218c1dbe0c131ce108\Kies.Common.StoreManager.ni.dll MOD - [2012/09/18 09:02:00 | 000,565,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4b033da616a5e8e2b9ebe95342e9cf0d\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2012/09/18 09:02:00 | 000,276,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\378ccdcd4181f6bf23d992e26be1c347\Kies.Common.DeviceServiceLib.FirmwareUpdate.Commo n.ni.dll MOD - [2012/09/18 09:02:00 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\57b7389241c36caa1d2132d68eddedda\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downl oader.ni.dll MOD - [2012/09/18 09:01:59 | 000,566,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\61df63e5646fd99c9912c90ba2984b8b\Kies.Common.DeviceServiceLib.DeviceDataService.ni .dll MOD - [2012/09/18 09:01:59 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\170b754ba9dcd78ee0b06a32af4a7c1f\Interop.DevFileServiceLib.ni.dll MOD - [2012/09/18 09:01:57 | 001,024,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c1c88c2dea6ff25505706a1a23e26c30\Kies.Common.DeviceService.ni.dll MOD - [2012/09/18 09:01:57 | 000,901,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d98653829401f61cb22f0a1e8e65e6b0\Kies.Common.DeviceServiceLib.DeviceManagement.ni. dll MOD - [2012/09/18 09:01:56 | 002,188,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\eac2b2d51b2b9c65a35b08fdcfb51eed\Kies.Common.Multimedia.ni.dll MOD - [2012/09/18 09:01:56 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e1837e9c63789850168d0bb76826128d\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2012/09/18 09:01:55 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2012/09/18 09:01:55 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2012/09/18 09:01:54 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2012/09/18 09:01:54 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\25dc31b1903a3689788caf51d3d93f97\Interop.PRPLAYERCORELib.ni.dll MOD - [2012/09/18 09:01:52 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\5be40478cd0ba1097b88eb05698a77a2\Kies.Common.MainUI.ni.dll MOD - [2012/09/18 09:01:52 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\1600f24d91e6f9634b0ca377b89ef6b0\Kies.Common.DBManager.ni.dll MOD - [2012/09/18 09:01:51 | 001,674,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\25712af86daacf25fc9288e66b7f0f15\Kies.ni.exe MOD - [2012/09/18 09:01:51 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\2d7161baa59dd2c1c39f4a192d760e7d\ICSharpCode.SharpZipLib.ni.dll MOD - [2012/09/18 09:01:51 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll MOD - [2012/09/18 09:01:51 | 000,201,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\5b795067a59c204d32cfc0d0db675d9c\Kies.Common.Util.ni.dll MOD - [2012/09/18 09:01:50 | 001,728,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\40df0fefb0da1d6e9bfaf1c72c001dfd\Kies.UI.ni.dll MOD - [2012/09/18 09:01:50 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\9a6bad5be6518d4a975893676a49a82c\Interop.DeviceSearchLib.ni.dll MOD - [2012/09/18 09:01:49 | 001,437,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c4f56538bb1d5921690a486bf052e30b\Kies.Locale.ni.dll MOD - [2012/09/18 09:01:49 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\afa8de1e7aabde98f9a5fec1abdb9a05\Kies.MVVM.ni.dll MOD - [2012/09/18 09:01:48 | 001,185,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\a24e92c33778abe42b3cd6135a8238ca\Kies.Interface.ni.dll MOD - [2012/09/18 09:01:47 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\99372e3c4882e5727a8055b6548ef4fc\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2012/09/09 12:07:15 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012/08/31 09:52:22 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012/07/03 12:14:56 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll MOD - [2012/07/03 12:14:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012/07/03 10:39:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/07/03 10:39:28 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012/07/03 10:39:24 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012/07/03 10:39:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/07/03 10:39:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/07/03 10:39:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/07/03 10:39:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/07/03 10:39:00 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/06/27 12:35:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012/06/27 12:34:38 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9d32c82a43fa7b948f6ad62a55ceaa73\System.ServiceProcess.ni.dll MOD - [2012/06/27 12:34:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll MOD - [2012/06/27 12:34:01 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012/06/27 12:05:56 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9b24ceabcec0e6585573eba2837ae0a5\PresentationFramework.ni.dll MOD - [2012/06/27 12:05:46 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0ada55b589d5afc9fbcece80a97ad64b\PresentationCore.ni.dll MOD - [2012/06/27 12:05:39 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f750eaacd177ac6247919035d58643a5\WindowsBase.ni.dll MOD - [2012/06/27 12:05:37 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012/06/27 12:02:38 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d231b57b4658ef8ac5e04f0a38aea210\System.Windows.Forms.ni.dll MOD - [2012/06/27 12:02:31 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012/06/27 12:02:27 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012/06/27 12:02:24 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\e5815f5d63d01768714c92c2decbf04c\System.Drawing.ni.dll MOD - [2012/06/27 12:02:23 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012/06/27 12:02:22 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012/06/27 12:02:18 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Programme\Yahoo!\Messenger\yui.dll MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Programme\Yahoo!\Messenger\pcre.dll MOD - [2011/10/04 00:31:58 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011/02/15 15:50:52 | 000,686,704 | ---- | M] () -- C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2010/12/21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/10/15 19:14:18 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2010/08/03 08:56:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV - [2012/09/19 10:24:35 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/09 12:07:16 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/08/28 17:09:56 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/14 16:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan) SRV - [2012/05/12 00:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten) SRV - [2012/05/04 18:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2012/03/15 15:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2012/02/20 04:00:00 | 000,981,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\CcmExec.exe -- (CcmExec) SRV - [2012/02/20 04:00:00 | 000,442,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\CCM\RemCtrl\CmRcService.exe -- (CmRcService) SRV - [2012/02/20 04:00:00 | 000,251,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\CCM\TSManager.exe -- (smstsmgr) SRV - [2011/12/06 17:20:20 | 000,048,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lppsvc) SRV - [2011/12/06 17:20:20 | 000,048,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lpasvc) SRV - [2011/10/04 00:31:42 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH) SRV - [2011/10/04 00:31:40 | 000,274,514 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2011/10/04 00:31:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters) SRV - [2011/07/28 15:39:42 | 000,390,000 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2011/07/20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010/11/20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/10/25 09:33:04 | 000,826,272 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV - [2010/10/25 09:33:04 | 000,032,160 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV - [2010/10/15 19:14:08 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010/09/27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010/08/16 17:42:08 | 000,153,560 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe -- (dcevt32) SRV - [2010/08/16 17:42:04 | 000,202,712 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe -- (dcstor32) SRV - [2010/07/27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010/04/06 00:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2010/01/09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010/01/09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/09/26 14:51:38 | 001,712,128 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Programme\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine) SRV - [2008/09/01 18:38:08 | 000,098,304 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Programme\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService) SRV - [2008/09/01 18:38:06 | 000,155,648 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Programme\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - [2012/09/19 10:26:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/07/31 12:42:48 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012/07/31 12:42:48 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012/04/20 01:18:56 | 000,073,008 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon) DRV - [2012/04/20 01:18:42 | 000,060,648 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2012/04/13 10:41:10 | 000,205,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm) DRV - [2012/02/20 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2011/10/04 00:31:56 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2011/10/04 00:31:56 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2011/10/04 00:31:56 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv) DRV - [2011/10/04 00:31:48 | 000,305,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2011/10/04 00:31:46 | 000,191,488 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwdelserial.sys -- (nwdelserial) DRV - [2011/10/04 00:31:46 | 000,027,264 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwdelgobi3kfilter.sys -- (nwdelgobi3kfilter) DRV - [2011/10/04 00:31:46 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wwanussf.sys -- (ecnssndisfltr) DRV - [2011/10/04 00:31:46 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wwanuss.sys -- (ecnssndis) DRV - [2011/10/04 00:31:44 | 000,396,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) DRV - [2011/10/04 00:31:44 | 000,361,032 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV - [2011/10/04 00:31:44 | 000,087,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\d554gps.sys -- (d554gps) DRV - [2011/10/04 00:31:42 | 000,435,200 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2011/10/04 00:31:42 | 000,063,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdjw7.sys -- (O2SDJRDR) DRV - [2011/10/04 00:31:42 | 000,062,440 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\O2MDRw7.sys -- (O2MDRRDR) DRV - [2011/10/04 00:31:42 | 000,060,904 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdfw7.sys -- (O2MDFRDR) DRV - [2011/10/04 00:31:42 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) DRV - [2011/10/04 00:31:38 | 000,044,144 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\accelern.sys -- (Acceler) DRV - [2011/08/03 18:27:18 | 007,517,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) DRV - [2011/07/20 09:36:42 | 000,268,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) DRV - [2011/07/15 22:30:50 | 000,017,904 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn) DRV - [2011/07/12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter) DRV - [2011/07/12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter) DRV - [2011/07/12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt) DRV - [2010/12/07 15:58:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 04:30:14 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010/11/20 02:24:42 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 02:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/11/20 02:21:16 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2010/11/20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 01:14:50 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/09/27 12:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009/10/19 09:10:20 | 000,026,624 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dcdbas32.sys -- (dcdbas) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {84630365-439B-4036-955B-F475B3233C24} IE - HKLM\..\SearchScopes\{28D49464-CDAD-4F58-8CB4-1B4B39581593}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{84630365-439B-4036-955B-F475B3233C24}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.kavo.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb174?a=6OyOvWn87o&i=26 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={4053278E-DCAC-4CF6-AE73-9B4584D04116}&mid=d8bbd5e137cc47d0be45a5976d7c4cda-2c2400c527f2de228e4f04fd778b12e2d453762e&lang=de&ds=AVG&pr=fr&d=2012-09-19 09:23:42&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6OyOvWn87o&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105 FF - prefs.js..extensions.enabledAddons: {d37dc5d0-431d-44e5-8c91-49419370caa1}:3.1.25 FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.100 FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B64dc8fb0-2725-4f3a-8eb6-d9d6f2ca9e63%7D&mid=d8bbd5e137cc47d0be45a5976d7c4cda-2c2400c527f2de228e4f04fd778b12e2d453762e&ds=AVG&v=12.2.5.34&lang=de&pr=fr&d=2012-09-18%2019%3A46%3A39&sap=ku&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/04/05 08:48:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/04/05 08:49:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/18 19:30:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 12:07:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/12 12:29:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 12:07:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/12 12:29:56 | 000,000,000 | ---D | M] [2012/04/04 09:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Extensions [2012/09/18 19:30:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions [2012/05/27 17:49:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/09/12 09:24:14 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2012/09/18 19:30:45 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions\ffxtlbr@incredibar.com [2012/05/04 14:54:25 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions\ietab@ip.cn [2012/09/18 19:30:34 | 000,002,203 | ---- | M] () -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\firefox\profiles\f4n0anu9.default\searchplugins\MyStart Search.xml [2012/09/18 19:23:52 | 000,002,615 | ---- | M] () -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\firefox\profiles\f4n0anu9.default\searchplugins\Web Search.xml [2012/09/09 12:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012/09/18 19:30:39 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/09/09 12:07:16 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/03/13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/19 09:23:28 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/09/03 08:27:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/03/13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/03/13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/03/13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/03/13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [FreeFallProtection] C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: dhrmedical.org ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: dhrmedical.org ([*.gendex] * in Lokales Intranet) O15 - HKLM\..Trusted Domains: dhrmedical.org ([*.kavo] * in Lokales Intranet) O15 - HKLM\..Trusted Domains: kavo.de ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: dhrmedical.org ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: dhrmedical.org ([*.gendex] * in Lokales Intranet) O15 - HKCU\..Trusted Domains: dhrmedical.org ([*.kavo] * in Lokales Intranet) O15 - HKCU\..Trusted Domains: kavo.de ([]* in Lokales Intranet) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://danaher.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kavo.dhrmedical.org O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBBB6523-7361-4654-B460-0E93574F494C}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Sapgui\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Sapgui\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b8300e74-bc9d-11df-ba19-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b8300e74-bc9d-11df-ba19-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SMS\bin\i386\TSMBAutorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/19 10:25:42 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012/09/19 09:51:25 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Malwarebytes [2012/09/19 09:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/19 09:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/19 09:51:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/09/19 09:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/09/19 09:29:21 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Local\Avg2013 [2012/09/18 19:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/09/18 19:45:23 | 000,000,000 | -H-D | C] -- C:\$AVG [2012/09/18 19:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012/09/18 19:44:37 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Local\MFAData [2012/09/18 19:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/09/18 19:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012/09/18 19:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com [2012/09/18 19:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012/09/18 19:24:44 | 000,000,000 | ---D | C] -- C:\Freemake [2012/09/18 19:23:48 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Roaming\TuneUp Software [2012/09/18 19:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012/09/18 19:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012/09/18 19:23:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012/09/18 19:23:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/09/18 19:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2012/09/18 19:22:40 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Roaming\OpenCandy [2012/09/18 19:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake [2012/09/18 09:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2012/09/18 09:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec [2012/09/18 09:11:51 | 000,000,000 | ---D | C] -- C:\SelfMV [2012/09/18 09:01:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012/09/18 09:01:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012/09/13 17:27:56 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\Steuer-Sparbuch [2012/09/13 16:40:17 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Buhl Data Service [2012/09/13 16:40:16 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Local\Buhl Data Service [2012/09/13 14:39:06 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Local\Buhl [2012/09/13 14:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2012 [2012/09/13 14:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\WISO [2012/09/13 14:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2012/09/10 18:15:15 | 000,000,000 | ---D | C] -- C:\Windows\ms [2012/09/10 18:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft System Center 2012 [2012/09/10 18:15:15 | 000,000,000 | ---D | C] -- C:\Windows\ccmcache [2012/09/10 18:15:15 | 000,000,000 | ---D | C] -- C:\Windows\CCM [2012/09/10 18:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Policy Platform [2012/09/10 18:12:39 | 000,000,000 | ---D | C] -- C:\Windows\ccmsetup [2012/09/09 12:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/09/07 18:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012/09/07 18:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon [2012/08/28 10:04:34 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll [2012/08/28 10:04:32 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll ========== Files - Modified Within 30 Days ========== [2012/09/19 10:43:00 | 000,000,738 | ---- | M] () -- C:\Windows\tasks\OpenCandyHelperRun.job [2012/09/19 10:43:00 | 000,000,738 | ---- | M] () -- C:\Windows\tasks\OpenCandyHelper.job [2012/09/19 10:42:10 | 000,000,000 | ---- | M] () -- C:\Users\Markus.Ortlieb\defogger_reenable [2012/09/19 10:35:09 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/19 10:35:09 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/19 10:27:16 | 000,774,508 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2012/09/19 10:27:16 | 000,774,364 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2012/09/19 10:27:16 | 000,772,052 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2012/09/19 10:27:16 | 000,769,126 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2012/09/19 10:27:16 | 000,768,708 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012/09/19 10:27:16 | 000,736,282 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/09/19 10:27:16 | 000,697,192 | ---- | M] () -- C:\Windows\System32\perfh005.dat [2012/09/19 10:27:16 | 000,692,474 | ---- | M] () -- C:\Windows\System32\perfh01D.dat [2012/09/19 10:27:16 | 000,690,856 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/09/19 10:27:16 | 000,170,988 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2012/09/19 10:27:16 | 000,168,158 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012/09/19 10:27:16 | 000,165,464 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2012/09/19 10:27:16 | 000,162,012 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2012/09/19 10:27:16 | 000,161,954 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/09/19 10:27:16 | 000,159,364 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2012/09/19 10:27:16 | 000,155,104 | ---- | M] () -- C:\Windows\System32\perfc01D.dat [2012/09/19 10:27:16 | 000,153,712 | ---- | M] () -- C:\Windows\System32\perfc005.dat [2012/09/19 10:27:16 | 000,134,422 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/09/19 10:26:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012/09/19 10:25:19 | 000,000,464 | ---- | M] () -- C:\Windows\SMSCFG.INI [2012/09/19 10:24:36 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/19 10:22:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/19 10:22:52 | 2548,744,192 | -HS- | M] () -- C:\hiberfil.sys [2012/09/19 10:05:03 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219UA.job [2012/09/19 09:51:16 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/09/19 09:25:56 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219Core.job [2012/09/18 19:30:47 | 000,000,454 | ---- | M] () -- C:\user.js [2012/09/18 09:02:39 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012/09/17 13:45:02 | 000,040,674 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012/09/17 13:44:25 | 000,009,507 | ---- | M] () -- C:\Windows\cfgall.ini [2012/09/17 13:44:15 | 000,007,550 | RHS- | M] () -- C:\Users\Markus.Ortlieb\ntuser.pol [2012/09/13 19:06:10 | 000,028,316 | ---- | M] () -- C:\Users\Markus.Ortlieb\Desktop\Gmail - Media Markt Download Shop Bestellung Nr. # 126933.pdf [2012/09/13 16:56:23 | 000,000,694 | ---- | M] () -- C:\Windows\wiso.ini [2012/09/13 14:38:58 | 000,002,086 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012/09/13 14:38:58 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk [2012/09/13 14:31:45 | 000,097,856 | ---- | M] () -- C:\Users\Markus.Ortlieb\Desktop\Softwareload Ihr Software Download Shop empfohlen von T-Online.pdf [2012/09/10 18:15:45 | 000,033,804 | ---- | M] () -- C:\Windows\System32\CcmFramework.ini [2012/09/10 18:15:45 | 000,000,621 | ---- | M] () -- C:\Windows\System32\CcmFramework.h [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/08/28 10:05:04 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012/08/28 10:04:34 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll [2012/08/28 10:04:32 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012/08/28 10:04:32 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll ========== Files Created - No Company Name ========== [2012/09/19 10:42:10 | 000,000,000 | ---- | C] () -- C:\Users\Markus.Ortlieb\defogger_reenable [2012/09/19 09:51:16 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/09/18 19:30:46 | 000,000,454 | ---- | C] () -- C:\user.js [2012/09/18 19:23:57 | 000,000,738 | ---- | C] () -- C:\Windows\tasks\OpenCandyHelperRun.job [2012/09/18 19:23:56 | 000,000,738 | ---- | C] () -- C:\Windows\tasks\OpenCandyHelper.job [2012/09/13 19:06:10 | 000,028,316 | ---- | C] () -- C:\Users\Markus.Ortlieb\Desktop\Gmail - Media Markt Download Shop Bestellung Nr. # 126933.pdf [2012/09/13 14:39:07 | 000,000,694 | ---- | C] () -- C:\Windows\wiso.ini [2012/09/13 14:38:58 | 000,002,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012/09/13 14:38:58 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk [2012/09/13 14:31:45 | 000,097,856 | ---- | C] () -- C:\Users\Markus.Ortlieb\Desktop\Softwareload Ihr Software Download Shop empfohlen von T-Online.pdf [2012/09/10 18:15:45 | 000,033,804 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini [2012/09/10 18:15:45 | 000,000,621 | ---- | C] () -- C:\Windows\System32\CcmFramework.h [2012/07/03 11:35:43 | 000,038,493 | ---- | C] () -- C:\Users\Markus.Ortlieb\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2012/04/05 11:19:16 | 000,006,144 | ---- | C] () -- C:\Users\Markus.Ortlieb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/08 10:53:22 | 000,004,095 | ---- | C] () -- C:\Users\Markus.Ortlieb\AppData\Roaming\saplogon.ini [2012/03/08 10:53:17 | 000,007,550 | RHS- | C] () -- C:\Users\Markus.Ortlieb\ntuser.pol [2012/02/16 17:27:50 | 000,040,674 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/02/16 17:27:14 | 000,000,147 | ---- | C] () -- C:\Windows\SAPDOCCD.INI [2012/02/16 17:27:14 | 000,000,060 | ---- | C] () -- C:\Windows\sapmsg.ini [2012/02/16 17:27:14 | 000,000,035 | ---- | C] () -- C:\Windows\saproute.ini [2012/02/16 17:23:04 | 000,009,507 | ---- | C] () -- C:\Windows\cfgall.ini [2012/02/16 17:21:25 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll [2012/02/16 17:21:25 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll [2012/02/16 17:21:25 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll [2012/02/16 17:21:25 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll [2012/02/16 17:21:25 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll [2012/02/16 17:15:32 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll [2012/02/16 17:15:32 | 000,205,192 | ---- | C] () -- C:\Windows\System32\bipbsp.dll [2011/11/14 13:42:39 | 013,906,944 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2011/11/14 13:42:39 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin [2011/11/14 13:42:39 | 000,218,304 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin [2011/11/14 13:42:39 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin [2011/11/14 13:42:39 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2011/11/14 13:42:39 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2011/11/14 13:42:39 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011/11/14 13:42:39 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2011/07/26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/07/26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011/07/26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011/07/26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011/07/26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011/05/10 16:56:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/05/10 16:56:44 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2010/09/27 13:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2012/04/05 09:36:27 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Alle meine Passworte [2012/09/13 16:40:17 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Buhl Data Service [2012/06/12 09:47:40 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Foxit Software [2012/07/04 14:37:39 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\FreeFileSync [2012/05/04 16:36:09 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\FreeFLVConverter [2012/05/23 11:36:22 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\IrfanView [2012/09/07 19:15:19 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Mp3tag [2012/09/18 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\OpenCandy [2012/04/05 11:04:40 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Samsung [2012/04/08 17:27:55 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\ScreenCapturePrint [2012/09/18 19:23:48 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\TuneUp Software [2012/09/10 17:05:43 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\webex [2012/05/29 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report > Extras.txt OTL Extras logfile created on: 9/19/2012 10:33:38 AM - Run 1 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Markus.Ortlieb\Downloads Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3.16 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 33.61% Memory free 6.33 Gb Paging File | 4.03 Gb Available in Paging File | 63.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119.24 Gb Total Space | 38.03 Gb Free Space | 31.89% Space Free | Partition Type: NTFS Computer Name: BIBLPORTLIEB | User Name: Markus.Ortlieb | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] "PolicyVersion" = 522 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules] "{3526AF19-F8E4-4286-9A50-5729E3D5E5E3}" = v2.10|Action=Allow|Active=TRUE|Dir=In|RA4=172.16.16.0/255.255.240.0|RA4=172.16.32.0/255.255.240.0|RA4=172.16.48.0/255.255.240.0|Name=KaVo Netzwerk| [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile] "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile] "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FD867EB-CCFB-4050-B7CE-6173EB55D658}" = lport=138 | protocol=17 | dir=in | app=system | "{12B4B9D3-5CB4-4ACB-B688-9FB974CCA2DA}" = lport=137 | protocol=17 | dir=in | app=system | "{3209AC06-B058-4EE9-82FF-BC780F3910F0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{3F5E8CA5-0876-4357-B073-7D378ED8F952}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{462293CE-95A1-4733-9569-21F99388EC8A}" = rport=137 | protocol=17 | dir=out | app=system | "{51AD881E-0496-4359-AE97-766AB85A3F8E}" = rport=445 | protocol=6 | dir=out | app=system | "{55198192-207D-43EA-A7D2-1DCF344204F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{57F7DBD7-8174-44CF-AFB4-B4290B811AE2}" = rport=139 | protocol=6 | dir=out | app=system | "{59166FBF-7F0F-452F-8D75-127E76D6057D}" = lport=19330 | protocol=6 | dir=in | name=trend micro officescan listener | "{89B5C68F-E848-4391-967E-9EFC52D4CAB5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{89F3C0D8-B75F-4CB1-98AA-296D3D7FA349}" = rport=138 | protocol=17 | dir=out | app=system | "{97D71F58-670F-4B2E-B223-F12585FBEB1B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A78F05E4-DD16-4324-9F7E-0F0D0158BA10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C3842E4B-00D1-497F-B166-53512B0D5327}" = lport=139 | protocol=6 | dir=in | app=system | "{F2C7C50C-DFD5-4DF5-B1A2-31E4BBA395D7}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F1D9FAA-6918-429A-8DC8-365F3888D7D8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{24544BB4-FB2E-4AF8-917F-DF999C63C902}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{3174EC00-9EFA-469B-B515-E3DD0FF0B0B1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{3ACC0DFF-9CFE-475A-AC86-30FA3DD58901}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3FE5A7EB-763C-4DBA-ABD2-F8143DE1FACD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4EC4BFBA-F766-4E02-B791-E74EE58BEA7C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{4F9B2DBD-36CA-4B90-89DA-C1ECB8A11E18}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | "{6F3C828B-9BD5-49B7-B0F1-52A7DEB1CD71}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | "{77DBD087-FC29-4B21-BEAB-48883DCD1B28}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{822025AC-9213-4799-B6F0-D88A165DF14E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A6B3F0DA-16E8-4933-97FB-809CCD4FE4E8}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{B72F01DC-7866-4C0D-8537-F388B787F255}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DE40D58B-787C-4894-AB33-322501B11399}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | "{ECD809E2-CB3D-46CA-912E-AF0EE1F3EBD4}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | "{EF9AC27A-908D-43C5-B2FF-572F9090AB42}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "TCP Query User{061301E8-F694-4318-A2D2-BF68CD172554}C:\program files\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files\sonos\sonos.exe | "TCP Query User{073C94C5-99A1-49FA-B43A-30A713A7F108}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{2689121B-0AFD-4756-A597-6F9A44C8F0A5}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{A538B2EB-9BE4-434A-BB26-A7F59A127150}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{B9A28DA2-0F99-481C-82F1-52B6D343B724}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{BA3BF74B-FF9D-4189-8A6D-A8450E2D450B}C:\program files\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files\sonos\sonos.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01E6B88D-32B1-4848-9AC7-7E2CB093EF04}" = Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten "{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012 "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20 "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30 "{27FB103C-CF82-4DA2-AE14-32D580BAB3F3}" = kavofonts "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.100 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EC64C00-4BBC-4C0A-9F95-40E3EDA72837}" = Dell System Manager "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{4EE4C49A-BE74-4A04-946A-B1E1248707BD}" = Configuration Manager Client "{4FFF8105-AE32-434C-91FC-02828C183616}" = Dell OpenManage Client Instrumentation "{52698550-7954-4776-AE83-6D7BC55794CF}" = Microsoft Policy Platform "{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007 "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010 "{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{1B9EDD99-3021-4EFE-9BB4-5210B624E42E}" = "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOK_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOK_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOK_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86) "{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86) "{AB6FFA58-F491-11D3-8951-000000015799}" = iPassConnect "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D34598D1-07B8-4EB6-AD9A-DBDF58FFC19F}" = Adobe Shockwave Player 11.6 "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU "{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF536479-8610-4686-9E86-0B3ECA56690A}" = iPassConnect "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171 "{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät "{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFFE5DAD-27EF-40C8-9C13-546224F9A2D3}" = Dell ControlVault Host Components Installer "ActiveTouchMeetingClient" = Cisco WebEx Meetings "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15 "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3-Plugin "Foxit Reader_is1" = Foxit Reader "Free FLV Converter_is1" = Free FLV Converter V 7.4.0 "FreeFileSync" = FreeFileSync v5.0 "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "incredibar" = Incredibar Toolbar on IE "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.52 "Office14.OUTLOOK" = Microsoft Outlook 2010 "Picasa 3" = Picasa 3 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SAPBI" = SAP Business Explorer "SAPGUI710" = SAP GUI for Windows 7.20 "STANDARD" = Microsoft Office Standard 2007 "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/6/2012 10:39:16 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\programdata\WebEx\WebEx\1224\CiscoWebExImporting.exe". Fehler in Manifest- oder Richtliniendatei "c:\programdata\WebEx\WebEx\1224\Microsoft.VC90.CRT.MANIFEST" in Zeile 11. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Definition: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 7/6/2012 10:39:24 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 7/6/2012 10:39:29 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 7/6/2012 10:39:32 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\FreeFileSync_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 7/6/2012 10:39:33 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\RealtimeSync_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 7/10/2012 5:27:46 PM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FOXIT READER.EXE, Version: 5.3.1.606, Zeitstempel: 0x4fcefe93 Name des fehlerhaften Moduls: facebook_plugin.fpi_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ed5d143 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04f62978 ID des fehlerhaften Prozesses: 0xfa8 Startzeit der fehlerhaften Anwendung: 0x01cd5ee2d7ad986b Pfad der fehlerhaften Anwendung: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE Pfad des fehlerhaften Moduls: facebook_plugin.fpi Berichtskennung: 17222862-cad6-11e1-9b76-74de2b98a529 Error - 7/10/2012 5:27:54 PM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FOXIT READER.EXE, Version: 5.3.1.606, Zeitstempel: 0x4fcefe93 Name des fehlerhaften Moduls: facebook_plugin.fpi_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ed5d143 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04cc8e73 ID des fehlerhaften Prozesses: 0xfa8 Startzeit der fehlerhaften Anwendung: 0x01cd5ee2d7ad986b Pfad der fehlerhaften Anwendung: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE Pfad des fehlerhaften Moduls: facebook_plugin.fpi Berichtskennung: 1bf87ab4-cad6-11e1-9b76-74de2b98a529 Error - 7/15/2012 7:03:11 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\programdata\WebEx\WebEx\1224\CiscoWebExImporting.exe". Fehler in Manifest- oder Richtliniendatei "c:\programdata\WebEx\WebEx\1224\Microsoft.VC90.CRT.MANIFEST" in Zeile 11. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Definition: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 7/15/2012 7:03:17 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\FreeFileSync_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 7/15/2012 7:03:17 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\RealtimeSync_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". < End of report > Gmer.txt GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-09-19 11:37:42 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.AXM0 Running: xjvg1jtx.exe; Driver: C:\Users\MARKUS~1.ORT\AppData\Local\Temp\uwdoypob.sys ---- System - GMER 1.0.15 ---- SSDT 8A053D0C ZwCreateKey SSDT 8A0539C4 ZwCreateMutant SSDT 89E86124 ZwCreateProcess SSDT 8A08D514 ZwCreateProcessEx SSDT 8A053944 ZwCreateSymbolicLinkObject SSDT 8A053B0C ZwCreateThread SSDT 8A053ACC ZwCreateThreadEx SSDT 8A052804 ZwCreateUserProcess SSDT 8A0538C4 ZwDebugActiveProcess SSDT 8A053C8C ZwDeleteKey SSDT 8A053BCC ZwDeleteValueKey SSDT 8A053904 ZwDuplicateObject SSDT 8A053A04 ZwLoadDriver SSDT 8A08DC9C ZwOpenProcess SSDT 8A053B8C ZwOpenSection SSDT 8A08DBDC ZwOpenThread SSDT 8A053C4C ZwRenameKey SSDT 8A053C0C ZwRestoreKey SSDT 8A053984 ZwSetSystemInformation SSDT 8A053CCC ZwSetValueKey SSDT 8A08DC5C ZwTerminateProcess SSDT 8A08DC1C ZwTerminateThread SSDT 8A053B4C ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C4D3C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C86D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82C8DE74 4 Bytes [0C, 3D, 05, 8A] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C8DE84 4 Bytes [C4, 39, 05, 8A] .text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82C8DE98 8 Bytes CALL 8B9DF326 .text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82C8DEB4 12 Bytes [44, 39, 05, 8A, 0C, 3B, 05, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 121B 82C8DED0 4 Bytes [04, 28, 05, 8A] .text ... ? System32\drivers\kweobiwf.sys Das System kann den angegebenen Pfad nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5408] ntdll.dll!DbgUiRemoteBreakin 770FF17D 1 Byte [C3] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000092 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000094 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000005b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b98a529 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b98a529@bc4760fe8d89 0x68 0x64 0xF6 0xCD ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b98a529@0c715d7e823a 0x79 0x6C 0xBB 0x1B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b98a529 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b98a529@bc4760fe8d89 0x68 0x64 0xF6 0xCD ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b98a529@0c715d7e823a 0x79 0x6C 0xBB 0x1B ... ---- EOF - GMER 1.0.15 ---- |
19.09.2012, 12:20 | #2 |
/// Malware-holic | Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht öffne bitte malwarebytes, berichte, poste logs mit funden
__________________
__________________ |
19.09.2012, 12:35 | #3 |
| Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht Hallo!
__________________Ich habe mal die logs kopiert, die ich gefunden habe. Der erste Code ist von meinem ersten SQuick-can, bei welchem Malware auch etwas gefunden hat. Der letzte ist vom letzten, vollständigen Scan vor wenigen Minuten. Das Dumme dabei ist nur, dass ich die gefundene Datei aus der Quarantäne gelöscht habe . scrooge75 Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.19.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Markus.Ortlieb :: BIBLPORTLIEB [Administrator] Schutz: Aktiviert 19.09.2012 09:52:19 mbam-log-2012-09-19 (09-52-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 223030 Laufzeit: 8 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Markus.Ortlieb\Downloads\VLCVideoConverterSetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.19.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Markus.Ortlieb :: BIBLPORTLIEB [Administrator] Schutz: Aktiviert 19.09.2012 11:54:59 mbam-log-2012-09-19 (11-54-59).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 404988 Laufzeit: 1 Stunde(n), 15 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
19.09.2012, 19:46 | #4 |
/// Malware-holic | Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht ok gibts weitere logs mit funden? falls ja posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
20.09.2012, 07:43 | #5 |
| Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht Nein, sonst gibt es keine weiteren Funde. Ich habe Malware, OTL und alle anderen Tools ausgeführt, welche in der Anleitung vor dem Post beschrieben wurden. Nach dem Löschen durch den Adwarecleaner taucht die mystart-Seite beim Öffnen eines neuen Tabs nicht mehr auf (bis jetzt) und die Schriftart in meiner Lesezeichen-Schnellleiste ist wieder normal. Bin ich das Problem jetzt endgültig los? Hier noch das Ergebnis des Scans mit Adwarecleaner, sowie das Logifle, nachdem Adwarecleaner gelöscht hat: Code:
ATTFilter # AdwCleaner v2.002 - Datei am 09/20/2012 um 08:44:36 erstellt # Aktualisiert am 16/09/2012 von Xplode # Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits) # Benutzer : Markus.Ortlieb - BIBLPORTLIEB # Bootmodus : Normal # Ausgeführt unter : C:\Users\Markus.Ortlieb\Downloads\adwcleaner.exe # Option [Suche] **** [Dienste] **** Gefunden : Web Assistant Updater ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Datei Gefunden : C:\user.js Datei Gefunden : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\MyStart Search.xml Datei Gefunden : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\Web Search.xml Datei Gefunden : C:\Users\MARKUS~1.ORT\AppData\Local\Temp\Uninstall.exe Datei Gefunden : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk Datei Gefunden : C:\Windows\Tasks\OpenCandyHelper.job Ordner Gefunden : C:\Program Files\Web Assistant Ordner Gefunden : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\extensions\ffxtlbr@incredibar.com Ordner Gefunden : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\extensions\staged Ordner Gefunden : C:\Users\Markus.Ortlieb\AppData\Roaming\OpenCandy Ordner Gefunden : C:\Users\MARKUS~1.ORT\AppData\Local\Temp\avg@toolbar Ordner Gefunden : C:\Users\MARKUS~1.ORT\AppData\Local\Temp\Smartbar ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\IM Schlüssel Gefunden : HKCU\Software\ImInstaller Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\I Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.dskBnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar Schlüssel Gefunden : HKLM\Software\Web Assistant Schlüssel Gefunden : HKU\S-1-5-21-3842183496-1387694075-2723946746-6219\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gefunden : HKU\S-1-5-21-3842183496-1387694075-2723946746-6219\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKU\S-1-5-21-3842183496-1387694075-2723946746-6219\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}] Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb174?a=6OyOvWn87o&i=26 [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} -\\ Mozilla Firefox v15.0 (de) Profilname : default Datei : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\prefs.js Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb174?a=6OyOvWn87o&loc=FF_NT"); Gefunden : user_pref("browser.search.defaultenginename", "MyStart Search"); Gefunden : user_pref("extensions.enabledAddons", "{635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105,{[...] Gefunden : user_pref("extensions.incredibar.admin", false); Gefunden : user_pref("extensions.incredibar.aflt", "orgnl"); Gefunden : user_pref("extensions.incredibar.cntry", "DE"); Gefunden : user_pref("extensions.incredibar.dfltLng", ""); Gefunden : user_pref("extensions.incredibar.dfltSrch", false); Gefunden : user_pref("extensions.incredibar.did", "10671"); Gefunden : user_pref("extensions.incredibar.envrmnt", "production"); Gefunden : user_pref("extensions.incredibar.excTlbr", false); Gefunden : user_pref("extensions.incredibar.hdrMd5", "1D36AF13F9D78E67ED57FF552AF01B13"); Gefunden : user_pref("extensions.incredibar.hmpg", false); Gefunden : user_pref("extensions.incredibar.id", "e62a22ad000000000000081196eb7d55"); Gefunden : user_pref("extensions.incredibar.installerproductid", "26"); Gefunden : user_pref("extensions.incredibar.instlDay", "15601"); Gefunden : user_pref("extensions.incredibar.instlRef", ""); Gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1419:30:46"); Gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); Gefunden : user_pref("extensions.incredibar.newTab", false); Gefunden : user_pref("extensions.incredibar.noFFXTlbr", false); Gefunden : user_pref("extensions.incredibar.ppd", "7777720"); Gefunden : user_pref("extensions.incredibar.prdct", "incredibar"); Gefunden : user_pref("extensions.incredibar.productid", "26"); Gefunden : user_pref("extensions.incredibar.prtnrId", "Incredibar"); Gefunden : user_pref("extensions.incredibar.sg", "none"); Gefunden : user_pref("extensions.incredibar.smplGrp", "none"); Gefunden : user_pref("extensions.incredibar.tlbrId", "base"); Gefunden : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyOvWn87o&loc=IB_T[...] Gefunden : user_pref("extensions.incredibar.upn2", "6OyOvWn87o"); Gefunden : user_pref("extensions.incredibar.upn2n", "92262128727874418"); Gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14"); Gefunden : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1419:30:46"); Gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14"); Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl"); Gefunden : user_pref("extensions.incredibar_i.dfltLng", ""); Gefunden : user_pref("extensions.incredibar_i.did", "10671"); Gefunden : user_pref("extensions.incredibar_i.excTlbr", false); Gefunden : user_pref("extensions.incredibar_i.id", "e62a22ad000000000000081196eb7d55"); Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26"); Gefunden : user_pref("extensions.incredibar_i.instlDay", "15601"); Gefunden : user_pref("extensions.incredibar_i.instlRef", ""); Gefunden : user_pref("extensions.incredibar_i.ms_url_id", ""); Gefunden : user_pref("extensions.incredibar_i.newTab", false); Gefunden : user_pref("extensions.incredibar_i.ppd", "7777720"); Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar"); Gefunden : user_pref("extensions.incredibar_i.productid", "26"); Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none"); Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base"); Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyOvWn87o&loc=IB[...] Gefunden : user_pref("extensions.incredibar_i.upn2", "6OyOvWn87o"); Gefunden : user_pref("extensions.incredibar_i.upn2n", "92262128727874418"); Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:30:46"); Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); Gefunden : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B64dc8fb0-2725-4f3a-8eb6-d9d6f2ca9e63[...] Gefunden : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] ************************* AdwCleaner[R1].txt - [14825 octets] - [20/09/2012 08:44:36] ########## EOF - C:\AdwCleaner[R1].txt - [14886 octets] ########## Code:
ATTFilter # AdwCleaner v2.002 - Datei am 09/20/2012 um 08:46:12 erstellt # Aktualisiert am 16/09/2012 von Xplode # Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits) # Benutzer : Markus.Ortlieb - BIBLPORTLIEB # Bootmodus : Normal # Ausgeführt unter : C:\Users\Markus.Ortlieb\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : Web Assistant Updater ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Datei Gelöscht : C:\user.js Datei Gelöscht : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\MyStart Search.xml Datei Gelöscht : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\Web Search.xml Datei Gelöscht : C:\Users\MARKUS~1.ORT\AppData\Local\Temp\Uninstall.exe Datei Gelöscht : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk Datei Gelöscht : C:\Windows\Tasks\OpenCandyHelper.job Ordner Gelöscht : C:\Program Files\Web Assistant Ordner Gelöscht : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\extensions\ffxtlbr@incredibar.com Ordner Gelöscht : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\extensions\staged Ordner Gelöscht : C:\Users\Markus.Ortlieb\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\MARKUS~1.ORT\AppData\Local\Temp\avg@toolbar Ordner Gelöscht : C:\Users\MARKUS~1.ORT\AppData\Local\Temp\Smartbar ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar Schlüssel Gelöscht : HKLM\Software\Web Assistant Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb174?a=6OyOvWn87o&i=26 --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com -\\ Mozilla Firefox v15.0 (de) Profilname : default Datei : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\prefs.js C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\user.js ... Gelöscht ! Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb174?a=6OyOvWn87o&loc=FF_NT"); Gelöscht : user_pref("browser.search.defaultenginename", "MyStart Search"); Gelöscht : user_pref("extensions.enabledAddons", "{635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105,{[...] Gelöscht : user_pref("extensions.incredibar.admin", false); Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl"); Gelöscht : user_pref("extensions.incredibar.cntry", "DE"); Gelöscht : user_pref("extensions.incredibar.dfltLng", ""); Gelöscht : user_pref("extensions.incredibar.dfltSrch", false); Gelöscht : user_pref("extensions.incredibar.did", "10671"); Gelöscht : user_pref("extensions.incredibar.envrmnt", "production"); Gelöscht : user_pref("extensions.incredibar.excTlbr", false); Gelöscht : user_pref("extensions.incredibar.hdrMd5", "1D36AF13F9D78E67ED57FF552AF01B13"); Gelöscht : user_pref("extensions.incredibar.hmpg", false); Gelöscht : user_pref("extensions.incredibar.id", "e62a22ad000000000000081196eb7d55"); Gelöscht : user_pref("extensions.incredibar.installerproductid", "26"); Gelöscht : user_pref("extensions.incredibar.instlDay", "15601"); Gelöscht : user_pref("extensions.incredibar.instlRef", ""); Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1419:30:46"); Gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); Gelöscht : user_pref("extensions.incredibar.newTab", false); Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false); Gelöscht : user_pref("extensions.incredibar.ppd", "7777720"); Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar"); Gelöscht : user_pref("extensions.incredibar.productid", "26"); Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar"); Gelöscht : user_pref("extensions.incredibar.sg", "none"); Gelöscht : user_pref("extensions.incredibar.smplGrp", "none"); Gelöscht : user_pref("extensions.incredibar.tlbrId", "base"); Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyOvWn87o&loc=IB_T[...] Gelöscht : user_pref("extensions.incredibar.upn2", "6OyOvWn87o"); Gelöscht : user_pref("extensions.incredibar.upn2n", "92262128727874418"); Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14"); Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1419:30:46"); Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14"); Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl"); Gelöscht : user_pref("extensions.incredibar_i.dfltLng", ""); Gelöscht : user_pref("extensions.incredibar_i.did", "10671"); Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false); Gelöscht : user_pref("extensions.incredibar_i.id", "e62a22ad000000000000081196eb7d55"); Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26"); Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15601"); Gelöscht : user_pref("extensions.incredibar_i.instlRef", ""); Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", ""); Gelöscht : user_pref("extensions.incredibar_i.newTab", false); Gelöscht : user_pref("extensions.incredibar_i.ppd", "7777720"); Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar"); Gelöscht : user_pref("extensions.incredibar_i.productid", "26"); Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none"); Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base"); Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyOvWn87o&loc=IB[...] Gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyOvWn87o"); Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92262128727874418"); Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:30:46"); Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); Gelöscht : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B64dc8fb0-2725-4f3a-8eb6-d9d6f2ca9e63[...] Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] ************************* AdwCleaner[R1].txt - [14956 octets] - [20/09/2012 08:44:36] AdwCleaner[S1].txt - [15190 octets] - [20/09/2012 08:46:12] ########## EOF - C:\AdwCleaner[S1].txt - [15251 octets] ########## Geändert von scrooge75 (20.09.2012 um 07:52 Uhr) |
21.09.2012, 17:50 | #6 |
/// Malware-holic | Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht lade den CCleaner standard: CCleaner Download - CCleaner 3.22.1800 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht |
Themen zu Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht |
7-zip, application/pdf:, audiograbber, avg secure search, bho, browser, cid, converter, defender, desktop, document, entfernen, error, fehler, firefox, flash player, format, incredibar toolbar, install.exe, installation, intranet, locker, logfile, monitor, mozilla, ntdll.dll, object, office 2007, officejet, plug-in, registry, richtlinie, rundll, scan, secure search, software, system, udp, vcredist, windows, wiso |