Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 19.09.2012, 10:41   #1
scrooge75
 
Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht - Standard

Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht



Hallo!

Beim der Installation der Software VCD Video Converter wurde auch die Leiste Mystart im Hintergrund installiert und diese bekomme ich nun nicht mehr aus dem Firefox. Beim Öffnen eines neuen tabs wird immer die Mystart-Homepage geöffnet. Zudem hat sich nach der Installation die Schriftwart in meinem Browser in der Eingabezeile und in der Lesezeichen-Leiste geändert.

Da ich die Software Malwarebytes bereits kannte habe ich sie laufen lassen und den Fund gelöscht, jedoch bevor ich auf dieses Forum gestoßen bin. Das Mystart-Problem existiert weiterhin.

- Defogger habe ich entsprechend der Anleitung ausgeführt
- OTL habe ich entsprechend der Anleitung ausgeführt. Die Inhalte sie unten.
- Mein System ist ein 32bit-System
- Gmer habe ich ausgeführt, Ergebnis siehe unten

Und wie gehts nun weiter?

Grüße,
scrooge75

OTL.txt:
OTL logfile created on: 9/19/2012 10:42:47 AM - Run 2
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Markus.Ortlieb\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3.16 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 34.17% Memory free
6.33 Gb Paging File | 4.12 Gb Available in Paging File | 65.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.24 Gb Total Space | 38.03 Gb Free Space | 31.89% Space Free | Partition Type: NTFS

Computer Name: BIBLPORTLIEB | User Name: Markus.Ortlieb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/19 10:33:04 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Markus.Ortlieb\Downloads\OTL.exe
PRC - [2012/09/09 12:07:16 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/31 09:52:22 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/08/31 09:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/08/31 09:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2012/08/28 17:09:56 | 000,188,760 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/05/14 16:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2012/05/14 03:34:06 | 001,113,984 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2012/05/12 00:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2012/05/04 18:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\BM\TMBMSRV.exe
PRC - [2012/03/15 15:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/02/20 04:00:00 | 000,981,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\CcmExec.exe
PRC - [2012/02/17 10:37:46 | 015,963,936 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2012/01/11 11:51:36 | 000,207,932 | ---- | M] (Infonautics GmbH Switzerland) -- C:\Screencapture\ScreenCapturePrint.exe
PRC - [2011/10/31 11:45:34 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2011/10/04 00:31:50 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2011/10/04 00:31:48 | 000,505,720 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2011/10/04 00:31:48 | 000,057,680 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2011/10/04 00:31:48 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2011/10/04 00:31:42 | 000,072,296 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2011/10/04 00:31:40 | 000,536,668 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2011/10/04 00:31:40 | 000,274,514 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2011/10/04 00:31:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe
PRC - [2011/07/28 15:43:26 | 001,459,056 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell System Manager\DCPSysMgr.exe
PRC - [2011/07/28 15:39:42 | 000,390,000 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/15 15:50:52 | 000,686,704 | ---- | M] () -- C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/11/20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/25 09:33:04 | 000,826,272 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2010/10/25 09:33:04 | 000,032,160 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2010/10/15 19:14:08 | 002,843,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2010/10/15 19:14:08 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/10/15 19:14:08 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/09/27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/08/16 17:42:08 | 000,153,560 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
PRC - [2010/08/16 17:42:04 | 000,202,712 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
PRC - [2010/07/27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/06/17 22:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2010/04/06 00:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe
PRC - [2010/01/09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2008/09/01 18:38:08 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Programme\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2008/09/01 18:38:06 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Programme\iPass\iPassConnect\iPassPeriodicUpdateApp.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/18 09:02:47 | 000,115,137 | ---- | M] () -- C:\Users\Markus.Ortlieb\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
MOD - [2012/09/18 09:02:23 | 015,399,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\002b4b1af5f8145bf6b6afe21d4f1db2\Kies.Theme.ni.dll
MOD - [2012/09/18 09:02:23 | 000,608,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\de1a504d1535e5005fbae8f6a4d97ce5\DevicePodcast.ni.dll
MOD - [2012/09/18 09:02:23 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\ee12ab3bf308cbe22f373afbddf0be6b\DeviceVideo.ni.dll
MOD - [2012/09/18 09:02:22 | 002,778,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\23fd65cd04b03d19931758d7472e38a4\PodcastService.ni.dll
MOD - [2012/09/18 09:02:22 | 000,367,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\e5e58a020638d28d3740195f1d0738da\DevicePhoto.ni.dll
MOD - [2012/09/18 09:02:22 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\0377dd6ed6a5e92a0b8d6eb7d0b64f79\DeviceMusic.ni.dll
MOD - [2012/09/18 09:02:21 | 000,461,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\1d941bea2e28bc074d74327844bb0777\VideoManager.ni.dll
MOD - [2012/09/18 09:02:20 | 001,143,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\65018f5e3da23293d642168f7b132d40\Podcaster.ni.dll
MOD - [2012/09/18 09:02:19 | 000,607,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\6f522f515d38e08db4ebab8d1f25d68b\PhotoManager.ni.dll
MOD - [2012/09/18 09:02:16 | 005,676,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\df1a05b63f8fefaf91d097225e726b12\DeviceHost.ni.dll
MOD - [2012/09/18 09:02:11 | 001,843,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\c826afe2d03c8006229ab80a2d7126c7\Phonebook.ni.dll
MOD - [2012/09/18 09:02:09 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8465ae2b954384776b5cd98d69c0108d\Kies.Common.DeviceServiceLib.FirmwareUpdate.Firmw areUpdateAgentHelper.ni.dll
MOD - [2012/09/18 09:02:07 | 001,008,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\94d167be7a5ae09d21349ce6fd3d8a9e\CPKTMusicPlugin.ni.dll
MOD - [2012/09/18 09:02:06 | 000,963,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\3908b9456a6e3665f83d56161f21198c\MusicManager.ni.dll
MOD - [2012/09/18 09:02:04 | 000,320,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\e5c8f9e08db50fb625c029361147f47e\EBookManager.ni.dll
MOD - [2012/09/18 09:02:03 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\ed8a6670f7dbe1ae78aa091a0935fb87\BATPlugin.ni.dll
MOD - [2012/09/18 09:02:02 | 000,507,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\25823a7264f74e67158031f485c0bb23\Kies.Common.MediaDB.ni.dll
MOD - [2012/09/18 09:02:02 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\c209d4b3c25507564757710f6d4a4570\AllShareController.ni.dll
MOD - [2012/09/18 09:02:01 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\81bb58061bcd2a4c3bf4136abe041d20\ASF_cSharpAPI.ni.dll
MOD - [2012/09/18 09:02:01 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\b9360cef783c6eb105c636c3721b7cc9\Kies.Common.AllShare.ni.dll
MOD - [2012/09/18 09:02:01 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\d9eca4746981ac218c1dbe0c131ce108\Kies.Common.StoreManager.ni.dll
MOD - [2012/09/18 09:02:00 | 000,565,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4b033da616a5e8e2b9ebe95342e9cf0d\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012/09/18 09:02:00 | 000,276,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\378ccdcd4181f6bf23d992e26be1c347\Kies.Common.DeviceServiceLib.FirmwareUpdate.Commo n.ni.dll
MOD - [2012/09/18 09:02:00 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\57b7389241c36caa1d2132d68eddedda\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downl oader.ni.dll
MOD - [2012/09/18 09:01:59 | 000,566,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\61df63e5646fd99c9912c90ba2984b8b\Kies.Common.DeviceServiceLib.DeviceDataService.ni .dll
MOD - [2012/09/18 09:01:59 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\170b754ba9dcd78ee0b06a32af4a7c1f\Interop.DevFileServiceLib.ni.dll
MOD - [2012/09/18 09:01:57 | 001,024,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c1c88c2dea6ff25505706a1a23e26c30\Kies.Common.DeviceService.ni.dll
MOD - [2012/09/18 09:01:57 | 000,901,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d98653829401f61cb22f0a1e8e65e6b0\Kies.Common.DeviceServiceLib.DeviceManagement.ni. dll
MOD - [2012/09/18 09:01:56 | 002,188,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\eac2b2d51b2b9c65a35b08fdcfb51eed\Kies.Common.Multimedia.ni.dll
MOD - [2012/09/18 09:01:56 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e1837e9c63789850168d0bb76826128d\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012/09/18 09:01:55 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012/09/18 09:01:55 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012/09/18 09:01:54 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012/09/18 09:01:54 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\25dc31b1903a3689788caf51d3d93f97\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012/09/18 09:01:52 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\5be40478cd0ba1097b88eb05698a77a2\Kies.Common.MainUI.ni.dll
MOD - [2012/09/18 09:01:52 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\1600f24d91e6f9634b0ca377b89ef6b0\Kies.Common.DBManager.ni.dll
MOD - [2012/09/18 09:01:51 | 001,674,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\25712af86daacf25fc9288e66b7f0f15\Kies.ni.exe
MOD - [2012/09/18 09:01:51 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\2d7161baa59dd2c1c39f4a192d760e7d\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012/09/18 09:01:51 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll
MOD - [2012/09/18 09:01:51 | 000,201,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\5b795067a59c204d32cfc0d0db675d9c\Kies.Common.Util.ni.dll
MOD - [2012/09/18 09:01:50 | 001,728,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\40df0fefb0da1d6e9bfaf1c72c001dfd\Kies.UI.ni.dll
MOD - [2012/09/18 09:01:50 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\9a6bad5be6518d4a975893676a49a82c\Interop.DeviceSearchLib.ni.dll
MOD - [2012/09/18 09:01:49 | 001,437,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c4f56538bb1d5921690a486bf052e30b\Kies.Locale.ni.dll
MOD - [2012/09/18 09:01:49 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\afa8de1e7aabde98f9a5fec1abdb9a05\Kies.MVVM.ni.dll
MOD - [2012/09/18 09:01:48 | 001,185,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\a24e92c33778abe42b3cd6135a8238ca\Kies.Interface.ni.dll
MOD - [2012/09/18 09:01:47 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\99372e3c4882e5727a8055b6548ef4fc\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012/09/09 12:07:15 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012/08/31 09:52:22 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/07/03 12:14:56 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll
MOD - [2012/07/03 12:14:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012/07/03 10:39:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/03 10:39:28 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/07/03 10:39:24 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/07/03 10:39:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/07/03 10:39:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/03 10:39:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/03 10:39:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/03 10:39:00 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/06/27 12:35:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012/06/27 12:34:38 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9d32c82a43fa7b948f6ad62a55ceaa73\System.ServiceProcess.ni.dll
MOD - [2012/06/27 12:34:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll
MOD - [2012/06/27 12:34:01 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/06/27 12:05:56 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9b24ceabcec0e6585573eba2837ae0a5\PresentationFramework.ni.dll
MOD - [2012/06/27 12:05:46 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0ada55b589d5afc9fbcece80a97ad64b\PresentationCore.ni.dll
MOD - [2012/06/27 12:05:39 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f750eaacd177ac6247919035d58643a5\WindowsBase.ni.dll
MOD - [2012/06/27 12:05:37 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012/06/27 12:02:38 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d231b57b4658ef8ac5e04f0a38aea210\System.Windows.Forms.ni.dll
MOD - [2012/06/27 12:02:31 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/06/27 12:02:27 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/06/27 12:02:24 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\e5815f5d63d01768714c92c2decbf04c\System.Drawing.ni.dll
MOD - [2012/06/27 12:02:23 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012/06/27 12:02:22 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/06/27 12:02:18 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Programme\Yahoo!\Messenger\yui.dll
MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Programme\Yahoo!\Messenger\pcre.dll
MOD - [2011/10/04 00:31:58 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/15 15:50:52 | 000,686,704 | ---- | M] () -- C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/12/21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/10/15 19:14:18 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2010/08/03 08:56:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll


========== Services (SafeList) ==========

SRV - [2012/09/19 10:24:35 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/09 12:07:16 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/28 17:09:56 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/14 16:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2012/05/12 00:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2012/05/04 18:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2012/03/15 15:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2012/02/20 04:00:00 | 000,981,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\CcmExec.exe -- (CcmExec)
SRV - [2012/02/20 04:00:00 | 000,442,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\CCM\RemCtrl\CmRcService.exe -- (CmRcService)
SRV - [2012/02/20 04:00:00 | 000,251,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\CCM\TSManager.exe -- (smstsmgr)
SRV - [2011/12/06 17:20:20 | 000,048,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lppsvc)
SRV - [2011/12/06 17:20:20 | 000,048,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lpasvc)
SRV - [2011/10/04 00:31:42 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2011/10/04 00:31:40 | 000,274,514 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011/10/04 00:31:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2011/07/28 15:39:42 | 000,390,000 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2011/07/20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010/11/20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/25 09:33:04 | 000,826,272 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2010/10/25 09:33:04 | 000,032,160 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2010/10/15 19:14:08 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/09/27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/08/16 17:42:08 | 000,153,560 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe -- (dcevt32)
SRV - [2010/08/16 17:42:04 | 000,202,712 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe -- (dcstor32)
SRV - [2010/07/27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/06 00:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2010/01/09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/26 14:51:38 | 001,712,128 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Programme\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2008/09/01 18:38:08 | 000,098,304 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Programme\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2008/09/01 18:38:06 | 000,155,648 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Programme\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - [2012/09/19 10:26:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/31 12:42:48 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/07/31 12:42:48 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/04/20 01:18:56 | 000,073,008 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012/04/20 01:18:42 | 000,060,648 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012/04/13 10:41:10 | 000,205,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012/02/20 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2011/10/04 00:31:56 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011/10/04 00:31:56 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2011/10/04 00:31:56 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2011/10/04 00:31:48 | 000,305,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011/10/04 00:31:46 | 000,191,488 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwdelserial.sys -- (nwdelserial)
DRV - [2011/10/04 00:31:46 | 000,027,264 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwdelgobi3kfilter.sys -- (nwdelgobi3kfilter)
DRV - [2011/10/04 00:31:46 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wwanussf.sys -- (ecnssndisfltr)
DRV - [2011/10/04 00:31:46 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wwanuss.sys -- (ecnssndis)
DRV - [2011/10/04 00:31:44 | 000,396,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV - [2011/10/04 00:31:44 | 000,361,032 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV - [2011/10/04 00:31:44 | 000,087,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\d554gps.sys -- (d554gps)
DRV - [2011/10/04 00:31:42 | 000,435,200 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/10/04 00:31:42 | 000,063,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdjw7.sys -- (O2SDJRDR)
DRV - [2011/10/04 00:31:42 | 000,062,440 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\O2MDRw7.sys -- (O2MDRRDR)
DRV - [2011/10/04 00:31:42 | 000,060,904 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdfw7.sys -- (O2MDFRDR)
DRV - [2011/10/04 00:31:42 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2011/10/04 00:31:38 | 000,044,144 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\accelern.sys -- (Acceler)
DRV - [2011/08/03 18:27:18 | 007,517,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2011/07/20 09:36:42 | 000,268,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)
DRV - [2011/07/15 22:30:50 | 000,017,904 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2011/07/12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter)
DRV - [2011/07/12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010/12/07 15:58:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:30:14 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 02:24:42 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 02:21:16 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:50 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/27 12:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/10/19 09:10:20 | 000,026,624 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dcdbas32.sys -- (dcdbas)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {84630365-439B-4036-955B-F475B3233C24}
IE - HKLM\..\SearchScopes\{28D49464-CDAD-4F58-8CB4-1B4B39581593}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{84630365-439B-4036-955B-F475B3233C24}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.kavo.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb174?a=6OyOvWn87o&i=26
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={4053278E-DCAC-4CF6-AE73-9B4584D04116}&mid=d8bbd5e137cc47d0be45a5976d7c4cda-2c2400c527f2de228e4f04fd778b12e2d453762e&lang=de&ds=AVG&pr=fr&d=2012-09-19 09:23:42&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6OyOvWn87o&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons: {d37dc5d0-431d-44e5-8c91-49419370caa1}:3.1.25
FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.100
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B64dc8fb0-2725-4f3a-8eb6-d9d6f2ca9e63%7D&mid=d8bbd5e137cc47d0be45a5976d7c4cda-2c2400c527f2de228e4f04fd778b12e2d453762e&ds=AVG&v=12.2.5.34&lang=de&pr=fr&d=2012-09-18%2019%3A46%3A39&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/04/05 08:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/04/05 08:49:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/18 19:30:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 12:07:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/12 12:29:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 12:07:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/12 12:29:56 | 000,000,000 | ---D | M]

[2012/04/04 09:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Extensions
[2012/09/18 19:30:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions
[2012/05/27 17:49:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/12 09:24:14 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012/09/18 19:30:45 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions\ffxtlbr@incredibar.com
[2012/05/04 14:54:25 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions\ietab@ip.cn
[2012/09/18 19:30:34 | 000,002,203 | ---- | M] () -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\firefox\profiles\f4n0anu9.default\searchplugins\MyStart Search.xml
[2012/09/18 19:23:52 | 000,002,615 | ---- | M] () -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\firefox\profiles\f4n0anu9.default\searchplugins\Web Search.xml
[2012/09/09 12:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/09/18 19:30:39 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012/09/09 12:07:16 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/19 09:23:28 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/03 08:27:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FreeFallProtection] C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: dhrmedical.org ([]* in Lokales Intranet)
O15 - HKLM\..Trusted Domains: dhrmedical.org ([*.gendex] * in Lokales Intranet)
O15 - HKLM\..Trusted Domains: dhrmedical.org ([*.kavo] * in Lokales Intranet)
O15 - HKLM\..Trusted Domains: kavo.de ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: dhrmedical.org ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: dhrmedical.org ([*.gendex] * in Lokales Intranet)
O15 - HKCU\..Trusted Domains: dhrmedical.org ([*.kavo] * in Lokales Intranet)
O15 - HKCU\..Trusted Domains: kavo.de ([]* in Lokales Intranet)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://danaher.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kavo.dhrmedical.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBBB6523-7361-4654-B460-0E93574F494C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Sapgui\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Sapgui\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b8300e74-bc9d-11df-ba19-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b8300e74-bc9d-11df-ba19-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SMS\bin\i386\TSMBAutorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/19 10:25:42 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/09/19 09:51:25 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Malwarebytes
[2012/09/19 09:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/19 09:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/19 09:51:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/19 09:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/19 09:29:21 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Local\Avg2013
[2012/09/18 19:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/18 19:45:23 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/09/18 19:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/18 19:44:37 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Local\MFAData
[2012/09/18 19:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/09/18 19:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/09/18 19:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2012/09/18 19:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/09/18 19:24:44 | 000,000,000 | ---D | C] -- C:\Freemake
[2012/09/18 19:23:48 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Roaming\TuneUp Software
[2012/09/18 19:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012/09/18 19:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/09/18 19:23:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/09/18 19:23:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/09/18 19:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012/09/18 19:22:40 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Roaming\OpenCandy
[2012/09/18 19:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2012/09/18 09:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2012/09/18 09:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2012/09/18 09:11:51 | 000,000,000 | ---D | C] -- C:\SelfMV
[2012/09/18 09:01:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012/09/18 09:01:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012/09/13 17:27:56 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\Steuer-Sparbuch
[2012/09/13 16:40:17 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Buhl Data Service
[2012/09/13 16:40:16 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Local\Buhl Data Service
[2012/09/13 14:39:06 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Local\Buhl
[2012/09/13 14:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2012
[2012/09/13 14:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\WISO
[2012/09/13 14:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2012/09/10 18:15:15 | 000,000,000 | ---D | C] -- C:\Windows\ms
[2012/09/10 18:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft System Center 2012
[2012/09/10 18:15:15 | 000,000,000 | ---D | C] -- C:\Windows\ccmcache
[2012/09/10 18:15:15 | 000,000,000 | ---D | C] -- C:\Windows\CCM
[2012/09/10 18:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Policy Platform
[2012/09/10 18:12:39 | 000,000,000 | ---D | C] -- C:\Windows\ccmsetup
[2012/09/09 12:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 18:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/09/07 18:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012/08/28 10:04:34 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012/08/28 10:04:32 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll

========== Files - Modified Within 30 Days ==========

[2012/09/19 10:43:00 | 000,000,738 | ---- | M] () -- C:\Windows\tasks\OpenCandyHelperRun.job
[2012/09/19 10:43:00 | 000,000,738 | ---- | M] () -- C:\Windows\tasks\OpenCandyHelper.job
[2012/09/19 10:42:10 | 000,000,000 | ---- | M] () -- C:\Users\Markus.Ortlieb\defogger_reenable
[2012/09/19 10:35:09 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 10:35:09 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 10:27:16 | 000,774,508 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/09/19 10:27:16 | 000,774,364 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/09/19 10:27:16 | 000,772,052 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012/09/19 10:27:16 | 000,769,126 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012/09/19 10:27:16 | 000,768,708 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012/09/19 10:27:16 | 000,736,282 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/09/19 10:27:16 | 000,697,192 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012/09/19 10:27:16 | 000,692,474 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2012/09/19 10:27:16 | 000,690,856 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/19 10:27:16 | 000,170,988 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/09/19 10:27:16 | 000,168,158 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012/09/19 10:27:16 | 000,165,464 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012/09/19 10:27:16 | 000,162,012 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/09/19 10:27:16 | 000,161,954 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/09/19 10:27:16 | 000,159,364 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012/09/19 10:27:16 | 000,155,104 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2012/09/19 10:27:16 | 000,153,712 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012/09/19 10:27:16 | 000,134,422 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/19 10:26:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/09/19 10:25:19 | 000,000,464 | ---- | M] () -- C:\Windows\SMSCFG.INI
[2012/09/19 10:24:36 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/19 10:22:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/19 10:22:52 | 2548,744,192 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/19 10:05:03 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219UA.job
[2012/09/19 09:51:16 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/19 09:25:56 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219Core.job
[2012/09/18 19:30:47 | 000,000,454 | ---- | M] () -- C:\user.js
[2012/09/18 09:02:39 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/09/17 13:45:02 | 000,040,674 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/09/17 13:44:25 | 000,009,507 | ---- | M] () -- C:\Windows\cfgall.ini
[2012/09/17 13:44:15 | 000,007,550 | RHS- | M] () -- C:\Users\Markus.Ortlieb\ntuser.pol
[2012/09/13 19:06:10 | 000,028,316 | ---- | M] () -- C:\Users\Markus.Ortlieb\Desktop\Gmail - Media Markt Download Shop Bestellung Nr. # 126933.pdf
[2012/09/13 16:56:23 | 000,000,694 | ---- | M] () -- C:\Windows\wiso.ini
[2012/09/13 14:38:58 | 000,002,086 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2012/09/13 14:38:58 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk
[2012/09/13 14:31:45 | 000,097,856 | ---- | M] () -- C:\Users\Markus.Ortlieb\Desktop\Softwareload Ihr Software Download Shop empfohlen von T-Online.pdf
[2012/09/10 18:15:45 | 000,033,804 | ---- | M] () -- C:\Windows\System32\CcmFramework.ini
[2012/09/10 18:15:45 | 000,000,621 | ---- | M] () -- C:\Windows\System32\CcmFramework.h
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/28 10:05:04 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012/08/28 10:04:34 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012/08/28 10:04:32 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012/08/28 10:04:32 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll

========== Files Created - No Company Name ==========

[2012/09/19 10:42:10 | 000,000,000 | ---- | C] () -- C:\Users\Markus.Ortlieb\defogger_reenable
[2012/09/19 09:51:16 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/18 19:30:46 | 000,000,454 | ---- | C] () -- C:\user.js
[2012/09/18 19:23:57 | 000,000,738 | ---- | C] () -- C:\Windows\tasks\OpenCandyHelperRun.job
[2012/09/18 19:23:56 | 000,000,738 | ---- | C] () -- C:\Windows\tasks\OpenCandyHelper.job
[2012/09/13 19:06:10 | 000,028,316 | ---- | C] () -- C:\Users\Markus.Ortlieb\Desktop\Gmail - Media Markt Download Shop Bestellung Nr. # 126933.pdf
[2012/09/13 14:39:07 | 000,000,694 | ---- | C] () -- C:\Windows\wiso.ini
[2012/09/13 14:38:58 | 000,002,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2012/09/13 14:38:58 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk
[2012/09/13 14:31:45 | 000,097,856 | ---- | C] () -- C:\Users\Markus.Ortlieb\Desktop\Softwareload Ihr Software Download Shop empfohlen von T-Online.pdf
[2012/09/10 18:15:45 | 000,033,804 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2012/09/10 18:15:45 | 000,000,621 | ---- | C] () -- C:\Windows\System32\CcmFramework.h
[2012/07/03 11:35:43 | 000,038,493 | ---- | C] () -- C:\Users\Markus.Ortlieb\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2012/04/05 11:19:16 | 000,006,144 | ---- | C] () -- C:\Users\Markus.Ortlieb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/08 10:53:22 | 000,004,095 | ---- | C] () -- C:\Users\Markus.Ortlieb\AppData\Roaming\saplogon.ini
[2012/03/08 10:53:17 | 000,007,550 | RHS- | C] () -- C:\Users\Markus.Ortlieb\ntuser.pol
[2012/02/16 17:27:50 | 000,040,674 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/16 17:27:14 | 000,000,147 | ---- | C] () -- C:\Windows\SAPDOCCD.INI
[2012/02/16 17:27:14 | 000,000,060 | ---- | C] () -- C:\Windows\sapmsg.ini
[2012/02/16 17:27:14 | 000,000,035 | ---- | C] () -- C:\Windows\saproute.ini
[2012/02/16 17:23:04 | 000,009,507 | ---- | C] () -- C:\Windows\cfgall.ini
[2012/02/16 17:21:25 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll
[2012/02/16 17:21:25 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll
[2012/02/16 17:21:25 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll
[2012/02/16 17:21:25 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll
[2012/02/16 17:21:25 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll
[2012/02/16 17:15:32 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2012/02/16 17:15:32 | 000,205,192 | ---- | C] () -- C:\Windows\System32\bipbsp.dll
[2011/11/14 13:42:39 | 013,906,944 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011/11/14 13:42:39 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011/11/14 13:42:39 | 000,218,304 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011/11/14 13:42:39 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011/11/14 13:42:39 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/11/14 13:42:39 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2011/11/14 13:42:39 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/11/14 13:42:39 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/07/26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/07/26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/07/26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/07/26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/07/26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/05/10 16:56:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/10 16:56:44 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/09/27 13:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2012/04/05 09:36:27 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Alle meine Passworte
[2012/09/13 16:40:17 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Buhl Data Service
[2012/06/12 09:47:40 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Foxit Software
[2012/07/04 14:37:39 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\FreeFileSync
[2012/05/04 16:36:09 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\FreeFLVConverter
[2012/05/23 11:36:22 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\IrfanView
[2012/09/07 19:15:19 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Mp3tag
[2012/09/18 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\OpenCandy
[2012/04/05 11:04:40 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Samsung
[2012/04/08 17:27:55 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\ScreenCapturePrint
[2012/09/18 19:23:48 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\TuneUp Software
[2012/09/10 17:05:43 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\webex
[2012/05/29 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\WindSolutions

========== Purity Check ==========



< End of report >

Extras.txt
OTL Extras logfile created on: 9/19/2012 10:33:38 AM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Markus.Ortlieb\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3.16 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 33.61% Memory free
6.33 Gb Paging File | 4.03 Gb Available in Paging File | 63.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.24 Gb Total Space | 38.03 Gb Free Space | 31.89% Space Free | Partition Type: NTFS

Computer Name: BIBLPORTLIEB | User Name: Markus.Ortlieb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"{3526AF19-F8E4-4286-9A50-5729E3D5E5E3}" = v2.10|Action=Allow|Active=TRUE|Dir=In|RA4=172.16.16.0/255.255.240.0|RA4=172.16.32.0/255.255.240.0|RA4=172.16.48.0/255.255.240.0|Name=KaVo Netzwerk|

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FD867EB-CCFB-4050-B7CE-6173EB55D658}" = lport=138 | protocol=17 | dir=in | app=system |
"{12B4B9D3-5CB4-4ACB-B688-9FB974CCA2DA}" = lport=137 | protocol=17 | dir=in | app=system |
"{3209AC06-B058-4EE9-82FF-BC780F3910F0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{3F5E8CA5-0876-4357-B073-7D378ED8F952}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{462293CE-95A1-4733-9569-21F99388EC8A}" = rport=137 | protocol=17 | dir=out | app=system |
"{51AD881E-0496-4359-AE97-766AB85A3F8E}" = rport=445 | protocol=6 | dir=out | app=system |
"{55198192-207D-43EA-A7D2-1DCF344204F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{57F7DBD7-8174-44CF-AFB4-B4290B811AE2}" = rport=139 | protocol=6 | dir=out | app=system |
"{59166FBF-7F0F-452F-8D75-127E76D6057D}" = lport=19330 | protocol=6 | dir=in | name=trend micro officescan listener |
"{89B5C68F-E848-4391-967E-9EFC52D4CAB5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{89F3C0D8-B75F-4CB1-98AA-296D3D7FA349}" = rport=138 | protocol=17 | dir=out | app=system |
"{97D71F58-670F-4B2E-B223-F12585FBEB1B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A78F05E4-DD16-4324-9F7E-0F0D0158BA10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3842E4B-00D1-497F-B166-53512B0D5327}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2C7C50C-DFD5-4DF5-B1A2-31E4BBA395D7}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F1D9FAA-6918-429A-8DC8-365F3888D7D8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{24544BB4-FB2E-4AF8-917F-DF999C63C902}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3174EC00-9EFA-469B-B515-E3DD0FF0B0B1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{3ACC0DFF-9CFE-475A-AC86-30FA3DD58901}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FE5A7EB-763C-4DBA-ABD2-F8143DE1FACD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EC4BFBA-F766-4E02-B791-E74EE58BEA7C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{4F9B2DBD-36CA-4B90-89DA-C1ECB8A11E18}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{6F3C828B-9BD5-49B7-B0F1-52A7DEB1CD71}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{77DBD087-FC29-4B21-BEAB-48883DCD1B28}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{822025AC-9213-4799-B6F0-D88A165DF14E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A6B3F0DA-16E8-4933-97FB-809CCD4FE4E8}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B72F01DC-7866-4C0D-8537-F388B787F255}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DE40D58B-787C-4894-AB33-322501B11399}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{ECD809E2-CB3D-46CA-912E-AF0EE1F3EBD4}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{EF9AC27A-908D-43C5-B2FF-572F9090AB42}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"TCP Query User{061301E8-F694-4318-A2D2-BF68CD172554}C:\program files\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files\sonos\sonos.exe |
"TCP Query User{073C94C5-99A1-49FA-B43A-30A713A7F108}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{2689121B-0AFD-4756-A597-6F9A44C8F0A5}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{A538B2EB-9BE4-434A-BB26-A7F59A127150}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B9A28DA2-0F99-481C-82F1-52B6D343B724}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{BA3BF74B-FF9D-4189-8A6D-A8450E2D450B}C:\program files\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files\sonos\sonos.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E6B88D-32B1-4848-9AC7-7E2CB093EF04}" = Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{27FB103C-CF82-4DA2-AE14-32D580BAB3F3}" = kavofonts
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.100
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EC64C00-4BBC-4C0A-9F95-40E3EDA72837}" = Dell System Manager
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4EE4C49A-BE74-4A04-946A-B1E1248707BD}" = Configuration Manager Client
"{4FFF8105-AE32-434C-91FC-02828C183616}" = Dell OpenManage Client Instrumentation
"{52698550-7954-4776-AE83-6D7BC55794CF}" = Microsoft Policy Platform
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{1B9EDD99-3021-4EFE-9BB4-5210B624E42E}" =
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOK_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOK_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOK_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{AB6FFA58-F491-11D3-8951-000000015799}" = iPassConnect
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D34598D1-07B8-4EB6-AD9A-DBDF58FFC19F}" = Adobe Shockwave Player 11.6
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF536479-8610-4686-9E86-0B3ECA56690A}" = iPassConnect
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFE5DAD-27EF-40C8-9C13-546224F9A2D3}" = Dell ControlVault Host Components Installer
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Foxit Reader_is1" = Foxit Reader
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"FreeFileSync" = FreeFileSync v5.0
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"Office14.OUTLOOK" = Microsoft Outlook 2010
"Picasa 3" = Picasa 3
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"STANDARD" = Microsoft Office Standard 2007
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/6/2012 10:39:16 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\programdata\WebEx\WebEx\1224\CiscoWebExImporting.exe".
Fehler in Manifest- oder Richtliniendatei "c:\programdata\WebEx\WebEx\1224\Microsoft.VC90.CRT.MANIFEST"
in Zeile 11. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition:
Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error - 7/6/2012 10:39:24 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Die abhängige Assemblierung
"Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 7/6/2012 10:39:29 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Die abhängige Assemblierung
"Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 7/6/2012 10:39:32 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\FreeFileSync_x64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 7/6/2012 10:39:33 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\RealtimeSync_x64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 7/10/2012 5:27:46 PM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXIT READER.EXE, Version: 5.3.1.606,
Zeitstempel: 0x4fcefe93 Name des fehlerhaften Moduls: facebook_plugin.fpi_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4ed5d143 Ausnahmecode: 0xc0000005 Fehleroffset:
0x04f62978 ID des fehlerhaften Prozesses: 0xfa8 Startzeit der fehlerhaften Anwendung:
0x01cd5ee2d7ad986b Pfad der fehlerhaften Anwendung: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT
READER\FOXIT READER.EXE Pfad des fehlerhaften Moduls: facebook_plugin.fpi Berichtskennung:
17222862-cad6-11e1-9b76-74de2b98a529

Error - 7/10/2012 5:27:54 PM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXIT READER.EXE, Version: 5.3.1.606,
Zeitstempel: 0x4fcefe93 Name des fehlerhaften Moduls: facebook_plugin.fpi_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4ed5d143 Ausnahmecode: 0xc0000005 Fehleroffset:
0x04cc8e73 ID des fehlerhaften Prozesses: 0xfa8 Startzeit der fehlerhaften Anwendung:
0x01cd5ee2d7ad986b Pfad der fehlerhaften Anwendung: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT
READER\FOXIT READER.EXE Pfad des fehlerhaften Moduls: facebook_plugin.fpi Berichtskennung:
1bf87ab4-cad6-11e1-9b76-74de2b98a529

Error - 7/15/2012 7:03:11 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\programdata\WebEx\WebEx\1224\CiscoWebExImporting.exe".
Fehler in Manifest- oder Richtliniendatei "c:\programdata\WebEx\WebEx\1224\Microsoft.VC90.CRT.MANIFEST"
in Zeile 11. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition:
Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error - 7/15/2012 7:03:17 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\FreeFileSync_x64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 7/15/2012 7:03:17 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\RealtimeSync_x64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".


< End of report >

Gmer.txt
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-19 11:37:42
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.AXM0
Running: xjvg1jtx.exe; Driver: C:\Users\MARKUS~1.ORT\AppData\Local\Temp\uwdoypob.sys


---- System - GMER 1.0.15 ----

SSDT 8A053D0C ZwCreateKey
SSDT 8A0539C4 ZwCreateMutant
SSDT 89E86124 ZwCreateProcess
SSDT 8A08D514 ZwCreateProcessEx
SSDT 8A053944 ZwCreateSymbolicLinkObject
SSDT 8A053B0C ZwCreateThread
SSDT 8A053ACC ZwCreateThreadEx
SSDT 8A052804 ZwCreateUserProcess
SSDT 8A0538C4 ZwDebugActiveProcess
SSDT 8A053C8C ZwDeleteKey
SSDT 8A053BCC ZwDeleteValueKey
SSDT 8A053904 ZwDuplicateObject
SSDT 8A053A04 ZwLoadDriver
SSDT 8A08DC9C ZwOpenProcess
SSDT 8A053B8C ZwOpenSection
SSDT 8A08DBDC ZwOpenThread
SSDT 8A053C4C ZwRenameKey
SSDT 8A053C0C ZwRestoreKey
SSDT 8A053984 ZwSetSystemInformation
SSDT 8A053CCC ZwSetValueKey
SSDT 8A08DC5C ZwTerminateProcess
SSDT 8A08DC1C ZwTerminateThread
SSDT 8A053B4C ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C4D3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C86D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82C8DE74 4 Bytes [0C, 3D, 05, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C8DE84 4 Bytes [C4, 39, 05, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82C8DE98 8 Bytes CALL 8B9DF326
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82C8DEB4 12 Bytes [44, 39, 05, 8A, 0C, 3B, 05, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 121B 82C8DED0 4 Bytes [04, 28, 05, 8A]
.text ...
? System32\drivers\kweobiwf.sys Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5408] ntdll.dll!DbgUiRemoteBreakin 770FF17D 1 Byte [C3]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\00000092 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000094 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000005b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b98a529
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b98a529@bc4760fe8d89 0x68 0x64 0xF6 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b98a529@0c715d7e823a 0x79 0x6C 0xBB 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b98a529 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b98a529@bc4760fe8d89 0x68 0x64 0xF6 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b98a529@0c715d7e823a 0x79 0x6C 0xBB 0x1B ...

---- EOF - GMER 1.0.15 ----

Alt 19.09.2012, 12:20   #2
markusg
/// Malware-holic
 
Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht - Standard

Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht



öffne bitte malwarebytes, berichte, poste logs mit funden
__________________

__________________

Alt 19.09.2012, 12:35   #3
scrooge75
 
Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht - Standard

Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht



Hallo!

Ich habe mal die logs kopiert, die ich gefunden habe. Der erste Code ist von meinem ersten SQuick-can, bei welchem Malware auch etwas gefunden hat. Der letzte ist vom letzten, vollständigen Scan vor wenigen Minuten. Das Dumme dabei ist nur, dass ich die gefundene Datei aus der Quarantäne gelöscht habe .

scrooge75

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.19.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Markus.Ortlieb :: BIBLPORTLIEB [Administrator]

Schutz: Aktiviert

19.09.2012 09:52:19
mbam-log-2012-09-19 (09-52-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223030
Laufzeit: 8 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Markus.Ortlieb\Downloads\VLCVideoConverterSetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.19.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Markus.Ortlieb :: BIBLPORTLIEB [Administrator]

Schutz: Aktiviert

19.09.2012 11:54:59
mbam-log-2012-09-19 (11-54-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 404988
Laufzeit: 1 Stunde(n), 15 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 19.09.2012, 19:46   #4
markusg
/// Malware-holic
 
Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht - Standard

Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht



ok gibts weitere logs mit funden? falls ja posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.09.2012, 07:43   #5
scrooge75
 
Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht - Standard

Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht



Nein, sonst gibt es keine weiteren Funde. Ich habe Malware, OTL und alle anderen Tools ausgeführt, welche in der Anleitung vor dem Post beschrieben wurden. Nach dem Löschen durch den Adwarecleaner taucht die mystart-Seite beim Öffnen eines neuen Tabs nicht mehr auf (bis jetzt) und die Schriftart in meiner Lesezeichen-Schnellleiste ist wieder normal. Bin ich das Problem jetzt endgültig los?

Hier noch das Ergebnis des Scans mit Adwarecleaner, sowie das Logifle, nachdem Adwarecleaner gelöscht hat:
Code:
ATTFilter
# AdwCleaner v2.002 - Datei am 09/20/2012 um 08:44:36 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzer : Markus.Ortlieb - BIBLPORTLIEB
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Markus.Ortlieb\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Web Assistant Updater

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\MyStart Search.xml
Datei Gefunden : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\MARKUS~1.ORT\AppData\Local\Temp\Uninstall.exe
Datei Gefunden : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
Datei Gefunden : C:\Windows\Tasks\OpenCandyHelper.job
Ordner Gefunden : C:\Program Files\Web Assistant
Ordner Gefunden : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\extensions\ffxtlbr@incredibar.com
Ordner Gefunden : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\extensions\staged
Ordner Gefunden : C:\Users\Markus.Ortlieb\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\MARKUS~1.ORT\AppData\Local\Temp\avg@toolbar
Ordner Gefunden : C:\Users\MARKUS~1.ORT\AppData\Local\Temp\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\I
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gefunden : HKLM\Software\Web Assistant
Schlüssel Gefunden : HKU\S-1-5-21-3842183496-1387694075-2723946746-6219\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-3842183496-1387694075-2723946746-6219\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKU\S-1-5-21-3842183496-1387694075-2723946746-6219\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb174?a=6OyOvWn87o&i=26
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb174?a=6OyOvWn87o&loc=FF_NT");
Gefunden : user_pref("browser.search.defaultenginename", "MyStart Search");
Gefunden : user_pref("extensions.enabledAddons", "{635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105,{[...]
Gefunden : user_pref("extensions.incredibar.admin", false);
Gefunden : user_pref("extensions.incredibar.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar.cntry", "DE");
Gefunden : user_pref("extensions.incredibar.dfltLng", "");
Gefunden : user_pref("extensions.incredibar.dfltSrch", false);
Gefunden : user_pref("extensions.incredibar.did", "10671");
Gefunden : user_pref("extensions.incredibar.envrmnt", "production");
Gefunden : user_pref("extensions.incredibar.excTlbr", false);
Gefunden : user_pref("extensions.incredibar.hdrMd5", "1D36AF13F9D78E67ED57FF552AF01B13");
Gefunden : user_pref("extensions.incredibar.hmpg", false);
Gefunden : user_pref("extensions.incredibar.id", "e62a22ad000000000000081196eb7d55");
Gefunden : user_pref("extensions.incredibar.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar.instlDay", "15601");
Gefunden : user_pref("extensions.incredibar.instlRef", "");
Gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1419:30:46");
Gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gefunden : user_pref("extensions.incredibar.newTab", false);
Gefunden : user_pref("extensions.incredibar.noFFXTlbr", false);
Gefunden : user_pref("extensions.incredibar.ppd", "7777720");
Gefunden : user_pref("extensions.incredibar.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar.productid", "26");
Gefunden : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar.sg", "none");
Gefunden : user_pref("extensions.incredibar.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyOvWn87o&loc=IB_T[...]
Gefunden : user_pref("extensions.incredibar.upn2", "6OyOvWn87o");
Gefunden : user_pref("extensions.incredibar.upn2n", "92262128727874418");
Gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1419:30:46");
Gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Gefunden : user_pref("extensions.incredibar_i.did", "10671");
Gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Gefunden : user_pref("extensions.incredibar_i.id", "e62a22ad000000000000081196eb7d55");
Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar_i.instlDay", "15601");
Gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Gefunden : user_pref("extensions.incredibar_i.newTab", false);
Gefunden : user_pref("extensions.incredibar_i.ppd", "7777720");
Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar_i.productid", "26");
Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyOvWn87o&loc=IB[...]
Gefunden : user_pref("extensions.incredibar_i.upn2", "6OyOvWn87o");
Gefunden : user_pref("extensions.incredibar_i.upn2n", "92262128727874418");
Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:30:46");
Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gefunden : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B64dc8fb0-2725-4f3a-8eb6-d9d6f2ca9e63[...]
Gefunden : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [14825 octets] - [20/09/2012 08:44:36]

########## EOF - C:\AdwCleaner[R1].txt - [14886 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v2.002 - Datei am 09/20/2012 um 08:46:12 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzer : Markus.Ortlieb - BIBLPORTLIEB
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Markus.Ortlieb\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Web Assistant Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\MARKUS~1.ORT\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
Datei Gelöscht : C:\Windows\Tasks\OpenCandyHelper.job
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\extensions\ffxtlbr@incredibar.com
Ordner Gelöscht : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\extensions\staged
Ordner Gelöscht : C:\Users\Markus.Ortlieb\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\MARKUS~1.ORT\AppData\Local\Temp\avg@toolbar
Ordner Gelöscht : C:\Users\MARKUS~1.ORT\AppData\Local\Temp\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb174?a=6OyOvWn87o&i=26 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\prefs.js

C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\Firefox\Profiles\f4n0anu9.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb174?a=6OyOvWn87o&loc=FF_NT");
Gelöscht : user_pref("browser.search.defaultenginename", "MyStart Search");
Gelöscht : user_pref("extensions.enabledAddons", "{635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105,{[...]
Gelöscht : user_pref("extensions.incredibar.admin", false);
Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar.cntry", "DE");
Gelöscht : user_pref("extensions.incredibar.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
Gelöscht : user_pref("extensions.incredibar.did", "10671");
Gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
Gelöscht : user_pref("extensions.incredibar.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar.hdrMd5", "1D36AF13F9D78E67ED57FF552AF01B13");
Gelöscht : user_pref("extensions.incredibar.hmpg", false);
Gelöscht : user_pref("extensions.incredibar.id", "e62a22ad000000000000081196eb7d55");
Gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar.instlDay", "15601");
Gelöscht : user_pref("extensions.incredibar.instlRef", "");
Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1419:30:46");
Gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gelöscht : user_pref("extensions.incredibar.newTab", false);
Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.incredibar.ppd", "7777720");
Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar.productid", "26");
Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar.sg", "none");
Gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyOvWn87o&loc=IB_T[...]
Gelöscht : user_pref("extensions.incredibar.upn2", "6OyOvWn87o");
Gelöscht : user_pref("extensions.incredibar.upn2n", "92262128727874418");
Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1419:30:46");
Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10671");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "e62a22ad000000000000081196eb7d55");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15601");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "7777720");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyOvWn87o&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyOvWn87o");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92262128727874418");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:30:46");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B64dc8fb0-2725-4f3a-8eb6-d9d6f2ca9e63[...]
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [14956 octets] - [20/09/2012 08:44:36]
AdwCleaner[S1].txt - [15190 octets] - [20/09/2012 08:46:12]

########## EOF - C:\AdwCleaner[S1].txt - [15251 octets] ##########
         


Geändert von scrooge75 (20.09.2012 um 07:52 Uhr)

Alt 21.09.2012, 17:50   #6
markusg
/// Malware-holic
 
Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht - Standard

Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht



lade den CCleaner standard:
CCleaner Download - CCleaner 3.22.1800
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
--> Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht

Antwort

Themen zu Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht
7-zip, application/pdf:, audiograbber, avg secure search, bho, browser, cid, converter, defender, desktop, document, entfernen, error, fehler, firefox, flash player, format, incredibar toolbar, install.exe, installation, intranet, locker, logfile, monitor, mozilla, ntdll.dll, object, office 2007, officejet, plug-in, registry, richtlinie, rundll, scan, secure search, software, system, udp, vcredist, windows, wiso




Ähnliche Themen: Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht


  1. Antivir Fund durch Echteitscanner / Scann jedoch ergebnislos
    Log-Analyse und Auswertung - 08.07.2015 (7)
  2. MyStart by Incredibar bei Mozilla Firefox entfernen
    Log-Analyse und Auswertung - 08.08.2013 (8)
  3. Avira AntiVir meldet Speicherveränderung, jedoch keinen Fund eines Schädlings
    Log-Analyse und Auswertung - 08.04.2013 (13)
  4. Entfernen der Leiste mystart.incredibar.com/MB206?a=6PQUi6hP1H
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (1)
  5. MyStart von IncrediBar.com bei Firefox entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.12.2012 (9)
  6. MyStart by IncrediBar.com VOLLSTÄNDIG aus Firefox entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.12.2012 (8)
  7. Verdacht auf Virus_ Malwarebytes scan durchgeführt, jedoch ohne erfolg.
    Log-Analyse und Auswertung - 07.10.2012 (1)
  8. security shield Windows XP entfernen - Malwarebytes bereits durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (5)
  9. mystart incredibar! bereits mit OTL gescannt, was nun?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)
  10. AntiVir berichtet mir von zwei Trojanern, jedoch bei Malwarebytes Anti-Male kein Fund
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (45)
  11. 50€ Virus, Malwarebytes bereits durchgelaufen,Objekte gelöscht funktioniert immer noch nix
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (13)
  12. Trojaner entfernt, jedoch (fast) alle programme gelöscht. Gibt es einen weg sie zu retten?
    Log-Analyse und Auswertung - 02.08.2011 (0)
  13. Trojaner Gefunden Kann jedoch nicht gelöscht werden
    Alles rund um Windows - 13.02.2011 (2)
  14. Yahoo-Leiste in Firefox
    Alles rund um Windows - 29.04.2010 (2)
  15. Antivirus Plus eingefangen--- bereits erfolgreicht gelöscht--- brauche Kontrolle
    Plagegeister aller Art und deren Bekämpfung - 20.01.2010 (3)
  16. Trojaner erkannt und gelöscht, tauchen jedoch wieder auf
    Log-Analyse und Auswertung - 06.10.2006 (41)
  17. se.dll erfolgreich gelöscht, jedoch seitdem RUNDLL-Fehlermeldung
    Plagegeister aller Art und deren Bekämpfung - 17.03.2005 (3)

Zum Thema Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht - Hallo! Beim der Installation der Software VCD Video Converter wurde auch die Leiste Mystart im Hintergrund installiert und diese bekomme ich nun nicht mehr aus dem Firefox. Beim Öffnen eines - Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht...
Archiv
Du betrachtest: Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.