| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus hat alle Benutzerrechte geändertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.09.2012, 10:44
| #1 |
| |  Virus hat alle Benutzerrechte geändert Hallo! Seit einiger Zeit kann ich nichtmehr mit dem betroffenem PC arbeiten, da alle Benutzerrechte auf einmal geändert wurden, heißt ich kann kaum ein Programm öffnen/ausführen und auch Programme runterladen geht nicht. Manchmal hilft es in den Programmeinstellungen mich als Admin einzustellen, aber oft nicht. Ich habe schon versucht in Eigenregie (bestimmt ein großer Fehler  ) das Problem mit Malwarebytes, AdwCleaner und Emsisoft zu beheben, aber es scheint immer noch da zu sein.Malwarebytes habe ich oft drüberlaufen lass (Habe 12 Logdateien), und der hat auch EINIGES gefunden. Welche Logdatei wollt ihr da haben? AdwCleaner habe ich einmal glaube ich laufen lassen. Hier die Log: Code:
ATTFilter # AdwCleaner v2.001 - Datei am 09/25/2012 um 20:26:13 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Gerd Becker - MEDION-P7300-D
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gerd Becker\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Gerd Becker\AppData\Local\funmoods-speeddial.crx
Datei Gefunden : C:\Users\GERDBE~1\AppData\Local\Temp\Uninstall.exe
Ordner Gefunden : C:\Program Files\Common Files\AVG Secure Search
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\FileConverter_1.3
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Gerd Becker\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\FileConverter_1.3
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Gerd Becker\AppData\Roaming\Mozilla\Firefox\Profiles\2nkra1ra.default\extensions\staged
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\FileConverter_1.3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{153D7D79-706C-443D-BA98-41CA86982C9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3241949
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\FileConverter_1.3
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00F05827-CD47-4E8D-AFD7-6BEB1D6A72AA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E04BFCCA-2B19-4B02-90E5-AAD3106C02A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{153D7D79-706C-443D-BA98-41CA86982C9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.3 Toolbar
Schlüssel Gefunden : HKLM\Software\Tarma Installer
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Gerd Becker\AppData\Roaming\Mozilla\Firefox\Profiles\2nkra1ra.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Gerd Becker\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R10].txt - [4586 octets] - [25/09/2012 20:26:13]
########## EOF - C:\AdwCleaner[R10].txt - [4647 octets] ##########
Die Logdatei habe ich nichtmehr, aber der Pfad ist wie folgt: C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe Emsisoft sagt es wäre ein Trojan.Generic.7723167 (B) . Es stuft das als ein hohes Sicherheitsrisiko ein. Entschuldigung sollte ich mit meiner Vorarbeit die Arbeit erschweren, aber ich komme hier einfach nicht mehr weiter. Vielen Dank im Voraus für eure Hilfe! |
|
01.10.2012, 06:55
| #2 |
| /// the machine /// TB-Ausbilder    | Virus hat alle Benutzerrechte geändert Hi,
__________________CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
__________________ |
|
03.10.2012, 19:49
| #3 |
| | Virus hat alle Benutzerrechte geändert Okay, ich habe OTL mit dem Quickscan laufen lassen. Hier sind die Log-Datein.
__________________OTL.txt: Code:
ATTFilter OTL logfile created on: 03.10.2012 18:21:38 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Gerd Becker\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 65,99% Memory free 8,12 Gb Paging File | 6,29 Gb Available in Paging File | 77,53% Paging File free Paging file location(s): c:\pagefile.sys 4987 4987 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,51 Gb Total Space | 823,08 Gb Free Space | 90,30% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 8,33 Gb Free Space | 41,65% Space Free | Partition Type: FAT32 Drive F: | 596,02 Gb Total Space | 566,67 Gb Free Space | 95,07% Space Free | Partition Type: FAT32 Computer Name: MEDION-P7300-D | User Name: Gerd Becker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.03 18:20:49 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd Becker\Desktop\OTL.exe PRC - [2012.09.19 11:29:44 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe PRC - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2012.09.19 05:33:36 | 003,082,640 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe PRC - [2012.09.19 05:33:14 | 003,363,240 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2guard.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.08 12:56:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.17 15:25:15 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.05.17 15:25:15 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.17 15:25:15 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.17 15:25:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.17 15:25:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.17 15:25:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.19 21:58:12 | 000,514,128 | ---- | M] (REINER SCT) -- C:\Windows\System32\cjpcsc.exe PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.02.29 22:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.11.11 04:07:59 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe PRC - [2011.07.06 14:34:19 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.06.30 11:56:22 | 001,118,288 | ---- | M] (NCP Engineering GmbH) -- C:\Programme\LANCOM\Advanced VPN Client\ncprwsnt.exe PRC - [2010.05.21 12:44:26 | 000,133,712 | ---- | M] (NCP engineering GmbH) -- C:\Programme\LANCOM\Advanced VPN Client\ncpclcfg.exe PRC - [2010.05.07 13:08:38 | 000,093,184 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NCPSEC.EXE PRC - [2009.06.24 11:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Programme\Hp\HPLaserJetService\HPLaserJetService.exe PRC - [2008.09.09 18:32:00 | 006,281,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.06 14:34:19 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV - [2012.09.21 18:36:28 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.09.19 11:29:40 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2012.09.19 05:33:36 | 003,082,640 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.25 03:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.28 18:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Disabled | Stopped] -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate) SRV - [2012.05.17 15:25:15 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012.05.17 15:25:15 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.17 15:25:15 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.17 15:25:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.17 15:25:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.19 21:58:12 | 000,514,128 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\System32\cjpcsc.exe -- (cjpcsc) SRV - [2012.03.15 22:50:40 | 000,247,192 | ---- | M] (FileMaker, Inc.) [On_Demand | Stopped] -- C:\Programme\FileMaker\FileMaker Server\Database Server\fmshelper.exe -- (FileMaker Server) SRV - [2012.03.09 20:00:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.03.08 19:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.11.11 04:07:59 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService) SRV - [2011.09.23 21:51:22 | 000,045,592 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Programme\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.08.09 04:04:02 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service) SRV - [2010.06.30 11:56:22 | 001,118,288 | ---- | M] (NCP Engineering GmbH) [Auto | Running] -- C:\Programme\LANCOM\Advanced VPN Client\ncprwsnt.exe -- (ncprwsnt) SRV - [2010.05.21 12:44:26 | 000,133,712 | ---- | M] (NCP engineering GmbH) [Auto | Running] -- C:\Programme\LANCOM\Advanced VPN Client\ncpclcfg.exe -- (ncpclcfg) SRV - [2010.05.07 13:08:38 | 000,093,184 | ---- | M] () [Auto | Running] -- C:\Programme\LANCOM\Advanced VPN Client\NCPSEC.EXE -- (NcpSec) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.24 11:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Programme\Hp\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2008.10.14 02:52:50 | 000,376,937 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) SRV - [2008.10.14 02:52:50 | 000,184,423 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) SRV - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.28 15:22:34 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.06.24 22:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2012.06.16 01:31:32 | 000,014,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys -- (Tq_91Assistant) DRV - [2012.05.17 15:25:15 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.17 15:25:15 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2012.05.17 15:25:15 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2012.05.17 15:25:15 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2012.04.30 18:45:00 | 000,037,856 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver) DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.02.01 03:31:00 | 000,602,216 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2012.01.02 04:09:12 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2011.10.19 17:48:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.10.08 09:28:44 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews) DRV - [2011.06.02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2011.05.19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2011.04.26 11:21:06 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2011.03.29 11:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.07.06 12:28:34 | 000,077,808 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ncplelhp.sys -- (ncplelhp) DRV - [2010.07.06 12:28:34 | 000,077,808 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ncplelhp.sys -- (ncpfilt) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util) DRV - [2009.09.10 09:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2009.06.17 18:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2009.06.17 18:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2009.02.25 19:58:56 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPEWSFXBULK) DRV - [2008.09.25 15:28:06 | 001,332,576 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2008.03.17 18:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX) DRV - [2007.05.31 07:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.08.28 18:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\MTictwl.sys -- (NCPro) DRV - [2006.08.28 18:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTictwl.sys -- (MagicTune) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes,DefaultScope = {671EB503-4A27-0E26-7286-54FE44497503} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{671EB503-4A27-0E26-7286-54FE44497503}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzutDtBtDtDyE0EyEtAyDtDyEzy0DyD0F0BtN0D0TzutBtDtCtBtDyCtBtD&cr=1046637989 IE - HKLM\..\SearchScopes\{BB931CA0-9B96-4877-92C7-D0C34E0B0E1B}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-de&FORM=IEFM&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{671EB503-4A27-0E26-7286-54FE44497503}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.2 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.23 15:39:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.02 19:21:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.19 21:19:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.18 22:03:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.02 18:02:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.23 15:39:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2012.09.16 12:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd Becker\AppData\Roaming\mozilla\Extensions [2011.11.24 01:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd Becker\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.09.25 20:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd Becker\AppData\Roaming\mozilla\Firefox\Profiles\2nkra1ra.default\extensions [2012.09.25 20:49:52 | 000,616,675 | ---- | M] () (No name found) -- C:\Users\Gerd Becker\AppData\Roaming\mozilla\firefox\profiles\2nkra1ra.default\extensions\toolbar@web.de.xpi [2012.09.25 20:50:43 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Gerd Becker\AppData\Roaming\mozilla\firefox\profiles\2nkra1ra.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.24 15:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.24 15:59:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012.06.18 14:45:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.19 21:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.09.19 21:19:37 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de [2012.09.24 15:59:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012.08.25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/webhp?source=search_app CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.de/webhp?source=search_app CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gerd Becker\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Programme\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe (NTI Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google) O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [Iomega Home Storage Manager] C:\Programme\Iomega\Home Storage Manager\Iomega Discovery.exe (Iomega Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NcpBudgetGui] C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe (NCP engineering GmbH) O4 - HKLM..\Run: [NcpPopup] C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe (NCP engineering GmbH) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net) O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [zzzHPSETUP] E:\Setup.exe \RESET File not found O4 - Startup: C:\Users\Gerd Becker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O8 - Extra context menu item: Download with mediAvatar iPhone Softwarepaket Pro - C:\Program Files\mediAvatar\iPhone Software Suite Pro\upod_link.HTM File not found O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Reg Error: Value error. File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]http in Vertrauenswürdige Sites) O16 - DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} https://chipkarte.santanderbank.de/Estatico/ALP_EBANDE_SmartCardPres_E/Recursos/SantanderChipcardPlugin2610.cab (Security-Plugin-HBCI-Chipcard) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Unable to open value key) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6CD70BB-A0EB-42F6-A1B5-B558DF885D5A}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\Gerd Becker\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Gerd Becker\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27 - HKLM IFEO\backitup.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\backupnowez.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\corel mediaone.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\corel photo downloader.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\devicecenter.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\eraser.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\fixitcenter.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\iastorui.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\intelcontrolcenter.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\iomega storage manager.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\ncpmon.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\ncpro.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\ncprotray.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\ncptrcw.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\neroupgrade.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\netviewer.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\nvstlink.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\nvstview.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\pdf24-editor.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\pdf24-fax.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\recode.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\restorestarter.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\schirmfoto.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\scrconfig.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\showtime.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\smkonv.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\startstarmoney.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\sump.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\waveedit.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{aba72ea7-326a-11e1-84f2-02004e435049}\Shell - "" = AutoRun O33 - MountPoints2\{aba72ea7-326a-11e1-84f2-02004e435049}\Shell\AutoRun\command - "" = J:\unlock.exe autoplay=true O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.03 18:20:49 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Gerd Becker\Desktop\OTL.exe [2012.10.01 01:26:22 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Roaming\MOBackup [2012.10.01 01:22:51 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\Documents\mobackups [2012.10.01 01:22:35 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MOBackup - Datensicherung für Outlook [2012.10.01 01:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBackup - Datensicherung für Outlook [2012.10.01 01:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\MOBackup [2012.10.01 00:37:02 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Local\SimpleSYN [2012.10.01 00:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimpleSYN 2.1 [2012.10.01 00:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\creativbox.net [2012.09.29 01:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.09.29 01:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2012.09.29 01:24:56 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\Documents\Anti-Malware [2012.09.26 00:24:32 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\Documents\iTunes [2012.09.26 00:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.26 00:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.26 00:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.26 00:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.09.24 16:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FileMaker [2012.09.24 16:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileMaker Server [2012.09.24 15:30:44 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\Documents\FileMaker Server 12 [2012.09.24 13:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eric's TelNet98 [2012.09.23 21:39:53 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Roaming\U3 [2012.09.23 14:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NTIReg [2012.09.23 14:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ [2012.09.23 14:37:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Xp_x86 [2012.09.23 14:37:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\w2k_x86 [2012.09.23 14:37:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_x86 [2012.09.23 14:37:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_ia64 [2012.09.23 14:37:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_amd64 [2012.09.23 14:37:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_x86 [2012.09.23 14:37:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_ia64 [2012.09.23 14:37:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_amd64 [2012.09.23 14:37:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti [2012.09.23 14:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\NTI [2012.09.23 05:22:38 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\Documents\mediAvatar [2012.09.22 14:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2012.09.22 13:08:21 | 000,029,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2012.09.22 02:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CrypKey [2012.09.22 02:15:20 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe [2012.09.22 02:15:20 | 000,122,880 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe [2012.09.22 02:15:18 | 001,207,808 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\PhoenixDll.dll [2012.09.22 02:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix [2012.09.22 02:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Outlook PST Repair [2012.09.20 02:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012.09.20 02:04:58 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Local\Conduit [2012.09.20 02:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\FileConverter_1.3 [2012.09.19 22:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE Toolbar IE8 [2012.09.19 22:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012.09.19 22:47:52 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Roaming\uiToolBar Desktop Icons [2012.09.19 22:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2012.09.19 22:30:40 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Roaming\Uniblue [2012.09.19 22:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue [2012.09.19 21:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.09.19 12:35:56 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.09.19 12:35:56 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.09.19 12:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.09.19 12:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012.09.19 12:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2012.09.19 12:34:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.09.19 12:28:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.09.16 12:57:04 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Local\Seven Zip [2012.09.16 12:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs [2012.09.14 17:14:58 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Roaming\Malwarebytes [2012.09.14 17:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.14 17:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.14 17:14:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.14 17:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.06 12:30:29 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\Documents\CSV-Dokumente [2012.09.03 20:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012.09.03 20:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.03 18:20:49 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd Becker\Desktop\OTL.exe [2012.10.03 18:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.03 18:11:02 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\MYPCTuneUp-Gerd Becker-Notification.job [2012.10.03 15:42:35 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.03 15:42:35 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.03 15:32:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.02 18:02:43 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.10.02 17:56:24 | 000,760,120 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.02 17:56:24 | 000,704,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.02 17:56:24 | 000,174,124 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.02 17:56:24 | 000,140,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.01 01:22:36 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\MOBackup.lnk [2012.10.01 00:36:55 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\SimpleSYN.lnk [2012.09.29 01:25:24 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.09.28 15:40:34 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\Schirmfoto.job [2012.09.28 00:32:08 | 000,002,373 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.26 17:38:52 | 000,002,416 | ---- | M] () -- C:\Users\Public\Desktop\FileMaker Pro 11 Advanced.lnk [2012.09.26 08:22:35 | 000,517,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.26 00:46:35 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012.09.26 00:19:57 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.25 23:35:20 | 000,000,208 | ---- | M] () -- C:\Windows\Ulead32.ini [2012.09.25 23:18:13 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.25 20:22:20 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk [2012.09.24 16:17:57 | 000,001,282 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\FileMaker Server 12.lnk [2012.09.24 13:07:33 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Eric's TelNet98.lnk [2012.09.24 11:37:32 | 000,002,302 | ---- | M] () -- C:\Users\Public\Desktop\mediAvatar iPhone Softwarepaket Pro.lnk [2012.09.23 14:37:16 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\NTI Backup Now EZ.lnk [2012.09.22 03:40:09 | 000,003,360 | ---- | M] () -- C:\Windows\System32\esnecil.ind [2012.09.22 03:09:10 | 000,003,360 | ---- | M] () -- C:\Windows\System32\esnecil.nlp [2012.09.22 03:09:10 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat [2012.09.22 02:40:36 | 000,000,144 | ---- | M] () -- C:\Windows\Crypkey.ini [2012.09.22 02:40:35 | 000,001,256 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\Stellar Phoenix Outlook PST Repair.lnk [2012.09.19 22:52:22 | 000,002,157 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\Amazon.lnk [2012.09.19 22:52:22 | 000,002,155 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\WEB.DE.lnk [2012.09.19 22:30:41 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk [2012.09.19 21:19:44 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.09.19 19:52:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.19 19:52:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.19 12:35:55 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.09.19 12:35:55 | 000,002,202 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.09.19 11:29:46 | 000,031,584 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.09.19 11:29:40 | 000,029,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2012.09.19 11:29:40 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.09.18 17:04:10 | 000,000,190 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\Microsoft Fix-it-Support.url [2012.09.18 16:49:45 | 000,000,169 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\eBay.url [2012.09.15 09:47:02 | 000,001,363 | ---- | M] () -- C:\Users\Gerd Becker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.09.14 17:14:55 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.14 12:07:10 | 000,512,399 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\adwcleaner.exe [2012.09.10 00:06:38 | 001,815,118 | ---- | M] () -- C:\Users\Gerd Becker\Localizable.strings [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.03 21:18:26 | 000,002,434 | R--- | M] () -- C:\Users\Gerd Becker\Desktop\Casio Digitalkamera.lnk [2012.09.03 21:18:26 | 000,001,279 | R--- | M] () -- C:\Users\Gerd Becker\Desktop\Eigene Dokumente.lnk [2012.09.03 21:18:25 | 000,001,869 | R--- | M] () -- C:\Users\Gerd Becker\Desktop\VPN-Key Balzer.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.02 17:56:55 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.10.02 17:56:55 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.10.01 01:22:36 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\MOBackup.lnk [2012.10.01 00:36:55 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\SimpleSYN.lnk [2012.09.29 01:25:24 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.09.26 08:22:21 | 000,517,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.26 00:19:57 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.24 15:43:12 | 000,001,282 | ---- | C] () -- C:\Users\Gerd Becker\Desktop\FileMaker Server 12.lnk [2012.09.24 11:37:45 | 001,815,118 | ---- | C] () -- C:\Users\Gerd Becker\Localizable.strings [2012.09.23 14:37:16 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\NTI Backup Now EZ.lnk [2012.09.22 02:16:30 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat [2012.09.22 02:16:10 | 000,003,360 | ---- | C] () -- C:\Windows\System32\esnecil.nlp [2012.09.22 02:16:10 | 000,003,360 | ---- | C] () -- C:\Windows\System32\esnecil.ind [2012.09.22 02:15:49 | 000,000,144 | ---- | C] () -- C:\Windows\Crypkey.ini [2012.09.22 02:15:20 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe [2012.09.22 02:15:20 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys [2012.09.22 02:15:20 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2012.09.22 02:15:20 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe [2012.09.22 02:15:18 | 000,178,176 | ---- | C] () -- C:\Windows\System32\StellarProfile.dll [2012.09.22 02:15:18 | 000,001,256 | ---- | C] () -- C:\Users\Gerd Becker\Desktop\Stellar Phoenix Outlook PST Repair.lnk [2012.09.20 16:48:00 | 000,002,113 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.09.20 16:47:59 | 000,001,647 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk [2012.09.20 16:47:59 | 000,001,363 | ---- | C] () -- C:\Users\Gerd Becker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.09.19 22:30:43 | 000,000,268 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012.09.19 22:30:41 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk [2012.09.19 21:19:44 | 000,001,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.09.19 21:19:44 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.09.19 12:35:55 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.09.19 12:35:55 | 000,002,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.09.19 12:35:55 | 000,002,202 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.09.18 17:04:10 | 000,000,190 | ---- | C] () -- C:\Users\Gerd Becker\Desktop\Microsoft Fix-it-Support.url [2012.09.18 16:49:45 | 000,000,169 | ---- | C] () -- C:\Users\Gerd Becker\Desktop\eBay.url [2012.09.14 17:14:55 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.14 17:13:06 | 000,512,399 | ---- | C] () -- C:\Users\Gerd Becker\Desktop\adwcleaner.exe [2012.07.14 04:12:17 | 000,003,584 | R--- | C] () -- C:\Users\Gerd Becker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.20 18:09:08 | 000,302,425 | R--- | C] () -- C:\Users\Gerd Becker\AppData\Local\funmoods-speeddial.crx [2012.06.13 13:50:47 | 000,000,208 | ---- | C] () -- C:\Windows\Ulead32.ini [2012.05.10 00:15:21 | 000,000,026 | ---- | C] () -- C:\Windows\cJCC.INI [2012.05.10 00:04:58 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2012.05.10 00:04:34 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll [2012.05.10 00:04:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll [2012.04.13 13:04:42 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll [2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.01.18 19:33:03 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll [2012.01.18 19:33:03 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe [2012.01.18 19:33:03 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe [2012.01.18 19:33:03 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll [2012.01.17 23:15:10 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe [2012.01.08 00:40:17 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2012.01.08 00:40:17 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2012.01.08 00:40:17 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2012.01.08 00:40:17 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat [2012.01.08 00:32:09 | 000,000,123 | ---- | C] () -- C:\Windows\System32\QVPMON.INI [2011.12.28 14:09:55 | 000,024,772 | ---- | C] () -- C:\ProgramData\P1100DEF.css [2011.12.28 14:09:55 | 000,004,447 | R--- | C] () -- C:\ProgramData\P1100OS.HTM [2011.12.28 14:09:55 | 000,002,944 | ---- | C] () -- C:\ProgramData\P1100SIG.GIF [2011.12.28 13:54:53 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE [2011.12.28 13:54:53 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL [2011.12.28 13:54:53 | 000,054,272 | R--- | C] () -- C:\Windows\System32\HP1100SMs.dll [2011.12.28 13:50:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll [2011.12.28 13:50:22 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL [2011.11.23 17:18:15 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp [2011.11.23 16:45:55 | 000,226,609 | ---- | C] () -- C:\Windows\hpoins18.dat [2011.11.23 16:45:55 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat [2011.11.23 15:37:23 | 000,177,121 | ---- | C] () -- C:\Windows\hphins30.dat.temp [2011.11.23 15:37:23 | 000,000,366 | ---- | C] () -- C:\Windows\hphmdl30.dat.temp [2011.11.23 15:34:45 | 000,177,284 | ---- | C] () -- C:\Windows\hphins30.dat [2011.11.23 15:34:45 | 000,000,366 | ---- | C] () -- C:\Windows\hphmdl30.dat [2011.11.14 21:37:49 | 000,000,017 | R--- | C] () -- C:\Users\Gerd Becker\AppData\Local\resmon.resmoncfg [2011.06.21 08:42:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll [2009.11.29 02:44:01 | 000,000,760 | R--- | C] () -- C:\Users\Gerd Becker\AppData\Roaming\setup_ldm.iss [2008.12.03 23:30:31 | 000,000,019 | R--- | C] () -- C:\Users\Gerd Becker\AppData\Roaming\mdbu.bin [2008.12.03 20:03:01 | 000,000,000 | R--- | C] () -- C:\Users\Gerd Becker\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.20 11:12:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\1&1 Mail & Media GmbH [2011.11.28 01:47:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Abelssoft [2009.11.29 06:22:38 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\acccore [2009.11.29 06:22:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Buhl Data Service [2009.11.29 06:22:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Buhl Data Service GmbH [2009.11.29 06:22:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\CDZilla [2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\CoSoSys [2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\DataDesign [2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\DisplayTune [2012.02.06 14:38:42 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Eric's TelNet98 [2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\eXPert PDF Editor [2011.11.25 19:51:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\FileMaker [2011.11.25 20:19:36 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\FileMaker Pro Advanced [2012.01.02 04:30:23 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\FinalVideoDownloader [2012.06.20 18:04:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\FreeHideIP [2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\GHISLER [2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\klickTel [2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Leadertech [2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Lexware [2009.11.29 06:22:42 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\MAGIX [2012.06.18 00:39:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\mediAvatar [2012.10.01 01:54:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\MOBackup [2009.11.29 06:22:47 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Musicmatch [2009.11.29 06:22:47 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\NAVIGON [2009.11.29 06:22:47 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\NettoPro [2009.11.29 06:22:47 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\OfficeUpdate12 [2009.11.29 06:22:47 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\OpenOffice.org3 [2011.11.24 14:57:32 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\PC-FAX TX [2012.09.02 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\PCCUStubInstaller [2009.11.29 06:22:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Samsung [2009.11.29 06:22:49 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\ScanSoft [2012.08.30 23:23:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Steganos [2012.08.30 23:23:52 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Steganos VPN [2009.11.29 06:22:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\SYBEX [2009.11.29 06:22:51 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Teleca [2011.11.28 03:07:23 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Template [2011.11.24 01:01:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Thunderbird [2012.09.19 12:35:20 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\TuneUp Software [2008.12.04 03:15:43 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\TVG [2012.09.19 22:47:52 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\uiToolBar Desktop Icons [2012.06.25 00:14:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Ulead Systems [2012.09.19 22:30:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Uniblue [2009.11.29 06:22:51 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\WEB.DE [2009.11.29 06:22:51 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\WinBatch [2012.03.24 02:06:49 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Windows Live Writer [2011.11.28 01:03:02 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\WinSweep [2012.01.04 17:58:20 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Xilisoft [2009.11.29 06:22:51 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > |
|
03.10.2012, 19:52
| #4 |
| /// the machine /// TB-Ausbilder | Virus hat alle Benutzerrechte geändert AdwCleaner bitte vom Desktop löschen. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.10.2012, 13:14
| #5 |
| | Virus hat alle Benutzerrechte geändert So, entschuldiung das erst jetzt eine Antwort kommt, aber ich hatte leider vorher keine Zeit. adwCleaner-Log: Code:
ATTFilter # AdwCleaner v2.003 - Datei am 10/07/2012 um 14:12:13 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Gerd Becker - MEDION-P7300-D
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gerd Becker\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Gerd Becker\AppData\Local\funmoods-speeddial.crx
Ordner Gefunden : C:\Program Files\Common Files\AVG Secure Search
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\FileConverter_1.3
Ordner Gefunden : C:\Program Files\incredibar.com
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Gerd Becker\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\FileConverter_1.3
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\incredibar.com
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\PriceGong
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\FileConverter_1.3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\incredibar.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{153D7D79-706C-443D-BA98-41CA86982C9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3241949
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\FileConverter_1.3
Schlüssel Gefunden : HKLM\Software\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00F05827-CD47-4E8D-AFD7-6BEB1D6A72AA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E04BFCCA-2B19-4B02-90E5-AAD3106C02A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{153D7D79-706C-443D-BA98-41CA86982C9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.3 Toolbar
Schlüssel Gefunden : HKLM\Software\Tarma Installer
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Gerd Becker\AppData\Roaming\Mozilla\Firefox\Profiles\2nkra1ra.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Gerd Becker\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [4349 octets] - [07/10/2012 14:12:14]
########## EOF - C:\AdwCleaner[R1].txt - [4409 octets] ##########
|
|
07.10.2012, 17:49
| #6 |
| /// the machine /// TB-Ausbilder | Virus hat alle Benutzerrechte geändert
Und ein frisches OTL log bitte.
__________________ --> Virus hat alle Benutzerrechte geändert |
|
| Themen zu Virus hat alle Benutzerrechte geändert |
| appdatalow, avg, becker, browser, desktop, emsisoft, erste mal, explorer, fehler, firefox, google, helper, home, internet, internet browser, internet explorer, malwarebytes, microsoft, mozilla, ordner, problem, programm, programme, registrierungsdatenbank, secure, software, suche, tarma, temp, trojan.generic., virus, windows |
.
Linear-Darstellung
