hallo.
wie bei so vielen in diesem forum auch schon ist mein rechner seit gestern befallen. war auf einer streaming-site und seit dem ist nach dem starten des desktophintergrundbildes schluss. eine weiße seite erscheint, lädt ewigt und endet mit ...website kann nicht gestartet werden" und sperrt den rechner nahezu.
habe malwarebye durchlaufen lassen und der fand zweit bedrohungen. ich habe diese entfernen lassen. aviras de-cleaner fand nichts.
nun lauft otl gerade durch. das ergebnis der beiden bericht poste ich hier.
wäre schön wenn mir geholfen werden könnte.
vielen dank im voraus.
gruß raik

anbei nun die logfiles von otl:

otl.txt:OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 07.10.2012 19:46:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\moni & raik\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,20% Memory free
4,23 Gb Paging File | 3,82 Gb Available in Paging File | 90,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,09 Gb Total Space | 340,85 Gb Free Space | 74,90% Space Free | Partition Type: NTFS
Drive D: | 10,66 Gb Total Space | 1,74 Gb Free Space | 16,34% Space Free | Partition Type: NTFS
 
Computer Name: MONIUNDRAIK | User Name: moni & raik | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\moni & raik\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll ()
MOD - C:\Programme\Google\Chrome\Application\22.0.1229.79\pdf.dll ()
MOD - C:\Programme\Google\Chrome\Application\22.0.1229.79\avutil-51.dll ()
MOD - C:\Programme\Google\Chrome\Application\22.0.1229.79\avformat-54.dll ()
MOD - C:\Programme\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TVCapSvc) -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe ()
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_7c71e337\stacsv.exe (IDT, Inc.)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vsdatant7) -- System32\drivers\vsdatant.win7.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                           )
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{160468A8-250A-40C1-8291-01921104DC01}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{AB949608-D76B-43E2-965F-450A19373E61}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKLM\..\SearchScopes\{FAEFD2A5-F527-4B3F-B97D-E911B4FC00ED}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\SearchScopes,DefaultScope = {160468A8-250A-40C1-8291-01921104DC01}
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\SearchScopes\{160468A8-250A-40C1-8291-01921104DC01}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={2C10AC08-5491-427B-ABFB-10AFC6A3E21C}&mid=dc5c16406ecf47d1b8fad16d38da5123-1a3015f4b0c29827aef1ad4e900c1da07d818193&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\SearchScopes\{AB949608-D76B-43E2-965F-450A19373E61}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\SearchScopes\{FAEFD2A5-F527-4B3F-B97D-E911B4FC00ED}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA@2020Technologies.com:5.0.94.0
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.12.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.08.22 17:35:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.06.17 18:15:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.08.22 17:35:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 23:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.11 23:27:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 23:27:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.11 23:27:16 | 000,000,000 | ---D | M]
 
[2010.08.20 12:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moni & raik\AppData\Roaming\mozilla\Extensions
[2012.09.24 20:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moni & raik\AppData\Roaming\mozilla\Firefox\Profiles\oe9tkid6.default\extensions
[2011.01.14 21:02:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\moni & raik\AppData\Roaming\mozilla\Firefox\Profiles\oe9tkid6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.09.24 20:46:50 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\moni & raik\AppData\Roaming\mozilla\Firefox\Profiles\oe9tkid6.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.09.11 23:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.11 23:27:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.11 23:27:29 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.29 18:09:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.07 00:21:10 | 000,003,739 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.11 21:02:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.29 18:09:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.29 18:09:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.29 18:09:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.29 18:09:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: Skype Click to Call = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Google Mail = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2265993982-114685985-2131399077-1000..\Run: [AdobeUpdater6] C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2265993982-114685985-2131399077-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2265993982-114685985-2131399077-1000..\Run: [xvyqaefpvlwwfso] C:\ProgramData\xvyqaefp.exe ()
O4 - Startup: C:\Users\moni & raik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\moni & raik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11BF06F2-3C49-40C1-8723-4BD2D6375562}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{137E8A34-E639-4B36-866F-31BE5515756F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F937C11-A61F-4DA7-9144-C042A8B485E4}: DhcpNameServer = 83.169.184.161 192.168.2.1 83.169.184.225
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\moni & raik\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\moni & raik\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6bca0000-9836-11df-baf2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6bca0000-9836-11df-baf2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ShelExec.exe @EXEDRV@.\start.pdf
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\ShelExec.exe @EXEDRV@.\start.pdf
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.07 19:45:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\moni & raik\Desktop\OTL.exe
[2012.10.06 17:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\mqoqitxhvwfpqqr
[2012.10.06 12:52:23 | 000,000,000 | ---D | C] -- C:\Users\moni & raik\Desktop\wohnung
[2012.09.23 10:20:54 | 000,000,000 | ---D | C] -- C:\Users\moni & raik\AppData\Local\Macromedia
[2012.09.23 10:10:39 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.23 03:03:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.23 03:03:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.23 03:03:34 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.23 03:03:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.23 03:03:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.23 03:03:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.23 03:03:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.23 03:03:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.11 23:43:27 | 000,000,000 | R--D | C] -- C:\Users\moni & raik\Dropbox
[2012.09.11 23:39:18 | 000,000,000 | ---D | C] -- C:\Users\moni & raik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.09.11 23:28:50 | 000,000,000 | ---D | C] -- C:\Users\moni & raik\AppData\Roaming\Dropbox
[2012.09.11 23:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.10 22:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[29 C:\Users\moni & raik\Desktop\*.tmp files -> C:\Users\moni & raik\Desktop\*.tmp -> ]
[1 C:\Users\moni & raik\*.tmp files -> C:\Users\moni & raik\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.07 19:45:19 | 000,000,844 | ---- | M] () -- C:\Users\moni & raik\Desktop\OTL - Verknüpfung.lnk
[2012.10.07 19:44:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\moni & raik\Desktop\OTL.exe
[2012.10.07 19:41:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 19:38:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.07 19:37:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 19:37:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 19:36:58 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.06 17:26:47 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormoni & raik.job
[2012.10.06 17:22:19 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.06 17:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.06 17:18:18 | 000,076,346 | ---- | M] () -- C:\ProgramData\ncalhuvcjlcitld
[2012.10.06 17:18:05 | 000,104,960 | ---- | M] () -- C:\ProgramData\xvyqaefp.exe
[2012.10.06 12:55:29 | 000,017,408 | ---- | M] () -- C:\Users\moni & raik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.06 12:45:10 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.06 12:45:10 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.06 12:45:10 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.06 12:45:09 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.06 12:27:37 | 096,726,842 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.09.28 08:58:30 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.25 21:12:21 | 000,362,246 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.09.23 10:10:40 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.23 10:10:39 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.09.22 10:12:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.11 23:43:27 | 000,000,947 | ---- | M] () -- C:\Users\moni & raik\Desktop\Dropbox.lnk
[2012.09.11 23:39:51 | 000,000,957 | ---- | M] () -- C:\Users\moni & raik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.09.10 22:00:41 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[29 C:\Users\moni & raik\Desktop\*.tmp files -> C:\Users\moni & raik\Desktop\*.tmp -> ]
[1 C:\Users\moni & raik\*.tmp files -> C:\Users\moni & raik\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.07 19:45:19 | 000,000,844 | ---- | C] () -- C:\Users\moni & raik\Desktop\OTL - Verknüpfung.lnk
[2012.10.06 17:18:17 | 000,104,960 | ---- | C] () -- C:\ProgramData\xvyqaefp.exe
[2012.10.06 17:18:06 | 000,076,346 | ---- | C] () -- C:\ProgramData\ncalhuvcjlcitld
[2012.09.23 10:10:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.11 23:43:27 | 000,000,947 | ---- | C] () -- C:\Users\moni & raik\Desktop\Dropbox.lnk
[2012.09.11 23:39:51 | 000,000,957 | ---- | C] () -- C:\Users\moni & raik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.27 21:05:09 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.08.07 19:47:00 | 000,000,117 | ---- | C] () -- C:\Windows\civ.ini
[2011.06.20 21:53:33 | 000,017,408 | ---- | C] () -- C:\Users\moni & raik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.03 21:46:06 | 000,149,506 | ---- | C] () -- C:\Users\moni & raik\2011_01rechnung_5608347905.pdf
[2010.07.29 15:39:32 | 000,000,016 | ---- | C] () -- C:\Users\moni & raik\persistent_state
[2010.07.28 12:14:04 | 000,000,680 | ---- | C] () -- C:\Users\moni & raik\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         

--- --- ---

extras.txt:OTL EXTRAS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 07.10.2012 19:46:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\moni & raik\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,20% Memory free
4,23 Gb Paging File | 3,82 Gb Available in Paging File | 90,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,09 Gb Total Space | 340,85 Gb Free Space | 74,90% Space Free | Partition Type: NTFS
Drive D: | 10,66 Gb Total Space | 1,74 Gb Free Space | 16,34% Space Free | Partition Type: NTFS
 
Computer Name: MONIUNDRAIK | User Name: moni & raik | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2265993982-114685985-2131399077-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36786BDE-2234-45E7-A8BF-EBB7E4DE9424}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F486D551-F931-4E0D-856C-23EC9C20C6CC}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06ADC0CD-3591-48A6-8EF6-D632E26D471A}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{0F862812-C7F4-48A4-B56B-7943CAA179BB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{15C1BD66-9E14-4C3D-9D1B-5AD373CC150A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{1D4FF6BA-5857-45D4-97FB-9A36C0972590}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{1E6F87C5-5AC7-41F9-B142-1D029D018C72}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{27752341-1CDA-4986-8A0A-0FBA08758B27}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{36EE2BA1-BBB1-4A69-B61A-22BE9791CCED}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{371CFD2C-94BB-45F1-862F-73615B27A8EB}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{39A7184E-64A4-48B2-B862-BD0B6D3745DD}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{3BB22FF6-2666-4A53-85D9-C65AEB64D18C}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{404FBE52-1EF1-4D19-BA5F-0B239D58B55B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{40E0C95D-537E-4B52-AFE9-12056C99CCAA}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{4702D36F-E593-4F52-A546-2366F4663FAE}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{479D8556-D3B1-46EE-B02B-3B57D4BD2893}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{532793C0-5E8D-4C9E-947C-75C11079E9CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{53EF9E9E-E4DC-4102-A272-C7B5C646EB14}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{5C559C31-1127-4EC9-9138-F87BD571ABE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7F28E933-F243-46A8-9854-2D144BE9C34B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{8BA3D971-F1DD-482C-975F-39D3BF01A363}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{901F144F-A831-46E1-963F-94AB8719D6C6}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{B165B8B6-DBBA-42FC-9F53-FB707EA1B132}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{E0E17E3D-4426-41BE-9E75-E95A3AB7D29F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{14830F1E-C1C4-4526-BB51-4FC1ABC3EFBD}" = ZoneAlarm Firewall
"{148D093E-113F-824E-4AD1-D986BA0CF904}" = Catalyst Control Center Localization Italian
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F40420C-835B-0950-050C-737A7123612A}" = CCC Help Chinese Traditional
"{1F88DF73-339D-8D26-85C3-8F592861ED65}" = Catalyst Control Center Localization Turkish
"{1FB0B1BA-FA72-8D0B-A684-AAB24EF68569}" = Catalyst Control Center Core Implementation
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{235F2B14-B178-8377-2529-90CA3D8F6BED}" = CCC Help Italian
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{27471967-23FC-08FB-232C-E4618312076E}" = CCC Help Norwegian
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{2C37847C-3E25-CC8E-ED9B-664B20B6BAFE}" = Catalyst Control Center Localization Japanese
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{338FA5E6-4215-F340-2748-6A2F2DBF440C}" = CCC Help Danish
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{38196504-D4E7-4E22-8589-263557DCCDB7}" = HP Wireless Assistant
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CDFEE23-66D2-4DB0-8269-12634E871725}" = Mindjet MindManager Pro 7
"{3E090892-8A98-8910-785C-F078C75658E8}" = Catalyst Control Center Localization French
"{3FD0AA0F-556A-B51E-4ADD-BF1F506E953A}" = ccc-core-static
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{427F07CD-4F39-8819-3BAF-64D99768BC69}" = Catalyst Control Center Localization Spanish
"{48899974-2A8E-8E6A-A7CD-8032A9B8DF69}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F432ABC-08A0-03C3-D863-147D40256581}" = CCC Help Turkish
"{56003B90-5AD7-A1E1-9B6F-907BA97F3095}" = ccc-utility
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{59FCC39D-E148-6E83-F7B6-196E18E07764}" = Catalyst Control Center InstallProxy
"{5ACFB9DC-5187-0E85-2077-579953E0B595}" = CCC Help French
"{5F686CBB-09AB-38F0-4F49-6FA3CA2F194E}" = ATI Catalyst Install Manager
"{5F7A238D-91A9-D755-E9B1-CEBA6993D5AE}" = Catalyst Control Center Localization Russian
"{63D30539-D9C1-AB9B-CEEC-5697981EA8E0}" = Catalyst Control Center Graphics Light
"{64525EA6-B64E-5C0B-6556-ADC2FA98A145}" = CCC Help Spanish
"{64F8B5EE-F7B9-E02F-705B-A5A9AF898425}" = CCC Help Chinese Standard
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6B6574E6-F534-E575-B813-BBE305F115BA}" = CCC Help Swedish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77CF3FDC-85F9-6223-909B-8FE57DD070FF}" = CCC Help Thai
"{7B1351FC-0B3F-8CFF-60DD-FBD57791B06A}" = Catalyst Control Center Localization Czech
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7C6AA635-A9EB-BE76-5BFB-49F5C0C329A6}" = Catalyst Control Center Localization Swedish
"{7D988BD6-A70F-35F8-D9CA-2D7FE04EF452}" = Catalyst Control Center Localization Norwegian
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FBF6153-8392-AFAC-D443-62438F34F596}" = Catalyst Control Center Localization Polish
"{83CA14F0-5AED-93A6-8462-61356AC4BD69}" = CCC Help Korean
"{85115174-53AF-5854-A23F-7C7C9750B1AF}" = Catalyst Control Center Localization Dutch
"{867E78FF-0065-E1B6-391A-E0BEA6C71D24}" = Catalyst Control Center Localization Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9757B760-0708-F95B-C430-0CAC42FD02A2}" = Catalyst Control Center Localization Hungarian
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A23CF2DE-7F49-5659-A8DF-C79501121935}" = Catalyst Control Center Localization Finnish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7AC8E69-01FF-494E-9A2C-423B82CEA604}" = HP MediaSmart SmartMenu
"{A9051724-EC0D-8C2B-6F23-94F9FF111B49}" = Catalyst Control Center Localization German
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AFAD6009-AD81-9990-DEF1-39260D5EAFEE}" = Catalyst Control Center Localization Korean
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4922E65-C79C-4130-9295-CDF8716DB873}" = CCC Help Finnish
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEB50A25-8EC7-11C1-7174-BCAF87F76ACA}" = Catalyst Control Center Localization Greek
"{BF139C21-E549-77BE-AB95-BBCA9CAC7DFE}" = Catalyst Control Center Graphics Full Existing
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda Standard V5.7.0
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6F7F0AE-F809-EFFB-D0C4-8FAB9682D92E}" = Catalyst Control Center Graphics Full New
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CF70FB86-378E-28D2-4CE5-2108292D8BC4}" = CCC Help Greek
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D590F022-35E6-45B5-A140-324FD614EF88}" = HP User Guides 0127
"{D6E31D68-949E-D612-E46E-9989AE8765F3}" = CCC Help English
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E1043293-CDE3-B030-740A-9194411F0B16}" = CCC Help Russian
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{E245B6E7-79B6-E1FB-4048-DF70122E0087}" = CCC Help German
"{E2A3432F-9622-7101-1636-33258BF52760}" = CCC Help Hungarian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3CEC3C7-962E-8DCF-777B-D9FE7CB5E09E}" = CCC Help Polish
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{EA3F9C49-CAA9-4FF5-B70A-A7FC0976C5E9}" = ZoneAlarm Security
"{EAEBB027-DB8A-0711-F377-FF1AEB84C71C}" = CCC Help Portuguese
"{EBBE1D36-F72E-90CE-2E31-03C064011E28}" = Catalyst Control Center Localization Chinese Standard
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF6102C9-7864-36B1-2B51-B90C939A4AEF}" = Catalyst Control Center Localization Portuguese
"{EF7AB3F1-74F9-EE50-B1EA-62E013E13B41}" = CCC Help Japanese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3D5484F-D1CB-E80E-4759-DA1E3DE81D6A}" = CCC Help Czech
"{F6BCFF19-6D85-9B55-FCC0-4A56771F79CC}" = Catalyst Control Center Localization Thai
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9DFBB28-5564-621C-4D5F-E69514CBCEC7}" = Catalyst Control Center Localization Danish
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"AVG" = AVG 2012
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF-XChange 3_is1" = PDF-XChange 3
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"VLC media player" = VLC media player 1.1.11
"Weight Watchers FlexPoints" = Weight Watchers FlexPoints
"WildTangent hp Master Uninstall" = My HP Games
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2265993982-114685985-2131399077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"61240c64869513c2" = Napster Download Manager
"Dropbox" = Dropbox
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.07.2012 21:31:41 | Computer Name = moniundraik | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.08.2012 21:39:16 | Computer Name = moniundraik | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.08.2012 11:38:29 | Computer Name = moniundraik | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 22.08.2012 11:38:33 | Computer Name = moniundraik | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 22.08.2012 14:11:21 | Computer Name = moniundraik | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.08.2012 16:13:54 | Computer Name = moniundraik | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.09.2012 16:04:04 | Computer Name = moniundraik | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 10.09.2012 16:04:10 | Computer Name = moniundraik | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 10.09.2012 16:04:17 | Computer Name = moniundraik | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 11.09.2012 13:58:27 | Computer Name = moniundraik | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 07.10.2012 13:37:24 | Computer Name = moniundraik | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.10.2012 13:37:24 | Computer Name = moniundraik | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.10.2012 13:41:38 | Computer Name = moniundraik | Source = DCOM | ID = 10005
Description = 
 
Error - 07.10.2012 13:41:52 | Computer Name = moniundraik | Source = DCOM | ID = 10005
Description = 
 
Error - 07.10.2012 13:41:55 | Computer Name = moniundraik | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 07.10.2012 13:41:59 | Computer Name = moniundraik | Source = DCOM | ID = 10005
Description = 
 
Error - 07.10.2012 13:42:02 | Computer Name = moniundraik | Source = DCOM | ID = 10005
Description = 
 
Error - 07.10.2012 13:42:03 | Computer Name = moniundraik | Source = DCOM | ID = 10005
Description = 
 
Error - 07.10.2012 13:42:41 | Computer Name = moniundraik | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 07.10.2012 13:42:41 | Computer Name = moniundraik | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         

--- --- ---

malwarebyte fand 2x winlock.trojan. gestern exploit.drop.ur.2 und trojan.agent.
abe alle in den quarantänecontainer verschoben.

so hier nun der log von Malwarebytes von heute:

Malwarebytes Anti-Malware 1.65.0.1400
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.10.07.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
moni & raik :: MONIUNDRAIK [Administrator]

07.10.2012 20:31:42
mbam-log-2012-10-07 (20-31-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 366501
Laufzeit: 56 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|xvyqaefpvlwwfso (Trojan.Winlock) -> Daten: C:\ProgramData\xvyqaefp.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\xvyqaefp.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

moin. ok poste die letzten scans vom jüngsten zum ältesten.


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.22.02

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
moni & raik :: MONIUNDRAIK [Administrator]

06.10.2012 22:43:20
mbam-log-2012-10-06 (22-43-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 364483
Laufzeit: 54 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)




Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.22.02

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
moni & raik :: MONIUNDRAIK [Administrator]

06.10.2012 19:52:18
mbam-log-2012-10-06 (19-52-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 364488
Laufzeit: 54 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\moni & raik\0.5623144930593998.exe (Exploit.Drop.UR.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\moni & raik\ms.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.22.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
moni & raik :: MONIUNDRAIK [Administrator]

22.09.2012 10:13:52
mbam-log-2012-09-22 (10-13-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373418
Laufzeit: 13 Stunde(n), 39 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.08.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
moni & raik :: MONIUNDRAIK [Administrator]

08.08.2012 09:14:46
mbam-log-2012-08-08 (09-14-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 360550
Laufzeit: 10 Stunde(n), 23 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\moni & raik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.29.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
moni & raik :: MONIUNDRAIK [Administrator]

05.07.2012 20:26:25
mbam-log-2012-07-05 (20-26-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 365263
Laufzeit: 3 Stunde(n), 40 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.29.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
moni & raik :: MONIUNDRAIK [Administrator]

29.06.2012 18:12:37
mbam-log-2012-06-29 (18-12-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 199493
Laufzeit: 11 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
moni & raik :: MONIUNDRAIK [Administrator]

28.06.2012 17:49:27
mbam-log-2012-06-28 (17-49-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 348082
Laufzeit: 8 Stunde(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\moni & raik\AppData\Local\Temp\wpbt0.dll (Exploit.Drop) -> Löschen bei Neustart.

(Ende)

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code: Alles auswählenAufklappen

ATTFilter

 hier steht das Log
         

danke für die schnelle hilfe.
anbei der logfile-inhalt von eset.

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=22067403eb08b84c92f5fce6769b1bd1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-10 01:32:52
# local_time=2012-10-10 03:32:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 23917235 23917235 0 0
# compatibility_mode=1792 16777215 100 0 11953157 11953157 0 0
# compatibility_mode=5892 16776638 100 100 8853306 187334527 0 0
# compatibility_mode=8192 67108863 100 0 277 277 0 0
# compatibility_mode=9217 16777214 75 4 9856370 9856370 0 0
# scanned=191648
# found=0
# cleaned=0
# scan_time=30974
         

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Suche.
• Nach Ende des Suchlaufs öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

ok. anbei der inhalt des adwcleaner logs.

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.004 - Datei am 10/10/2012 um 20:18:59 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : moni & raik - MONIUNDRAIK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\moni & raik\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Users\moni & raik\AppData\Local\Conduit
Ordner Gefunden : C:\Users\moni & raik\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\moni & raik\AppData\Roaming\Mozilla\Firefox\Profiles\oe9tkid6.default\Conduit
Ordner Gefunden : C:\Users\moni & raik\AppData\Roaming\Mozilla\Firefox\Profiles\oe9tkid6.default\ConduitCommon

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKU\S-1-5-21-2265993982-114685985-2131399077-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\moni & raik\AppData\Roaming\Mozilla\Firefox\Profiles\oe9tkid6.default\prefs.js

Gefunden : user_pref("CT2613550..clientLogIsEnabled", false);
Gefunden : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2613550.CTID", "ct2613550");
Gefunden : user_pref("CT2613550.CurrentServerDate", "20-4-2012");
Gefunden : user_pref("CT2613550.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2613550.DialogsGetterLastCheckTime", "Thu Apr 19 2012 16:11:07 GMT+0200");
Gefunden : user_pref("CT2613550.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2613550.EMailNotifierPollDate", "Mon Apr 23 2012 21:24:43 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602533", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602539", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602545", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602551", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602557", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602563", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602569", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602575", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602581", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602587", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602593", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602599", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602605", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602611", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602617", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602623", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate129254982599602629", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gefunden : user_pref("CT2613550.FeedPollDate7861255190875796966", "Fri Jul 29 2011 11:21:21 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255191286404846", "Fri Jul 29 2011 11:21:50 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255191690696803", "Fri Jul 29 2011 11:21:20 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255191830767423", "Fri Jul 29 2011 11:21:21 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255192204641884", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255192330261614", "Fri Jul 29 2011 11:21:20 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255192609293799", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255192844976705", "Fri Jul 29 2011 11:21:20 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255193025486845", "Fri Jul 29 2011 11:21:21 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255193127848905", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255193189289837", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255193256322449", "Fri Jul 29 2011 11:21:20 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255193310202497", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255193760634970", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255193813312257", "Fri Jul 29 2011 11:21:21 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255194862513855", "Fri Jul 29 2011 11:21:20 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDate7861255194875474195", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gefunden : user_pref("CT2613550.FeedPollDatehxxps://www.rs2.de/?name=Liveradio", "Tue Oct 04 2011 21:25:33 GMT+[...]
Gefunden : user_pref("CT2613550.FeedTTL129254982599602545", 5);
Gefunden : user_pref("CT2613550.FeedTTL129254982599602551", 5);
Gefunden : user_pref("CT2613550.FeedTTL129254982599602575", 2);
Gefunden : user_pref("CT2613550.FeedTTL129254982599602605", 5);
Gefunden : user_pref("CT2613550.FeedTTL129254982599602617", 30);
Gefunden : user_pref("CT2613550.FeedTTL7861255190875796966", 5);
Gefunden : user_pref("CT2613550.FeedTTL7861255191286404846", 2);
Gefunden : user_pref("CT2613550.FeedTTL7861255191830767423", 30);
Gefunden : user_pref("CT2613550.FeedTTL7861255192609293799", 30);
Gefunden : user_pref("CT2613550.FeedTTL7861255192844976705", 5);
Gefunden : user_pref("CT2613550.FeedTTL7861255193256322449", 5);
Gefunden : user_pref("CT2613550.FeedTTL7861255193310202497", 2);
Gefunden : user_pref("CT2613550.FirstServerDate", "17-3-2011");
Gefunden : user_pref("CT2613550.FirstTime", true);
Gefunden : user_pref("CT2613550.FirstTimeFF3", true);
Gefunden : user_pref("CT2613550.FirstTimeSettingsDone", true);
Gefunden : user_pref("CT2613550.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2613550.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2613550.Initialize", true);
Gefunden : user_pref("CT2613550.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Gefunden : user_pref("CT2613550.InstalledDate", "Thu Mar 17 2011 07:19:36 GMT+0100");
Gefunden : user_pref("CT2613550.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2613550.IsGrouping", false);
Gefunden : user_pref("CT2613550.IsMulticommunity", false);
Gefunden : user_pref("CT2613550.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2613550.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2613550.LanguagePackLastCheckTime", "Thu Mar 17 2011 07:19:52 GMT+0100");
Gefunden : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2613550.LastLogin_2.7.1.3", "Mon Oct 03 2011 23:24:26 GMT+0200");
Gefunden : user_pref("CT2613550.LastLogin_3.12.0.7", "Fri Apr 20 2012 12:36:27 GMT+0200");
Gefunden : user_pref("CT2613550.LastLogin_3.8.0.8", "Thu Apr 19 2012 16:11:07 GMT+0200");
Gefunden : user_pref("CT2613550.LatestVersion", "3.12.0.7");
Gefunden : user_pref("CT2613550.Locale", "de-de");
Gefunden : user_pref("CT2613550.LoginCache", 4);
Gefunden : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2613550.RadioIsPodcast", false);
Gefunden : user_pref("CT2613550.RadioMediaID", "8546");
Gefunden : user_pref("CT2613550.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546");
Gefunden : user_pref("CT2613550.RadioStationName", "Radio%208");
Gefunden : user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u");
Gefunden : user_pref("CT2613550.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Gefunden : user_pref("CT2613550.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2613550.SearchInNewTabLastCheckTime", "Thu Mar 17 2011 07:19:40 GMT+0100");
Gefunden : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gefunden : user_pref("CT2613550.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2613550.ServiceMapLastCheckTime", "Fri Apr 20 2012 13:44:51 GMT+0200");
Gefunden : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2613550.SettingsLastCheckTime", "Thu Mar 17 2011 07:19:35 GMT+0100");
Gefunden : user_pref("CT2613550.SettingsLastUpdate", "1298419708");
Gefunden : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Thu Mar 17 2011 07:19:35 GMT+0100");
Gefunden : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Gefunden : user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
Gefunden : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2613550.UserID", "UN02857060408517331");
Gefunden : user_pref("CT2613550.ValidationData_Search", 1);
Gefunden : user_pref("CT2613550.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2613550.WeatherNetwork", "");
Gefunden : user_pref("CT2613550.WeatherPollDate", "Tue Oct 04 2011 21:25:33 GMT+0200");
Gefunden : user_pref("CT2613550.WeatherUnit", "C");
Gefunden : user_pref("CT2613550.alertChannelId", "1006347");
Gefunden : user_pref("CT2613550.backendstorage.facebbok_user_cuid_585120826", "33633361303030312D323265302D3030[...]
Gefunden : user_pref("CT2613550.backendstorage.facebbok_user_id", "353835313230383236");
Gefunden : user_pref("CT2613550.backendstorage.facebook_conduit_social_sskey_585120826", "565771577176426536695[...]
Gefunden : user_pref("CT2613550.backendstorage.facebook_ctid_connect_send_n", "73656E646564");
Gefunden : user_pref("CT2613550.backendstorage.facebook_ctid_connect_send_new", "73656E646564");
Gefunden : user_pref("CT2613550.backendstorage.facebook_first_visit", "6E6F744669727374");
Gefunden : user_pref("CT2613550.backendstorage.facebook_last_message_choice", "756E72656164");
Gefunden : user_pref("CT2613550.backendstorage.facebook_loggedin", "796573");
Gefunden : user_pref("CT2613550.backendstorage.facebook_login_refresh", "302E353734343937353639393536303839");
Gefunden : user_pref("CT2613550.backendstorage.facebook_login_status", "33");
Gefunden : user_pref("CT2613550.backendstorage.facebook_lust_recievegadet", "");
Gefunden : user_pref("CT2613550.backendstorage.facebook_mode", "32");
Gefunden : user_pref("CT2613550.backendstorage.facebook_toolbar_not_numer", "38");
Gefunden : user_pref("CT2613550.backendstorage.facebook_user_locale", "656E");
Gefunden : user_pref("CT2613550.backendstorage.facebook_user_name", "3078303035322C3078303036312C3078303036392C[...]
Gefunden : user_pref("CT2613550.backendstorage.facebook_user_token", "41414141414D4E753949536742415055506E7A667[...]
Gefunden : user_pref("CT2613550.backendstorage.facebooknotifications", "31");
Gefunden : user_pref("CT2613550.backendstorage.hxxp://facebook_conduitapps_com/v3_13.facebook_last_visit_tab", [...]
Gefunden : user_pref("CT2613550.clientLogIsEnabled", true);
Gefunden : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2613550.ct2613550.AppTrackingLastCheckTime", "Mon Apr 23 2012 14:57:47 GMT+0200");
Gefunden : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 830);
Gefunden : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Gefunden : user_pref("CT2613550.ct2613550.InvalidateCache", false);
Gefunden : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Fri Apr 20 2012 16:15:53 GMT+0200");
Gefunden : user_pref("CT2613550.ct2613550.Locale", "de-de");
Gefunden : user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Mon Oct 03 2011 22:50:41 GMT+0200");
Gefunden : user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0");
Gefunden : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Gefunden : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Mon Apr 23 2012 21:24:41 GMT+0200");
Gefunden : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Fri Apr 20 2012 13:44:52 GMT+0200");
Gefunden : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1334650619");
Gefunden : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Tue Apr 03 2012 22:14:17 GMT+0200");
Gefunden : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Gefunden : user_pref("CT2613550.ct2613550.globalFirstTimeInfoLastCheckTime", "Sat Apr 14 2012 08:36:44 GMT+0200[...]
Gefunden : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Mon Apr 23 2012 21:24:51 GMT+0200"[...]
Gefunden : user_pref("CT2613550.ct2613550.toolbarContextMenuLastCheckTime", "Thu Apr 19 2012 16:11:07 GMT+0200"[...]
Gefunden : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2613550.initDone", true);
Gefunden : user_pref("CT2613550.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2613550.myStuffEnabled", true);
Gefunden : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2613550.oldAppsList", "129171076488700693,129171076488856944,111,129171076488856945,129[...]
Gefunden : user_pref("CT2613550.revertSettingsEnabled", true);
Gefunden : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2613550.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2613550.testingCtid", "");
Gefunden : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CT2613550.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2613550&octid=[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\moni & raik\\AppData\\Roaming\\Mozi[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.7");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Apr 17 2012 08:20:20 GMT+0200");
Gefunden : user_pref("CommunityToolbar.globalUserId", "f26b1e86-349e-4fc0-90e9-e040ef7d813a");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Apr 19 2012 16:10:5[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Apr 19 2012 16:10:53 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "77394ab7-15a2-41cf-80d2-a9ca5ec520af");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [22113 octets] - [10/10/2012 20:18:59]

########## EOF - C:\AdwCleaner[R1].txt - [22174 octets] ##########
         

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Löschen.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

gemacht.

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.004 - Datei am 11/10/2012 um 18:39:31 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : moni & raik - MONIUNDRAIK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\moni & raik\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\moni & raik\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\moni & raik\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\moni & raik\AppData\Roaming\Mozilla\Firefox\Profiles\oe9tkid6.default\Conduit
Ordner Gelöscht : C:\Users\moni & raik\AppData\Roaming\Mozilla\Firefox\Profiles\oe9tkid6.default\ConduitCommon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\moni & raik\AppData\Roaming\Mozilla\Firefox\Profiles\oe9tkid6.default\prefs.js

Gelöscht : user_pref("CT2613550..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2613550.CTID", "ct2613550");
Gelöscht : user_pref("CT2613550.CurrentServerDate", "20-4-2012");
Gelöscht : user_pref("CT2613550.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2613550.DialogsGetterLastCheckTime", "Thu Apr 19 2012 16:11:07 GMT+0200");
Gelöscht : user_pref("CT2613550.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2613550.EMailNotifierPollDate", "Mon Apr 23 2012 21:24:43 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602533", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602539", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602545", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602551", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602557", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602563", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602569", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602575", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602581", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602587", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602593", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602599", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602605", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602611", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602617", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602623", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602629", "Thu Mar 17 2011 13:47:48 GMT+0100");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255190875796966", "Fri Jul 29 2011 11:21:21 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255191286404846", "Fri Jul 29 2011 11:21:50 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255191690696803", "Fri Jul 29 2011 11:21:20 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255191830767423", "Fri Jul 29 2011 11:21:21 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255192204641884", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255192330261614", "Fri Jul 29 2011 11:21:20 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255192609293799", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255192844976705", "Fri Jul 29 2011 11:21:20 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255193025486845", "Fri Jul 29 2011 11:21:21 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255193127848905", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255193189289837", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255193256322449", "Fri Jul 29 2011 11:21:20 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255193310202497", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255193760634970", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255193813312257", "Fri Jul 29 2011 11:21:21 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255194862513855", "Fri Jul 29 2011 11:21:20 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate7861255194875474195", "Fri Jul 29 2011 09:21:21 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDatehxxps://www.rs2.de/?name=Liveradio", "Tue Oct 04 2011 21:25:33 GMT+[...]
Gelöscht : user_pref("CT2613550.FeedTTL129254982599602545", 5);
Gelöscht : user_pref("CT2613550.FeedTTL129254982599602551", 5);
Gelöscht : user_pref("CT2613550.FeedTTL129254982599602575", 2);
Gelöscht : user_pref("CT2613550.FeedTTL129254982599602605", 5);
Gelöscht : user_pref("CT2613550.FeedTTL129254982599602617", 30);
Gelöscht : user_pref("CT2613550.FeedTTL7861255190875796966", 5);
Gelöscht : user_pref("CT2613550.FeedTTL7861255191286404846", 2);
Gelöscht : user_pref("CT2613550.FeedTTL7861255191830767423", 30);
Gelöscht : user_pref("CT2613550.FeedTTL7861255192609293799", 30);
Gelöscht : user_pref("CT2613550.FeedTTL7861255192844976705", 5);
Gelöscht : user_pref("CT2613550.FeedTTL7861255193256322449", 5);
Gelöscht : user_pref("CT2613550.FeedTTL7861255193310202497", 2);
Gelöscht : user_pref("CT2613550.FirstServerDate", "17-3-2011");
Gelöscht : user_pref("CT2613550.FirstTime", true);
Gelöscht : user_pref("CT2613550.FirstTimeFF3", true);
Gelöscht : user_pref("CT2613550.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2613550.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2613550.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2613550.Initialize", true);
Gelöscht : user_pref("CT2613550.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2613550.InstalledDate", "Thu Mar 17 2011 07:19:36 GMT+0100");
Gelöscht : user_pref("CT2613550.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2613550.IsGrouping", false);
Gelöscht : user_pref("CT2613550.IsMulticommunity", false);
Gelöscht : user_pref("CT2613550.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2613550.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2613550.LanguagePackLastCheckTime", "Thu Mar 17 2011 07:19:52 GMT+0100");
Gelöscht : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2613550.LastLogin_2.7.1.3", "Mon Oct 03 2011 23:24:26 GMT+0200");
Gelöscht : user_pref("CT2613550.LastLogin_3.12.0.7", "Fri Apr 20 2012 12:36:27 GMT+0200");
Gelöscht : user_pref("CT2613550.LastLogin_3.8.0.8", "Thu Apr 19 2012 16:11:07 GMT+0200");
Gelöscht : user_pref("CT2613550.LatestVersion", "3.12.0.7");
Gelöscht : user_pref("CT2613550.Locale", "de-de");
Gelöscht : user_pref("CT2613550.LoginCache", 4);
Gelöscht : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2613550.RadioIsPodcast", false);
Gelöscht : user_pref("CT2613550.RadioMediaID", "8546");
Gelöscht : user_pref("CT2613550.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546");
Gelöscht : user_pref("CT2613550.RadioStationName", "Radio%208");
Gelöscht : user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u");
Gelöscht : user_pref("CT2613550.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Gelöscht : user_pref("CT2613550.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2613550.SearchInNewTabLastCheckTime", "Thu Mar 17 2011 07:19:40 GMT+0100");
Gelöscht : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2613550.SearchInNewTabUserEnabled", false);
Gelöscht : user_pref("CT2613550.ServiceMapLastCheckTime", "Fri Apr 20 2012 13:44:51 GMT+0200");
Gelöscht : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2613550.SettingsLastCheckTime", "Thu Mar 17 2011 07:19:35 GMT+0100");
Gelöscht : user_pref("CT2613550.SettingsLastUpdate", "1298419708");
Gelöscht : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Thu Mar 17 2011 07:19:35 GMT+0100");
Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Gelöscht : user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
Gelöscht : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2613550.UserID", "UN02857060408517331");
Gelöscht : user_pref("CT2613550.ValidationData_Search", 1);
Gelöscht : user_pref("CT2613550.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2613550.WeatherNetwork", "");
Gelöscht : user_pref("CT2613550.WeatherPollDate", "Tue Oct 04 2011 21:25:33 GMT+0200");
Gelöscht : user_pref("CT2613550.WeatherUnit", "C");
Gelöscht : user_pref("CT2613550.alertChannelId", "1006347");
Gelöscht : user_pref("CT2613550.backendstorage.facebbok_user_cuid_585120826", "33633361303030312D323265302D3030[...]
Gelöscht : user_pref("CT2613550.backendstorage.facebbok_user_id", "353835313230383236");
Gelöscht : user_pref("CT2613550.backendstorage.facebook_conduit_social_sskey_585120826", "565771577176426536695[...]
Gelöscht : user_pref("CT2613550.backendstorage.facebook_ctid_connect_send_n", "73656E646564");
Gelöscht : user_pref("CT2613550.backendstorage.facebook_ctid_connect_send_new", "73656E646564");
Gelöscht : user_pref("CT2613550.backendstorage.facebook_first_visit", "6E6F744669727374");
Gelöscht : user_pref("CT2613550.backendstorage.facebook_last_message_choice", "756E72656164");
Gelöscht : user_pref("CT2613550.backendstorage.facebook_loggedin", "796573");
Gelöscht : user_pref("CT2613550.backendstorage.facebook_login_refresh", "302E353734343937353639393536303839");
Gelöscht : user_pref("CT2613550.backendstorage.facebook_login_status", "33");
Gelöscht : user_pref("CT2613550.backendstorage.facebook_lust_recievegadet", "");
Gelöscht : user_pref("CT2613550.backendstorage.facebook_mode", "32");
Gelöscht : user_pref("CT2613550.backendstorage.facebook_toolbar_not_numer", "38");
Gelöscht : user_pref("CT2613550.backendstorage.facebook_user_locale", "656E");
Gelöscht : user_pref("CT2613550.backendstorage.facebook_user_name", "3078303035322C3078303036312C3078303036392C[...]
Gelöscht : user_pref("CT2613550.backendstorage.facebook_user_token", "41414141414D4E753949536742415055506E7A667[...]
Gelöscht : user_pref("CT2613550.backendstorage.facebooknotifications", "31");
Gelöscht : user_pref("CT2613550.backendstorage.hxxp://facebook_conduitapps_com/v3_13.facebook_last_visit_tab", [...]
Gelöscht : user_pref("CT2613550.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2613550.ct2613550.AppTrackingLastCheckTime", "Mon Apr 23 2012 14:57:47 GMT+0200");
Gelöscht : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 830);
Gelöscht : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2613550.ct2613550.InvalidateCache", false);
Gelöscht : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Fri Apr 20 2012 16:15:53 GMT+0200");
Gelöscht : user_pref("CT2613550.ct2613550.Locale", "de-de");
Gelöscht : user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Mon Oct 03 2011 22:50:41 GMT+0200");
Gelöscht : user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0");
Gelöscht : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Gelöscht : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Mon Apr 23 2012 21:24:41 GMT+0200");
Gelöscht : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Fri Apr 20 2012 13:44:52 GMT+0200");
Gelöscht : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1334650619");
Gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Tue Apr 03 2012 22:14:17 GMT+0200");
Gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Gelöscht : user_pref("CT2613550.ct2613550.globalFirstTimeInfoLastCheckTime", "Sat Apr 14 2012 08:36:44 GMT+0200[...]
Gelöscht : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Mon Apr 23 2012 21:24:51 GMT+0200"[...]
Gelöscht : user_pref("CT2613550.ct2613550.toolbarContextMenuLastCheckTime", "Thu Apr 19 2012 16:11:07 GMT+0200"[...]
Gelöscht : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2613550.initDone", true);
Gelöscht : user_pref("CT2613550.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2613550.myStuffEnabled", true);
Gelöscht : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2613550.oldAppsList", "129171076488700693,129171076488856944,111,129171076488856945,129[...]
Gelöscht : user_pref("CT2613550.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2613550.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2613550.testingCtid", "");
Gelöscht : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2613550.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2613550&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\moni & raik\\AppData\\Roaming\\Mozi[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.7");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Apr 17 2012 08:20:20 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "f26b1e86-349e-4fc0-90e9-e040ef7d813a");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Apr 19 2012 16:10:5[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Apr 19 2012 16:10:53 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "77394ab7-15a2-41cf-80d2-a9ca5ec520af");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [22244 octets] - [10/10/2012 20:18:59]
AdwCleaner[S1].txt - [22015 octets] - [11/10/2012 18:39:31]

########## EOF - C:\AdwCleaner[S1].txt - [22076 octets] ##########
         

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

hallo,
soweit ich das einschätzen kann, läuft der normale modus unter windows wieder uneingeschränkt.
auch habe ich im startmenü keine lücken entdeckt. keine leeren ordner. nix.
soll ich mir bestimmte sachen ansehen?
gruß raik

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code: Alles auswählenAufklappen

ATTFilter

 hier steht das Log
         

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code: Alles auswählenAufklappen

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Klick auf .
• Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

moin,
also soweit ich es beurteilen kann läuft der normale modus unter windows wieder einwandfrei. keine unterbrechungen oder störungen.
auch die ordner scheinen im startmenü alle gefüllt zu sein.
gibt es etwas worauf ich achten kann oder sollte?
danke und gruß, raik.

fertig.
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 12.10.2012 22:51:39 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\moni & raik\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,52% Memory free
4,24 Gb Paging File | 2,71 Gb Available in Paging File | 63,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,09 Gb Total Space | 340,39 Gb Free Space | 74,80% Space Free | Partition Type: NTFS
Drive D: | 10,66 Gb Total Space | 1,74 Gb Free Space | 16,34% Space Free | Partition Type: NTFS
 
Computer Name: MONIUNDRAIK | User Name: moni & raik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\moni & raik\Desktop\OTL (2).exe (OldTimer Tools)
PRC - C:\Users\moni & raik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Programme\SMINST\BLService.exe ()
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_7c71e337\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3300.29290__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3300.29364__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3300.29275__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3300.29292__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3300.29344__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3300.29325__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3300.29287__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3300.29313__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3300.29282__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3300.29282__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3300.29331__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3300.29363__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3300.29365__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3300.29331__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3300.29330__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3300.29363__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3300.29315__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3300.29339__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3300.29292__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3300.29323__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3300.29314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3300.29322__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3300.29283__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3300.29293__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3300.29310__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3300.29314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3300.29324__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3300.29296__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3300.29313__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3300.29296__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3300.29314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3300.29324__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3300.29372__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3300.29380__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3300.29273__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3300.29353__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3300.29287__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3300.29359__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3300.29273__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3300.29357__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3300.29275__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3300.29279__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3300.29274__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3300.29272__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3300.29272__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3300.29358__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TVCapSvc) -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe ()
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_7c71e337\stacsv.exe (IDT, Inc.)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vsdatant7) -- System32\drivers\vsdatant.win7.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                           )
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{160468A8-250A-40C1-8291-01921104DC01}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{AB949608-D76B-43E2-965F-450A19373E61}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{FAEFD2A5-F527-4B3F-B97D-E911B4FC00ED}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\SearchScopes\{160468A8-250A-40C1-8291-01921104DC01}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\SearchScopes\{AB949608-D76B-43E2-965F-450A19373E61}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\SearchScopes\{FAEFD2A5-F527-4B3F-B97D-E911B4FC00ED}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA@2020Technologies.com:5.0.94.0
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.12.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.08.22 17:35:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.06.17 18:15:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.08.22 17:35:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 23:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.11 23:27:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 23:27:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.11 23:27:16 | 000,000,000 | ---D | M]
 
[2010.08.20 12:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moni & raik\AppData\Roaming\mozilla\Extensions
[2012.09.24 20:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moni & raik\AppData\Roaming\mozilla\Firefox\Profiles\oe9tkid6.default\extensions
[2011.01.14 21:02:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\moni & raik\AppData\Roaming\mozilla\Firefox\Profiles\oe9tkid6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.09.24 20:46:50 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\moni & raik\AppData\Roaming\mozilla\Firefox\Profiles\oe9tkid6.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.09.11 23:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.11 23:27:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.11 23:27:29 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.29 18:09:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 21:02:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.29 18:09:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.29 18:09:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.29 18:09:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.29 18:09:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: Skype Click to Call = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Google Mail = C:\Users\moni & raik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2265993982-114685985-2131399077-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Users\moni & raik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\moni & raik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2265993982-114685985-2131399077-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11BF06F2-3C49-40C1-8723-4BD2D6375562}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{137E8A34-E639-4B36-866F-31BE5515756F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F937C11-A61F-4DA7-9144-C042A8B485E4}: DhcpNameServer = 83.169.184.161 192.168.2.1 83.169.184.225
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\moni & raik\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\moni & raik\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6bca0000-9836-11df-baf2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6bca0000-9836-11df-baf2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ShelExec.exe @EXEDRV@.\start.pdf
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\ShelExec.exe @EXEDRV@.\start.pdf
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Programme\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: CLMLServer for HP TouchSmart - hkey= - key= - C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: DVDAgent - hkey= - key= - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
MsConfig - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vsmon - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.12 22:44:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\moni & raik\Desktop\OTL (2).exe
[2012.10.09 18:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.06 17:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\mqoqitxhvwfpqqr
[2012.10.06 12:52:23 | 000,000,000 | ---D | C] -- C:\Users\moni & raik\Desktop\wohnung
[2012.09.23 10:20:54 | 000,000,000 | ---D | C] -- C:\Users\moni & raik\AppData\Local\Macromedia
[29 C:\Users\moni & raik\Desktop\*.tmp files -> C:\Users\moni & raik\Desktop\*.tmp -> ]
[1 C:\Users\moni & raik\*.tmp files -> C:\Users\moni & raik\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.12 22:44:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\moni & raik\Desktop\OTL (2).exe
[2012.10.12 22:22:21 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.12 22:22:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.12 21:43:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.12 21:43:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.12 21:33:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.12 17:28:48 | 000,364,536 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.10.12 14:57:25 | 097,220,620 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.10.12 14:52:28 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.11 18:44:01 | 2145,370,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.11 18:42:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.10 19:48:30 | 000,538,327 | ---- | M] () -- C:\Users\moni & raik\Desktop\adwcleaner.exe
[2012.10.10 19:43:28 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.06 17:26:47 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormoni & raik.job
[2012.10.06 17:18:18 | 000,076,346 | ---- | M] () -- C:\ProgramData\ncalhuvcjlcitld
[2012.10.06 12:55:29 | 000,017,408 | ---- | M] () -- C:\Users\moni & raik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.06 12:45:10 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.06 12:45:10 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.06 12:45:10 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.06 12:45:09 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.22 10:12:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[29 C:\Users\moni & raik\Desktop\*.tmp files -> C:\Users\moni & raik\Desktop\*.tmp -> ]
[1 C:\Users\moni & raik\*.tmp files -> C:\Users\moni & raik\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.10 19:47:56 | 000,538,327 | ---- | C] () -- C:\Users\moni & raik\Desktop\adwcleaner.exe
[2012.10.07 21:49:18 | 2145,370,112 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.06 17:18:06 | 000,076,346 | ---- | C] () -- C:\ProgramData\ncalhuvcjlcitld
[2012.09.23 10:10:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.27 21:05:09 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.08.07 19:47:00 | 000,000,117 | ---- | C] () -- C:\Windows\civ.ini
[2011.06.20 21:53:33 | 000,017,408 | ---- | C] () -- C:\Users\moni & raik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.03 21:46:06 | 000,149,506 | ---- | C] () -- C:\Users\moni & raik\2011_01rechnung_5608347905.pdf
[2010.07.29 15:39:32 | 000,000,016 | ---- | C] () -- C:\Users\moni & raik\persistent_state
[2010.07.28 12:14:04 | 000,000,680 | ---- | C] () -- C:\Users\moni & raik\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.01.07 00:28:12 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\AVG2012
[2011.12.02 19:26:46 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Canneverbe Limited
[2012.06.17 18:00:07 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\CheckPoint
[2012.10.11 18:47:40 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Dropbox
[2011.07.15 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\muvee Technologies
[2011.12.10 18:00:03 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Samsung
[2011.10.31 14:56:20 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.27 13:25:27 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Adobe
[2010.07.26 00:00:23 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\ATI
[2012.01.07 00:28:12 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\AVG2012
[2012.05.24 10:43:48 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Avira
[2011.12.02 19:26:46 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Canneverbe Limited
[2012.06.17 18:00:07 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\CheckPoint
[2011.07.15 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\CyberLink
[2012.10.11 18:47:40 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Dropbox
[2011.02.04 10:54:56 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Hewlett-Packard
[2010.07.25 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\HP TCS
[2012.02.26 15:05:23 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\HpUpdate
[2010.07.25 23:59:45 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Identities
[2010.07.26 10:58:46 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Macromedia
[2012.06.28 17:48:36 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Media Center Programs
[2012.09.23 10:20:54 | 000,000,000 | --SD | M] -- C:\Users\moni & raik\AppData\Roaming\Microsoft
[2010.08.20 12:19:13 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Mozilla
[2011.07.15 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\muvee Technologies
[2011.12.10 18:00:03 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Samsung
[2012.07.03 15:46:03 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\Skype
[2012.03.25 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\vlc
[2011.10.31 14:56:20 | 000,000,000 | ---D | M] -- C:\Users\moni & raik\AppData\Roaming\WildTangent
 
< %APPDATA%\*.exe /s >
[2012.08.27 06:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\moni & raik\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.08.27 06:21:14 | 000,874,384 | ---- | M] (Dropbox, Inc.) -- C:\Users\moni & raik\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.08.27 06:21:24 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\moni & raik\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.02.20 08:49:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009.02.20 08:49:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009.02.20 08:49:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009.02.20 08:49:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.07.01 15:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.01.20 15:37:48 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2008.01.21 04:24:47 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< End of report >
         

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

PRC - C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
         

AVG und AntiVir niemals parallel betreiben, verwenden immer nur einen Virenscanner! Deinstallieren einen der beiden!
Und deinstalliere auch bitte das unsinnige bis kontraproduktive ZoneAlarm, mach danach ein neue OTL-Log wie o.g.

die virenscanner sind bei unterschiedlichen dingen erfolgreich. soll heißen beide sind nicht zu 100% zuverlässig. welcher ist denn besser?
brauch ich denn nicht die firewall? warum ist die von zonealarm eher kontraproduktiv?
danke für die antworten.