| |
| |||||||
Log-Analyse und Auswertung: Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-linksWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.10.2012, 17:53
| #1 |
 |  Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links Guten Abend aus Wien, bei meinen Internetrecherchen habe ich mir heute morgen- zumindest hab ich es zu diesem Zeitpunkt erstmals bemerkt- vermutlich einen Trojaner eingefangen. Nach Erhalt der Suchergebnisse von google wird beim Versuch, die angezeigten Seiten aufzurufen, sehr häufig eine Umleitung aktiviert, und es erfolgt über eine kurz eingeblendete Seite "searchnowfq.com" oder "searchnowfe.com" eine Weiterleitung meist zu "missgoodtimes" oder "viewster". Die otl.txt und extras.txt Dateien hab ich angeschlossen. Vielen Dank im voraus für weitere Tips. Herzliche Grüße Christoph |
|
17.10.2012, 05:50
| #2 |
| | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links Guten Morgen,
__________________jetzt habe ich eben entdeckt, daß ich offenbar die beiden otl-Dateien als Anhang gesendet habe. Die Möglichkeit, sie direkt als Code einzufügen, hab ich gestern übersehen. Ich versuche es nun. Besten Dank im voraus, herziche Grüße Christoph OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 16/10/2012 17:59:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christoph\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Austria | Language: DEA | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 47.71% Memory free 6.19 Gb Paging File | 4.87 Gb Available in Paging File | 78.73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 458.21 Gb Total Space | 306.19 Gb Free Space | 66.82% Space Free | Partition Type: NTFS Drive D: | 7.55 Gb Total Space | 1.00 Gb Free Space | 13.30% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 465.66 Gb Free Space | 99.98% Space Free | Partition Type: NTFS Drive F: | 59.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: CHRISTOPH-PC | User Name: christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/16 16:03:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christoph\Downloads\OTL.exe PRC - [2012/05/15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012/05/15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/01/21 16:19:38 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2010/12/03 12:18:08 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe PRC - [2009/07/30 21:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/02/04 15:15:40 | 002,428,928 | R--- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSMaster.exe PRC - [2009/02/04 15:11:50 | 005,521,408 | R--- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSCore.exe PRC - [2009/02/04 15:01:24 | 002,768,896 | R--- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSEdge.exe PRC - [2009/02/04 15:00:12 | 002,596,864 | R--- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSAdmin.exe PRC - [2009/02/04 14:42:58 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe PRC - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE PRC - [2008/02/21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2008/01/19 09:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [2008/01/15 13:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/07/12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007/07/12 17:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2007/04/18 17:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe PRC - [2007/03/06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe ========== Modules (No Company Name) ========== MOD - [2011/01/21 16:19:38 | 000,047,616 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\cache.dll MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2012/05/15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/04/20 07:59:11 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/12/03 12:18:08 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool) SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009/07/30 21:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009/02/28 16:17:40 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2009/02/04 15:15:40 | 002,428,928 | R--- | M] (Adobe Systems Incorporated.) [Auto | Running] -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSMaster.exe -- (FMS) SRV - [2009/02/04 15:00:12 | 002,596,864 | R--- | M] (Adobe Systems Incorporated.) [Auto | Running] -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSAdmin.exe -- (FMSAdmin) SRV - [2009/02/04 14:42:58 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Running] -- C:\Program Files\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe -- (FMSHttpd) SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice) SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2008/09/05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2008/02/21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/08/22 02:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2007/07/12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2007/03/06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012/09/12 10:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121015.021\NAVEX15.SYS -- (NAVEX15) DRV - [2012/09/12 10:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121015.021\NAVENG.SYS -- (NAVENG) DRV - [2012/08/15 14:26:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/08/08 10:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/05/15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011/10/18 00:23:24 | 000,286,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20121010.001\IDSvix86.sys -- (IDSvix86) DRV - [2009/08/28 11:49:00 | 000,169,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2009/08/05 17:30:16 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009/08/05 14:44:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2009/08/05 12:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2009/07/28 20:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2009/07/24 11:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2009/06/19 09:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2009/06/19 09:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2009/06/17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009/06/17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/06/17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2009/06/17 11:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2009/03/30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [2009/03/03 19:55:11 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009/02/19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009/02/19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV) DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI) DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW) DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS) DRV - [2008/09/05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon) DRV - [2008/03/31 12:55:32 | 000,596,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UDXTTM6010.sys -- (UDXTTM6010) DRV - [2008/02/01 03:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2008/02/01 03:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2008/02/01 03:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007/10/03 18:18:12 | 000,099,840 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007/08/08 18:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon) DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=81&bd=Pavilion&pf=desktop IE - HKLM\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - SOFTWARE\Classes\CLSID\{0cc09160-108c-4759-bab1-5c12c216e005}\InprocServer32 File not found IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{1D55CD03-39AC-4EE7-8AA2-B93BD903E80E}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2206084 IE - HKLM\..\SearchScopes\{EB51BC5D-84F0-4FDB-A0FE-5EF838700F22}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - SOFTWARE\Classes\CLSID\{0cc09160-108c-4759-bab1-5c12c216e005}\InprocServer32 File not found IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=BCPA&o=16145&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=QK&apn_dtid=YYYYYYYYAT&apn_uid=0CF0763D-C990-4ECB-A130-7E8FCE8BBCFE&apn_sauid=D2B81182-96E1-4073-B45D-1B356FE1999F IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=ASHTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 93.188.168.68:80 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.ftp: "93.188.168.68" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: "93.188.168.68" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "93.188.168.68" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "93.188.168.68" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "93.188.168.68" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2012/04/19 17:45:38 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/08 19:49:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/30 12:06:42 | 000,000,000 | ---D | M] [2011/02/04 19:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christoph\AppData\Roaming\mozilla\Extensions [2012/08/14 07:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christoph\AppData\Roaming\mozilla\Firefox\Profiles\cy6cbrek.default\extensions [2012/08/02 16:48:45 | 000,000,000 | ---D | M] (appbario8 Community Toolbar) -- C:\Users\christoph\AppData\Roaming\mozilla\Firefox\Profiles\cy6cbrek.default\extensions\{0cc09160-108c-4759-bab1-5c12c216e005} [2011/02/04 19:36:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\christoph\AppData\Roaming\mozilla\Firefox\Profiles\cy6cbrek.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/28 23:39:14 | 000,002,333 | ---- | M] () -- C:\Users\christoph\AppData\Roaming\mozilla\firefox\profiles\cy6cbrek.default\searchplugins\askcom.xml [2011/12/08 19:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/21 06:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/21 03:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/11/21 03:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/21 03:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/11/21 03:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/21 03:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/11/21 03:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - Reg Error: Value error. File not found O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - Reg Error: Value error. File not found O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - No CLSID value found. O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll () O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe File not found O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: pink-unicorns.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-at.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-at.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61937460-B7E3-41C8-AD03-9F5D9445633E}: DhcpNameServer = 212.186.211.21 195.34.133.21 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/03/27 16:44:55 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/10/15 16:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState ActiveTcl 8.5.12.0 [2012/10/15 16:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Tcl [2012/10/15 16:04:21 | 000,000,000 | ---D | C] -- C:\Tcl [2012/10/14 09:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReconLab LE 1.2 [2012/10/14 09:12:39 | 000,000,000 | ---D | C] -- C:\ReconLabMaterial [2012/10/14 09:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\ReconLabLE1.2 [2012/10/14 07:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Silicon Graphics [2012/10/10 17:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 [2012/10/03 17:03:31 | 000,000,000 | ---D | C] -- C:\Users\christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SIVP-0.5.0 [2012/10/03 17:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIVP-0.5.0 [2012/10/03 16:37:21 | 000,000,000 | ---D | C] -- C:\Users\christoph\AppData\Roaming\Scilab [2012/10/03 16:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\scilab-5.3.3 [2012/09/29 13:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PyQt GPL v4.9.4 for Python v2.6 (x86) [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/16 17:53:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/16 17:53:07 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job [2012/10/16 17:53:07 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012/10/16 17:52:59 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/16 17:52:58 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/16 17:52:49 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\Lqrpettlq.job [2012/10/16 17:52:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/16 17:52:37 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys [2012/10/16 16:04:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/10/16 15:52:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/14 11:35:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012/10/14 09:12:57 | 000,001,657 | ---- | M] () -- C:\Users\christoph\Desktop\ReconLab.lnk [2012/10/14 09:12:03 | 000,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe [2012/10/13 14:23:36 | 000,025,036 | ---- | M] () -- C:\Users\christoph\AppData\Local\recently-used.xbel [2012/10/11 16:29:58 | 000,297,782 | ---- | M] () -- C:\Users\christoph\Documents\st.johann-flucht.skp [2012/10/10 17:49:50 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2012/10/10 06:48:43 | 000,297,787 | ---- | M] () -- C:\Users\christoph\Documents\st.johann-flucht.skb [2012/10/08 14:50:01 | 000,291,020 | ---- | M] () -- C:\Users\christoph\Documents\stj1.skp [2012/10/07 10:31:32 | 000,272,541 | ---- | M] () -- C:\Users\christoph\Documents\stj0.skp [2012/10/06 17:04:58 | 000,002,591 | ---- | M] () -- C:\Users\christoph\Desktop\Microsoft Office Word 2007.lnk [2012/09/25 16:10:31 | 001,016,677 | ---- | M] () -- C:\Users\christoph\Documents\st.johann5.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/14 09:12:57 | 000,001,657 | ---- | C] () -- C:\Users\christoph\Desktop\ReconLab.lnk [2012/10/14 09:12:03 | 000,007,883 | ---- | C] () -- C:\Windows\Eng_UK.gpl [2012/10/14 07:11:31 | 000,708,120 | ---- | C] () -- C:\Windows\System32\tiffdump.exe [2012/10/14 07:11:31 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF0.dll [2012/10/14 07:11:31 | 000,136,648 | ---- | C] () -- C:\Windows\System32\ifldbgen.exe [2012/10/14 07:11:31 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF0.dll [2012/10/14 07:11:31 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ifl0.dll [2012/10/14 07:11:31 | 000,086,016 | ---- | C] () -- C:\Windows\System32\iflPNG0.dll [2012/10/14 07:11:31 | 000,058,564 | ---- | C] () -- C:\Windows\System32\iflapigen.exe [2012/10/14 07:11:31 | 000,026,708 | ---- | C] () -- C:\Windows\System32\iflstatus.exe [2012/10/14 07:11:31 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflSGI0.dll [2012/10/14 07:11:31 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF0.dll [2012/10/14 07:11:31 | 000,020,480 | ---- | C] () -- C:\Windows\System32\cifl0.dll [2012/10/14 07:11:31 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP0.dll [2012/10/14 07:11:31 | 000,016,384 | ---- | C] () -- C:\Windows\System32\iflXPM0.dll [2012/10/14 07:11:31 | 000,014,848 | ---- | C] () -- C:\Windows\System32\iflPPM0.dll [2012/10/14 07:11:31 | 000,013,312 | ---- | C] () -- C:\Windows\System32\iflRaw0.dll [2012/10/14 07:11:31 | 000,012,800 | ---- | C] () -- C:\Windows\System32\iflXBM0.dll [2012/10/14 07:11:31 | 000,012,288 | ---- | C] () -- C:\Windows\System32\iflFIT0.dll [2012/10/14 07:11:31 | 000,004,524 | R--- | C] () -- C:\Windows\System32\ifl_database0 [2012/10/13 14:23:36 | 000,025,036 | ---- | C] () -- C:\Users\christoph\AppData\Local\recently-used.xbel [2012/10/10 17:49:50 | 000,001,864 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2012/10/08 14:50:01 | 000,291,020 | ---- | C] () -- C:\Users\christoph\Documents\stj1.skp [2012/10/07 10:31:31 | 000,272,541 | ---- | C] () -- C:\Users\christoph\Documents\stj0.skp [2012/09/25 16:10:29 | 001,016,677 | ---- | C] () -- C:\Users\christoph\Documents\st.johann5.jpg [2012/09/09 17:10:00 | 000,143,360 | RHS- | C] () -- C:\Windows\System32\d3dx10_33G.dll [2012/09/06 08:02:17 | 000,000,072 | ---- | C] () -- C:\Users\christoph\.gtk-bookmarks [2012/08/24 18:26:25 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll [2012/08/24 18:26:25 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll [2012/08/24 18:26:25 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll [2012/08/24 18:26:25 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll [2012/08/02 16:55:37 | 000,000,776 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\it.omnidea.Rulers.plist [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Users\christoph\AppData\Roaming\.drv190904.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Program Files\.drv120405.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Users\christoph\AppData\Roaming\.drv120205.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Program Files\.data211204.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Program Files\.data211004.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Program Files\.data110704.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Users\christoph\AppData\Roaming\.data001.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Users\christoph\AppData\Roaming\.data000.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Program Files\.dat000002.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Program Files\.dat000001.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Users\christoph\AppData\Roaming\.app190905.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Users\christoph\AppData\Roaming\.addit001.dat [2012/07/07 18:02:02 | 000,000,012 | ---- | C] () -- C:\Users\christoph\tmpifo.bat [2012/06/30 16:26:15 | 000,176,409 | ---- | C] () -- C:\Windows\hpoins16.dat.temp [2012/06/30 16:26:15 | 000,004,602 | ---- | C] () -- C:\Windows\hpomdl16.dat.temp [2012/06/28 18:43:25 | 000,001,763 | ---- | C] () -- C:\Windows\System32\geodat.dat [2012/06/28 18:43:23 | 000,069,632 | ---- | C] () -- C:\Windows\System32\GkSui18.EXE [2012/06/21 18:50:24 | 000,000,256 | ---- | C] () -- C:\Windows\Caligari.ini [2012/05/27 09:27:11 | 000,000,097 | ---- | C] () -- C:\Users\christoph\AppData\Local\fusioncache.dat [2012/05/20 17:53:18 | 000,048,436 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\naggobot.gmic [2012/05/20 17:53:18 | 000,032,888 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\iain_fergusson.gmic [2012/05/20 17:53:18 | 000,010,257 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\garagecoder.gmic [2012/05/20 17:53:17 | 000,006,831 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\gentlemanbeggar_gmic.gmic [2012/05/20 17:53:16 | 000,100,488 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\tomkeil.gmic [2012/05/20 17:53:16 | 000,047,450 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\photocomix.gmic [2012/05/20 17:53:16 | 000,001,415 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\ronounours.gmic [2012/05/20 17:53:15 | 000,014,955 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\karos.gmic [2012/05/20 17:53:14 | 000,659,229 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\gmic_def.1513 [2012/05/20 17:51:08 | 000,000,879 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\gmic_sources.cimgz [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012/03/29 17:53:33 | 000,014,663 | ---- | C] () -- C:\Users\christoph\.octave_hist [2011/11/11 18:09:30 | 000,001,160 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\ShiftN.ini [2011/10/27 16:35:40 | 000,007,415 | ---- | C] () -- C:\Windows\PmLite3.ini [2011/10/27 16:35:40 | 000,001,862 | ---- | C] () -- C:\Windows\PMStockCams.Ini [2011/09/04 16:50:23 | 000,013,855 | ---- | C] () -- C:\Users\christoph\ayamrc [2011/03/10 20:01:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/02/05 16:18:38 | 000,026,340 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\UserTile.png [2011/02/04 19:34:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/10/22 08:53:29 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009/02/14 11:52:17 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009/02/14 11:52:17 | 000,000,088 | RHS- | C] () -- C:\ProgramData\EB28B746B4.sys [2008/08/11 16:13:01 | 000,046,080 | ---- | C] () -- C:\Users\christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2003/09/15 20:20:48 | 000,000,053 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-110388515-1034420003-653005438-1000\$R4W9SUT\help\help.button.tools.rc.n [2003/09/15 20:20:48 | 000,000,053 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-110388515-1034420003-653005438-1000\$RM5RYGN\help\help.button.tools.rc.n [2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/08/13 16:58:53 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\.marble [2011/01/30 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Ashampoo Cover Studio 2 [2011/08/13 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Blender Foundation [2011/08/27 07:09:42 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Bolthouse Software [2011/01/15 13:16:01 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Canneverbe Limited [2008/08/20 07:34:06 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Das Fussball Studio [2012/03/25 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\DVDVideoSoft [2009/01/15 18:26:47 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Engelmann Media [2012/06/24 14:14:52 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Exif Viewer [2012/04/03 17:36:24 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\fltk.org [2012/06/16 17:35:55 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\FreeCAD [2011/01/15 16:06:59 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\FreeFLVConverter [2011/02/01 18:45:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\GetRightToGo [2012/05/22 18:00:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\gtk-2.0 [2008/08/13 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Hemera [2012/08/29 17:56:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\IrfanView [2008/11/28 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Leadertech [2009/03/08 16:06:34 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Livestation [2009/06/25 18:23:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Mchid [2009/01/02 19:10:09 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Nikon [2012/10/12 16:55:59 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Nitro PDF [2010/08/09 16:39:11 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Nokia [2012/03/21 19:55:22 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Notepad++ [2011/01/15 13:15:44 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\OpenCandy [2009/01/15 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Orbit [2012/09/12 17:01:09 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Origin [2010/08/09 14:54:38 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\PC Suite [2011/02/05 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\PeerNetworking [2008/12/14 18:06:41 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\PPMate [2012/10/03 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Scilab [2011/11/04 19:05:27 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Sports Interactive [2008/06/21 18:17:16 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\temp [2009/02/07 13:37:00 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\TerraTec [2012/08/11 16:27:17 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\transdat [2012/08/18 10:30:01 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Uniblue [2011/03/06 09:16:30 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\WinFAQ ========== Purity Check ========== < End of report OTL Extras logfile created on: 16/10/2012 17:59:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christoph\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Austria | Language: DEA | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 47.71% Memory free 6.19 Gb Paging File | 4.87 Gb Available in Paging File | 78.73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 458.21 Gb Total Space | 306.19 Gb Free Space | 66.82% Space Free | Partition Type: NTFS Drive D: | 7.55 Gb Total Space | 1.00 Gb Free Space | 13.30% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 465.66 Gb Free Space | 99.98% Space Free | Partition Type: NTFS Drive F: | 59.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: CHRISTOPH-PC | User Name: christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate "C:\Program Files\PPMate\ppamnet.exe" = C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2A12B447-65E5-4A84-8A0E-464D978EE0D5}" = rport=138 | protocol=17 | dir=out | app=system | "{2A99B2E8-F6D0-4001-8C46-8F50BCA7C476}" = lport=445 | protocol=6 | dir=in | app=system | "{4DD112A3-7042-45DD-AD7D-EF8023AC6CDF}" = rport=139 | protocol=6 | dir=out | app=system | "{59FD1226-F385-46BD-AABE-0C96927927D3}" = rport=445 | protocol=6 | dir=out | app=system | "{616CCA2D-D2F0-41E7-AD1B-BF568A546815}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7FCFDF92-0729-4F2B-B856-383A83A7D098}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B0E0087B-9EB2-461B-BD50-7F49BE2F2A29}" = rport=137 | protocol=17 | dir=out | app=system | "{BE275126-1EAA-4800-95F5-8149A5AA70B4}" = lport=137 | protocol=17 | dir=in | app=system | "{EE61D03F-D5BE-490B-9494-279145998E83}" = lport=139 | protocol=6 | dir=in | app=system | "{F0354B75-0F32-43E0-AAF2-B61CC5BB6516}" = lport=138 | protocol=17 | dir=in | app=system | "{F863E454-C56B-4130-9E5A-5C8A899160BF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1637AA12-8981-4C26-96DE-B2D8824C8A7F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "{19A4095A-D84A-4F33-A9B4-DAFEEBD21E9C}" = protocol=17 | dir=in | app=c:\users\christoph\appdata\local\temp\{8fbc6e79-1a95-4440-8a1b-0b736bcd941c}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | "{1BEF280A-918D-4869-81DB-B8D98284723E}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{1CC04FAA-1847-40BC-9B6D-5E51082E91D3}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe | "{21A633D9-07FF-4306-9458-79732798AFC6}" = protocol=17 | dir=in | app=c:\users\christoph\desktop\pes2009.exe | "{28A90B41-3BCD-480B-9ECE-CC2B0E8473F2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{2E99E861-AD24-4B04-84C6-78CDB795D6ED}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{541ED42A-84E2-491D-9E98-AD6CA7B0792C}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | "{739FE814-D935-4439-B69C-97BC946F7D22}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{7B67354E-D33D-4E4C-8A6C-C5E1E0441559}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{84117EAB-DA91-4159-9B09-6D06CDF4401C}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "{8470436E-EE97-4AC6-8ED0-3774C983887E}" = protocol=6 | dir=in | app=c:\users\christoph\desktop\pes2009.exe | "{84AFCE57-03B1-451C-B5D1-BF996CCF76B8}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{8AC90CE5-9BB2-437C-BF99-C5AE0853CAB1}" = protocol=6 | dir=in | app=c:\users\christoph\appdata\local\temp\{8fbc6e79-1a95-4440-8a1b-0b736bcd941c}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | "{8FD87E74-10C2-4949-AB13-E7AAF4F715C0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{94024679-F958-4D47-A470-7C79F53F7C18}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{96E242F3-BB00-44AC-8739-8AC6F70E5184}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | "{97A0D452-AE83-4B47-B975-061EB2A32747}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{A3C0A201-9A08-49E5-9C43-F880B68DC087}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{A8A0BEEA-7CBC-4BEA-9BBB-02D13EA88F10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B0DE8F0B-8699-4453-A8D5-FC70935E40D9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{B70F2EF5-C247-45FE-B626-447ED8B71B82}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{BE256F06-59C9-487B-BDA6-295D7CD7CC33}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{C10B95A1-608B-4F27-86BD-90105367AD44}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe | "{D16C7832-70D0-4CDE-A886-5D19AC5FCCF4}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{D6F7394B-E009-42AA-8A72-BE1E3FBD50B9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D7E87719-4E02-4E24-A534-056AE745281B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{E485350E-7B32-4896-BB5C-A26AB08EDD22}" = dir=in | app=c:\users\christ~1\appdata\local\temp\ibtmpf564504\component_514.decrpt | "{F092FE71-3D14-4817-8F5B-477C03E28AD6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F8840FB3-FAFF-467E-851F-13F7737F4D08}" = dir=in | app=c:\users\christ~1\appdata\local\temp\ibtmpf564504\uninstall manager.exe | "{F8F21B70-5554-4334-8906-5AFE48B64F3B}" = dir=in | app=c:\users\christ~1\appdata\local\temp\softonic_ssk_conduit.exe | "{FB35CC33-FEE9-4B3E-9C56-E55666D2DFFF}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer "{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1 "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{110ED870-1DF3-4574-A679-E2C4A8163211}_is1" = Registry System Wizard.NET "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client "{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs "{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360 "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24DF7221-644B-4C3A-A478-459502D40522}" = Backup "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1 "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C57F42A-4925-4B5D-9774-18AEF2B81A97}" = sv3DVision "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{40AAB711-8EFF-4830-8B39-017D3F66983D}" = Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten "{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360 "{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser "{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8 "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6 "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7003B63A-7ECA-42B0-A122-AFF24A9F1D5B}" = Python 2.6 PyGTK 2.24.2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1 "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager "{AE80CE48-D4A4-4073-878A-16AD6CE17523}" = SymNet "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1 "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{C04BADDA-A8E5-4460-8385-88F2A9E2A305}" = MATLAB Component Runtime 7.6 "{C6941FEB-0595-4ff5-8F31-B6F4B31C031F}" = D7200_Help "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{CEEC3316-E759-460d-B7F5-1FB290E231F2}" = HP Photosmart Printer Driver Software 10.0.02 "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan "{D23E6E13-653C-415e-937A-598E1CEFACB1}" = PS_SF_02_Software_min "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component "{D774CBD3-A27F-45A1-A34D-6BE5C918462E}" = 3DCrafter "{D92F1880-822A-41CA-0090-451FBB89BF4C}" = FIFA Fussball-Weltmeisterschaft 2006 (TM) "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation) "{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12 "{EC385B36-AE9D-4F0F-A596-08F7D425D09D}" = Nitro PDF Reader "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 6.9.1 "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "{FE19B8A3-C79D-4A90-8F7C-1B206DB00CFC}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) "3D Object Converter for Windows 4.60" = 3D Object Converter for Windows 4.60 "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "ActiveTcl 8.5.12.0" = ActiveState ActiveTcl 8.5.12.0 "Adobe Flash Media Server 3.5.1_is1" = Adobe Flash Media Server 3.5.1 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "AVS4YOU Video Editor 4_is1" = AVS Video Editor 4 "Blender" = Blender "CAD-3D" = CAD-3D "DesignWorkshop Lite" = DesignWorkshop Lite "Digitale Bibliothek 4" = Digitale Bibliothek 4 "DVD Flick_is1" = DVD Flick 1.3.0.7 "EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) "File-5.03_is1" = GnuWin32: File-5.03 "File-src-5.03_is1" = GnuWin32: File-5.03 "Free FLV Converter_is1" = Free FLV Converter V 6.93.0 "GIMP-2_is1" = GIMP 2.8.0 "G'MIC for GIMP_is1" = G'MIC for GIMP Version 1.5.1.3 "Google Updater" = Google Updater "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photo Creations" = HP Photo Creations "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPExtendedCapabilities" = HP Customer Participation Program 9.0 "Image Format Library 1.3.1" = Image Format Library "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11 "IrfanView" = IrfanView (remove only) "LTplus SketchUP Plugin 7.1" = LTplus SketchUP Plugin 7.1 "Make-3.81_is1" = GnuWin32: Make-3.81 "Make-src-3.81_is1" = GnuWin32: Make-3.81 "MathMap-1.3.5_is1" = MathMap-1.3.5 "Meazure_is1" = Meazure 2.0.1 "MeshLab" = MeshLab 1.3.0 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU "Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de) "Nikon FotoShare" = Nikon FotoShare "Nokia PC Suite" = Nokia PC Suite "Notepad++" = Notepad++ "NSSSetup.{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan (Symantec Corporation) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "Origin" = Origin "PC-Doctor 5 for Windows" = Hardware Diagnose Tools "PerspectiveRectifier_3.3_is1" = Perspective Rectifier 3.3 "PIL-py2.6" = Python 2.6 PIL-1.1.7 "PL-photo3D_is1" = PL-photo3D 1.0 "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "PyQt GPL v4.9.4 for Python v2.6 (x86)" = PyQt GPL v4.9.4 for Python v2.6 (x86) "ReconLab" = ReconLab "ShiftN_is1" = ShiftN 3.6 "ST6UNST #1" = LigaChampion V7.4.5 "SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation) "Ultimate Papercraft3D 1.16_is1" = Ultimate Papercraft3D 1.16 "Uniblue RegistryBooster" = Uniblue RegistryBooster "VLC media player" = VLC media player 1.1.4 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Winload Toolbar" = Winload Toolbar "WinRAR archiver" = WinRAR 4.01 (32-Bit) "Wondershare Streaming Video Recorder_is1" = Wondershare Streaming Video Recorder(Build 2.0.1.4) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CodeBlocks" = CodeBlocks "GeoGebra 5.0 Beta" = GeoGebra 5.0 Beta "PIL-py2.6" = Python 2.6 PIL-1.1.7 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30/09/2012 9:57:59 | Computer Name = christoph-PC | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 8b8 Anfangszeit: 01cd9f0f9825aa86 Zeitpunkt der Beendigung: 13 Error - 02/10/2012 10:34:57 | Computer Name = christoph-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung nvtray.exe, Version 7.17.13.142, Zeitstempel 0x4fb212f3, fehlerhaftes Modul nvtray.exe, Version 7.17.13.142, Zeitstempel 0x4fb212f3, Ausnahmecode 0x40000015, Fehleroffset 0x00101ae9, Prozess-ID 0xaac, Anwendungsstartzeit 01cda0a78a0f358f. Error - 12/10/2012 9:01:37 | Computer Name = christoph-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung MICMAC.exe, Version 0.0.0.0, Zeitstempel 0x473032bd, fehlerhaftes Modul MICMAC.exe, Version 0.0.0.0, Zeitstempel 0x473032bd, Ausnahmecode 0xc0000005, Fehleroffset 0x00010344, Prozess-ID 0x1d2c, Anwendungsstartzeit 01cda879b6a3ea4f. Error - 12/10/2012 9:02:24 | Computer Name = christoph-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung MICMAC.exe, Version 0.0.0.0, Zeitstempel 0x473032bd, fehlerhaftes Modul MICMAC.exe, Version 0.0.0.0, Zeitstempel 0x473032bd, Ausnahmecode 0xc0000005, Fehleroffset 0x00010344, Prozess-ID 0x1b04, Anwendungsstartzeit 01cda879d2a541df. Error - 13/10/2012 11:11:23 | Computer Name = christoph-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung scanalyze.exe, Version 0.0.0.0, Zeitstempel 0x3fbd742b, fehlerhaftes Modul TCL80.DLL, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d, Prozess-ID 0xd60, Anwendungsstartzeit 01cda954f6f7d294. Error - 13/10/2012 11:12:17 | Computer Name = christoph-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung scanalyze.exe, Version 0.0.0.0, Zeitstempel 0x3fbd742b, fehlerhaftes Modul TCL80.DLL, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d, Prozess-ID 0x1858, Anwendungsstartzeit 01cda955204195f4. Error - 13/10/2012 11:14:52 | Computer Name = christoph-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung scanalyze.exe, Version 0.0.0.0, Zeitstempel 0x3fbd742b, fehlerhaftes Modul TK80.DLL, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d, Prozess-ID 0x1f64, Anwendungsstartzeit 01cda95574d24c44. Error - 13/10/2012 11:16:39 | Computer Name = christoph-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung scanalyze.exe, Version 0.0.0.0, Zeitstempel 0x3fbd742b, fehlerhaftes Modul ifl0.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d, Prozess-ID 0x1a2c, Anwendungsstartzeit 01cda955b95cd654. Error - 14/10/2012 3:14:09 | Computer Name = christoph-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.1.0.137, Zeitstempel 0x46444e37, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x24002aa0, Prozess-ID 0x1bd4, Anwendungsstartzeit 01cda9d794118738. Error - 14/10/2012 9:16:32 | Computer Name = christoph-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung RadialUndistort.exe, Version 0.0.0.0, Zeitstempel 0x4cfe4f94, fehlerhaftes Modul MSVCR100.dll, Version 10.0.40219.325, Zeitstempel 0x4df2be1e, Ausnahmecode 0xc0000417, Fehleroffset 0x0008af3e, Prozess-ID 0x1c78, Anwendungsstartzeit 01cdaa0e210cf492. [ Media Center Events ] Error - 06/08/2009 10:22:32 | Computer Name = christoph-PC | Source = ehRecvr | ID = 3 Description = Error - 06/08/2009 10:23:56 | Computer Name = christoph-PC | Source = ehRecvr | ID = 3 Description = Error - 06/08/2009 10:23:57 | Computer Name = christoph-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 06/08/2009 10:26:37 | Computer Name = christoph-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 06/08/2009 10:30:53 | Computer Name = christoph-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 06/08/2009 10:31:07 | Computer Name = christoph-PC | Source = ehRecvr | ID = 3 Description = Error - 06/08/2009 12:42:30 | Computer Name = christoph-PC | Source = ehRecvr | ID = 3 Description = Error - 06/12/2009 2:45:50 | Computer Name = christoph-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 27/05/2010 0:57:35 | Computer Name = christoph-PC | Source = Media Center Guide | ID = 13 Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten. Überprüfen Sie die Internetverbindungseinstellungen. Wenn die Verbindung über einen Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgemäß konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton Error - 13/06/2010 9:35:36 | Computer Name = christoph-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 15/10/2012 10:03:23 | Computer Name = christoph-PC | Source = Service Control Manager | ID = 7000 Description = Error - 16/10/2012 0:19:36 | Computer Name = christoph-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 213.47.87.100 für die Netzwerkkarte mit der Netzwerkadresse 001E8CC584C3 wurde durch den DHCP-Server 195.34.134.99 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 16/10/2012 0:22:55 | Computer Name = christoph-PC | Source = Service Control Manager | ID = 7038 Description = Error - 16/10/2012 0:22:55 | Computer Name = christoph-PC | Source = Service Control Manager | ID = 7000 Description = Error - 16/10/2012 9:37:55 | Computer Name = christoph-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 213.47.87.100 für die Netzwerkkarte mit der Netzwerkadresse 001E8CC584C3 wurde durch den DHCP-Server 195.34.134.99 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 16/10/2012 9:42:08 | Computer Name = christoph-PC | Source = Service Control Manager | ID = 7038 Description = Error - 16/10/2012 9:42:08 | Computer Name = christoph-PC | Source = Service Control Manager | ID = 7000 Description = Error - 16/10/2012 11:52:48 | Computer Name = christoph-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 213.47.87.100 für die Netzwerkkarte mit der Netzwerkadresse 001E8CC584C3 wurde durch den DHCP-Server 195.34.134.99 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 16/10/2012 11:56:45 | Computer Name = christoph-PC | Source = Service Control Manager | ID = 7038 Description = Error - 16/10/2012 11:56:45 | Computer Name = christoph-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
|
18.10.2012, 19:07
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
19.10.2012, 12:44
| #4 |
| | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links Hallo, erst einmal bedanke ich mich vielmals für die schnelle Antwort. Hier schalte ich jetzt die logfile von malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.19.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 christoph :: CHRISTOPH-PC [Administrator] 19/10/2012 6:54:09 mbam-log-2012-10-19 (06-54-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 526972 Laufzeit: 2 Stunde(n), 45 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 c:\$recycle.bin\s-1-5-21-110388515-1034420003-653005438-1000\$rnxnexm.exe (Trojan.Pirminay) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Uninstall Information\ib_uninst_555\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Herzlichen Dank im voraaus und Grüße aus Ö-sterreich PS Malwarebytes hab ich erst heute morgen heruntergeladen und daher erstmals verwendet, dh es gibt keine älteren logfiles. |
|
19.10.2012, 15:03
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-linksESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.10.2012, 20:42
| #6 |
| | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links Guten Abend, der Scanvorgang wurde eben abgeschlossen. Hier ist die log-Datei: Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e23d31155519434b988f7acde0f92322
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-10-19 07:23:14
# local_time=2012-10-19 09:23:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 549961 188190829 0 0
# compatibility_mode=8192 67108863 100 0 197 197 0 0
# scanned=327397
# found=9
# cleaned=0
# scan_time=16493
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\christoph\AppData\Roaming\OpenCandy\OpenCandy_2EA9788A80B742E69F5DA45DB6BF8D39\dlmgr_3_1.6.87.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\christoph\Documents\PremiumTV\setup_PremiumDownloadsForPC.msi Win32/Tool.EvID4226 application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Winferno\PC Confidential\PCCBHO.dll Win32/Adware.PCConfidential application (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/RegistryBooster application 00000000000000000000000000000000 I
abendliche Grüße from Vienna Christoph |
|
21.10.2012, 11:38
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-linksCode:
ATTFilter C:\Program Files\Uniblue\RegistryBooster
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen. Zerstörst Du die Registry, zerstörst Du Windows. adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.10.2012, 12:02
| #8 |
| | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links Danke für die Informationen! Hier ist die Textdatei von adwcleaner: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 21/10/2012 um 13:00:10 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : christoph - CHRISTOPH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\christoph\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\christoph\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gefunden : C:\Users\christoph\AppData\Roaming\Mozilla\Firefox\Profiles\cy6cbrek.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\Free Offers from Freeze.com
Ordner Gefunden : C:\Program Files\Winload
Ordner Gefunden : C:\ProgramData\IBUpdaterService
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\christoph\AppData\Local\Conduit
Ordner Gefunden : C:\Users\christoph\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\christoph\AppData\LocalLow\appbario8
Ordner Gefunden : C:\Users\christoph\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\christoph\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\christoph\AppData\LocalLow\Softonic_Deutsch_FF
Ordner Gefunden : C:\Users\christoph\AppData\LocalLow\Winload
Ordner Gefunden : C:\Users\christoph\AppData\Roaming\Mozilla\Firefox\Profiles\cy6cbrek.default\extensions\{0cc09160-108c-4759-bab1-5c12c216e005}
Ordner Gefunden : C:\Users\christoph\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Windows\system32\Sidekick Manager
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\appbario8
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Softonic_Deutsch_FF
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Freeze.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winload Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2518429F-5C73-49EE-B511-51C12EC8987A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{38A29805-B3AE-4F30-81B1-B62E72FBF32E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CC09160-108C-4759-BAB1-5C12C216E005}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2518429F-5C73-49EE-B511-51C12EC8987A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38A29805-B3AE-4F30-81B1-B62E72FBF32E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\appbario8
Schlüssel Gefunden : HKLM\Software\bProtector
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0DC94E7B-CE27-41AD-9E60-7979B56FFA87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{38A29805-B3AE-4F30-81B1-B62E72FBF32E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0CC02A97-6079-4DDA-A203-AF0599ADF8A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5438E2C0-A0E8-46BF-8993-0AFDA6C84551}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F957BF53-A8EC-401C-99D3-3BA35AB3F58E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CC09160-108C-4759-BAB1-5C12C216E005}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0DC94E7B-CE27-41AD-9E60-7979B56FFA87}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gefunden : HKLM\Software\Softonic_Deutsch_FF
Schlüssel Gefunden : HKLM\Software\Tarma Installer
Schlüssel Gefunden : HKLM\Software\Winload
Schlüssel Gefunden : HKU\S-1-5-21-110388515-1034420003-653005438-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D81AF43-DE53-48D0-A199-42C2A226B24C}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D81AF43-DE53-48D0-A199-42C2A226B24C}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9D81AF43-DE53-48D0-A199-42C2A226B24C}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982
-\\ Mozilla Firefox v8.0.1 (de)
Profilname : default
Datei : C:\Users\christoph\AppData\Roaming\Mozilla\Firefox\Profiles\cy6cbrek.default\prefs.js
Gefunden : user_pref("CT3227982.autoDisableScopes", -1);
*************************
AdwCleaner[R1].txt - [7504 octets] - [21/10/2012 13:00:10]
########## EOF - C:\AdwCleaner[R1].txt - [7564 octets] ##########
Herzliche Grüße C. |
|
21.10.2012, 12:43
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.10.2012, 13:00
| #10 |
| | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links Hier ist die Auswertung von adwcleaner: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 21/10/2012 um 13:53:58 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : christoph - CHRISTOPH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\christoph\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\christoph\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\christoph\AppData\Roaming\Mozilla\Firefox\Profiles\cy6cbrek.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Free Offers from Freeze.com
Ordner Gelöscht : C:\Program Files\Winload
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\christoph\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\christoph\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\christoph\AppData\LocalLow\appbario8
Ordner Gelöscht : C:\Users\christoph\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\christoph\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\christoph\AppData\LocalLow\Softonic_Deutsch_FF
Ordner Gelöscht : C:\Users\christoph\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\christoph\AppData\Roaming\Mozilla\Firefox\Profiles\cy6cbrek.default\extensions\{0cc09160-108c-4759-bab1-5c12c216e005}
Ordner Gelöscht : C:\Users\christoph\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\system32\Sidekick Manager
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\appbario8
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Softonic_Deutsch_FF
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Freeze.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winload Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2518429F-5C73-49EE-B511-51C12EC8987A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{38A29805-B3AE-4F30-81B1-B62E72FBF32E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CC09160-108C-4759-BAB1-5C12C216E005}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2518429F-5C73-49EE-B511-51C12EC8987A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38A29805-B3AE-4F30-81B1-B62E72FBF32E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\appbario8
Schlüssel Gelöscht : HKLM\Software\bProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0DC94E7B-CE27-41AD-9E60-7979B56FFA87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{38A29805-B3AE-4F30-81B1-B62E72FBF32E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0CC02A97-6079-4DDA-A203-AF0599ADF8A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5438E2C0-A0E8-46BF-8993-0AFDA6C84551}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F957BF53-A8EC-401C-99D3-3BA35AB3F58E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CC09160-108C-4759-BAB1-5C12C216E005}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0DC94E7B-CE27-41AD-9E60-7979B56FFA87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : HKLM\Software\Softonic_Deutsch_FF
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\Software\Winload
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D81AF43-DE53-48D0-A199-42C2A226B24C}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D81AF43-DE53-48D0-A199-42C2A226B24C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9D81AF43-DE53-48D0-A199-42C2A226B24C}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]
-\\ Mozilla Firefox v8.0.1 (de)
Profilname : default
Datei : C:\Users\christoph\AppData\Roaming\Mozilla\Firefox\Profiles\cy6cbrek.default\prefs.js
C:\Users\christoph\AppData\Roaming\Mozilla\Firefox\Profiles\cy6cbrek.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT3227982.autoDisableScopes", -1);
*************************
AdwCleaner[R1].txt - [7633 octets] - [21/10/2012 13:00:10]
AdwCleaner[S1].txt - [7461 octets] - [21/10/2012 13:53:58]
########## EOF - C:\AdwCleaner[S1].txt - [7521 octets] ##########
Vielen Dank, bin jetzt zwei Stunden offline. |
|
21.10.2012, 13:15
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links Hätte da mal drei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? 3.) Die Werbeeinblendungen bzw Weiterleitungen wie zB Incredibar oder Mystart sind nun weg?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.10.2012, 14:59
| #12 |
| | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links 1) der normale Modus von windows war für mich nie merkbar beeinträchtigt und funktioniert auch jetzt 2) Im Startmenü befinden sich einige leere Ordner, einige kann ich nicht zuordnen, andere stammen von deinstallierten und gelöschten Programmen/Verzeichnissen 3) Die google- Weiterleitung zu den angezeigten Seiten klappt wesentlich besser als vorher, ein einziges Mal bin ich allerdings wieder bei "yellw.info" statt bei "wikipedia" gelandet. Also ist noch irgendwo ein Trojaner, vermute ich einmal. Wie gehts weiter? Danke für Ihre Geduld, viele Grüße c. |
|
21.10.2012, 16:34
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.10.2012, 17:27
| #14 |
| | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links Guten Abend, hier ist das Ergebnis der Logdatei: Code:
ATTFilter OTL logfile created on: 21/10/2012 17:58:34 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christoph\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Austria | Language: DEA | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 55.84% Memory free 6.21 Gb Paging File | 4.84 Gb Available in Paging File | 78.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 458.21 Gb Total Space | 307.32 Gb Free Space | 67.07% Space Free | Partition Type: NTFS Drive D: | 7.55 Gb Total Space | 1.00 Gb Free Space | 13.30% Space Free | Partition Type: NTFS Drive E: | 465.76 Gb Total Space | 465.66 Gb Free Space | 99.98% Space Free | Partition Type: NTFS Drive F: | 59.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: CHRISTOPH-PC | User Name: christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/21 17:56:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christoph\Desktop\OTL.exe PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2012/05/15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012/05/15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/01/21 16:19:38 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2010/12/03 12:18:08 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe PRC - [2009/07/30 21:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/02/04 15:15:40 | 002,428,928 | R--- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSMaster.exe PRC - [2009/02/04 15:11:50 | 005,521,408 | R--- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSCore.exe PRC - [2009/02/04 15:01:24 | 002,768,896 | R--- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSEdge.exe PRC - [2009/02/04 15:00:12 | 002,596,864 | R--- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSAdmin.exe PRC - [2009/02/04 14:42:58 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe PRC - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE PRC - [2008/01/19 09:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [2008/01/15 13:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/07/12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007/07/12 17:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2007/04/18 17:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe PRC - [2007/03/06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe ========== Modules (No Company Name) ========== MOD - [2011/07/18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2011/01/21 16:19:38 | 000,047,616 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\cache.dll MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2012/05/15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/04/20 07:59:11 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/12/03 12:18:08 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool) SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009/07/30 21:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009/02/28 16:17:40 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2009/02/04 15:15:40 | 002,428,928 | R--- | M] (Adobe Systems Incorporated.) [Auto | Running] -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSMaster.exe -- (FMS) SRV - [2009/02/04 15:00:12 | 002,596,864 | R--- | M] (Adobe Systems Incorporated.) [Auto | Running] -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSAdmin.exe -- (FMSAdmin) SRV - [2009/02/04 14:42:58 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Running] -- C:\Program Files\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe -- (FMSHttpd) SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice) SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2008/09/05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2008/02/21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/08/22 02:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2007/07/12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2007/03/06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012/09/12 10:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121020.007\NAVEX15.SYS -- (NAVEX15) DRV - [2012/09/12 10:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121020.007\NAVENG.SYS -- (NAVENG) DRV - [2012/08/15 14:26:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/08/08 10:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/05/15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011/10/18 00:23:24 | 000,286,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20121019.001\IDSvix86.sys -- (IDSvix86) DRV - [2009/08/28 11:49:00 | 000,169,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2009/08/05 17:30:16 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009/08/05 14:44:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2009/08/05 12:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2009/07/28 20:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2009/07/24 11:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2009/06/19 09:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2009/06/19 09:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2009/06/17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009/06/17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/06/17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2009/06/17 11:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2009/03/30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [2009/03/03 19:55:11 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009/02/19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009/02/19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV) DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI) DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW) DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS) DRV - [2008/09/05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon) DRV - [2008/03/31 12:55:32 | 000,596,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UDXTTM6010.sys -- (UDXTTM6010) DRV - [2008/02/01 03:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2008/02/01 03:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2008/02/01 03:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007/10/03 18:18:12 | 000,099,840 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007/08/08 18:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon) DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=81&bd=Pavilion&pf=desktop IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{1D55CD03-39AC-4EE7-8AA2-B93BD903E80E}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EB51BC5D-84F0-4FDB-A0FE-5EF838700F22}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-110388515-1034420003-653005438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-110388515-1034420003-653005438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-110388515-1034420003-653005438-1000\..\SearchScopes,bProtectorDefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-110388515-1034420003-653005438-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-110388515-1034420003-653005438-1000\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=ASHTDF&src=IE-SearchBox IE - HKU\S-1-5-21-110388515-1034420003-653005438-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKU\S-1-5-21-110388515-1034420003-653005438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-110388515-1034420003-653005438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-110388515-1034420003-653005438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 93.188.168.68:80 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.ftp: "93.188.168.68" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.gopher: "93.188.168.68" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "93.188.168.68" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "93.188.168.68" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "93.188.168.68" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2012/04/19 17:45:38 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/08 19:49:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/30 12:06:42 | 000,000,000 | ---D | M] [2011/02/04 19:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christoph\AppData\Roaming\mozilla\Extensions [2012/10/21 13:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christoph\AppData\Roaming\mozilla\Firefox\Profiles\cy6cbrek.default\extensions [2011/02/04 19:36:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\christoph\AppData\Roaming\mozilla\Firefox\Profiles\cy6cbrek.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/12/08 19:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/21 06:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/21 03:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/11/21 03:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/21 03:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/11/21 03:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/21 03:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/11/21 03:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - Reg Error: Value error. File not found O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - No CLSID value found. O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-110388515-1034420003-653005438-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKU\S-1-5-21-110388515-1034420003-653005438-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll () O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe File not found O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe File not found O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-110388515-1034420003-653005438-1000\..Trusted Domains: pink-unicorns.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-at.cab (MSN Photo Upload Tool) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-at.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61937460-B7E3-41C8-AD03-9F5D9445633E}: DhcpNameServer = 212.186.211.21 195.34.133.21 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/03/27 16:44:55 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe - (TOSHIBA CORPORATION.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk - - File not found MsConfig - StartUpReg: ccApp - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) MsConfig - StartUpReg: Corel File Shell Monitor - hkey= - key= - C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe () MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: Google Updater - hkey= - key= - C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google) MsConfig - StartUpReg: ITSecMng - hkey= - key= - File not found MsConfig - StartUpReg: Livestation - hkey= - key= - File not found MsConfig - StartUpReg: osCheck - hkey= - key= - C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation) MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig - StartUpReg: Remote Control Editor - hkey= - key= - File not found MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - File not found MsConfig - StartUpReg: UVS11 Preload - hkey= - key= - File not found MsConfig - StartUpReg: VeohPlugin - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 0 SafeBootMin: 33287322.sys - Driver SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: 33287322.sys - Driver SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (InterVideo Digital Technology Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.) Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/10/21 17:56:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\christoph\Desktop\OTL.exe [2012/10/19 16:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/10/19 06:52:26 | 000,000,000 | ---D | C] -- C:\Users\christoph\AppData\Roaming\Malwarebytes [2012/10/19 06:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/10/19 06:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/10/19 06:51:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/10/19 06:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/10/19 06:46:56 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\christoph\Desktop\mbam-setup-1.65.1.1000.exe [2012/10/18 16:21:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/10/18 16:00:30 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\christoph\Desktop\tdsskiller.exe [2012/10/17 17:20:20 | 000,000,000 | ---D | C] -- C:\Users\christoph\AppData\Roaming\blaxxun interactive [2012/10/15 16:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState ActiveTcl 8.5.12.0 [2012/10/15 16:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Tcl [2012/10/15 16:04:21 | 000,000,000 | ---D | C] -- C:\Tcl [2012/10/14 09:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReconLab LE 1.2 [2012/10/14 09:12:39 | 000,000,000 | ---D | C] -- C:\ReconLabMaterial [2012/10/14 09:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\ReconLabLE1.2 [2012/10/14 07:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Silicon Graphics [2012/10/10 17:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 [2012/10/03 17:03:31 | 000,000,000 | ---D | C] -- C:\Users\christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SIVP-0.5.0 [2012/10/03 17:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIVP-0.5.0 [2012/10/03 16:37:21 | 000,000,000 | ---D | C] -- C:\Users\christoph\AppData\Roaming\Scilab [2012/10/03 16:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\scilab-5.3.3 [2012/09/29 13:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PyQt GPL v4.9.4 for Python v2.6 (x86) [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/21 17:56:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christoph\Desktop\OTL.exe [2012/10/21 17:53:07 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/21 17:52:38 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job [2012/10/21 17:52:38 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012/10/21 17:52:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/21 17:51:33 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/21 17:51:33 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/21 17:51:31 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\Lqrpettlq.job [2012/10/21 17:51:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/21 17:51:26 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys [2012/10/21 16:04:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/10/21 12:58:54 | 000,538,941 | ---- | M] () -- C:\Users\christoph\Desktop\adwcleaner.exe [2012/10/21 11:35:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012/10/20 18:24:47 | 000,025,677 | ---- | M] () -- C:\Users\christoph\AppData\Local\recently-used.xbel [2012/10/20 15:09:11 | 000,002,591 | ---- | M] () -- C:\Users\christoph\Desktop\Microsoft Office Word 2007.lnk [2012/10/19 06:51:55 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/10/19 06:46:56 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\christoph\Desktop\mbam-setup-1.65.1.1000.exe [2012/10/18 16:06:51 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2012/10/18 16:00:31 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\christoph\Desktop\tdsskiller.exe [2012/10/14 09:12:57 | 000,001,657 | ---- | M] () -- C:\Users\christoph\Desktop\ReconLab.lnk [2012/10/14 09:12:03 | 000,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe [2012/10/11 16:29:58 | 000,297,782 | ---- | M] () -- C:\Users\christoph\Documents\st.johann-flucht.skp [2012/10/10 17:49:50 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2012/10/10 06:48:43 | 000,297,787 | ---- | M] () -- C:\Users\christoph\Documents\st.johann-flucht.skb [2012/10/08 14:50:01 | 000,291,020 | ---- | M] () -- C:\Users\christoph\Documents\stj1.skp [2012/10/07 10:31:32 | 000,272,541 | ---- | M] () -- C:\Users\christoph\Documents\stj0.skp [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/09/25 16:10:31 | 001,016,677 | ---- | M] () -- C:\Users\christoph\Documents\st.johann5.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/21 12:58:52 | 000,538,941 | ---- | C] () -- C:\Users\christoph\Desktop\adwcleaner.exe [2012/10/20 18:24:47 | 000,025,677 | ---- | C] () -- C:\Users\christoph\AppData\Local\recently-used.xbel [2012/10/19 06:51:55 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/10/14 09:12:57 | 000,001,657 | ---- | C] () -- C:\Users\christoph\Desktop\ReconLab.lnk [2012/10/14 09:12:03 | 000,007,883 | ---- | C] () -- C:\Windows\Eng_UK.gpl [2012/10/14 07:11:31 | 000,708,120 | ---- | C] () -- C:\Windows\System32\tiffdump.exe [2012/10/14 07:11:31 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF0.dll [2012/10/14 07:11:31 | 000,136,648 | ---- | C] () -- C:\Windows\System32\ifldbgen.exe [2012/10/14 07:11:31 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF0.dll [2012/10/14 07:11:31 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ifl0.dll [2012/10/14 07:11:31 | 000,086,016 | ---- | C] () -- C:\Windows\System32\iflPNG0.dll [2012/10/14 07:11:31 | 000,058,564 | ---- | C] () -- C:\Windows\System32\iflapigen.exe [2012/10/14 07:11:31 | 000,026,708 | ---- | C] () -- C:\Windows\System32\iflstatus.exe [2012/10/14 07:11:31 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflSGI0.dll [2012/10/14 07:11:31 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF0.dll [2012/10/14 07:11:31 | 000,020,480 | ---- | C] () -- C:\Windows\System32\cifl0.dll [2012/10/14 07:11:31 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP0.dll [2012/10/14 07:11:31 | 000,016,384 | ---- | C] () -- C:\Windows\System32\iflXPM0.dll [2012/10/14 07:11:31 | 000,014,848 | ---- | C] () -- C:\Windows\System32\iflPPM0.dll [2012/10/14 07:11:31 | 000,013,312 | ---- | C] () -- C:\Windows\System32\iflRaw0.dll [2012/10/14 07:11:31 | 000,012,800 | ---- | C] () -- C:\Windows\System32\iflXBM0.dll [2012/10/14 07:11:31 | 000,012,288 | ---- | C] () -- C:\Windows\System32\iflFIT0.dll [2012/10/14 07:11:31 | 000,004,524 | R--- | C] () -- C:\Windows\System32\ifl_database0 [2012/10/10 17:49:50 | 000,001,864 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2012/10/08 14:50:01 | 000,291,020 | ---- | C] () -- C:\Users\christoph\Documents\stj1.skp [2012/10/07 10:31:31 | 000,272,541 | ---- | C] () -- C:\Users\christoph\Documents\stj0.skp [2012/09/25 16:10:29 | 001,016,677 | ---- | C] () -- C:\Users\christoph\Documents\st.johann5.jpg [2012/09/09 17:10:00 | 000,143,360 | RHS- | C] () -- C:\Windows\System32\d3dx10_33G.dll [2012/09/06 08:02:17 | 000,000,072 | ---- | C] () -- C:\Users\christoph\.gtk-bookmarks [2012/08/24 18:26:25 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll [2012/08/24 18:26:25 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll [2012/08/24 18:26:25 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll [2012/08/24 18:26:25 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll [2012/08/02 16:55:37 | 000,000,776 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\it.omnidea.Rulers.plist [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Users\christoph\AppData\Roaming\.drv190904.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Program Files\.drv120405.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Users\christoph\AppData\Roaming\.drv120205.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Program Files\.data211204.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Program Files\.data211004.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Program Files\.data110704.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Users\christoph\AppData\Roaming\.data001.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Users\christoph\AppData\Roaming\.data000.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Program Files\.dat000002.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Program Files\.dat000001.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Users\christoph\AppData\Roaming\.app190905.dat [2012/07/29 17:07:37 | 000,000,008 | -HS- | C] () -- C:\Users\christoph\AppData\Roaming\.addit001.dat [2012/07/07 18:02:02 | 000,000,012 | ---- | C] () -- C:\Users\christoph\tmpifo.bat [2012/06/30 16:26:15 | 000,176,409 | ---- | C] () -- C:\Windows\hpoins16.dat.temp [2012/06/30 16:26:15 | 000,004,602 | ---- | C] () -- C:\Windows\hpomdl16.dat.temp [2012/06/28 18:43:25 | 000,001,763 | ---- | C] () -- C:\Windows\System32\geodat.dat [2012/06/28 18:43:23 | 000,069,632 | ---- | C] () -- C:\Windows\System32\GkSui18.EXE [2012/06/21 18:50:24 | 000,000,256 | ---- | C] () -- C:\Windows\Caligari.ini [2012/05/27 09:27:11 | 000,000,097 | ---- | C] () -- C:\Users\christoph\AppData\Local\fusioncache.dat [2012/05/20 17:53:18 | 000,048,436 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\naggobot.gmic [2012/05/20 17:53:18 | 000,032,888 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\iain_fergusson.gmic [2012/05/20 17:53:18 | 000,010,257 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\garagecoder.gmic [2012/05/20 17:53:17 | 000,006,831 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\gentlemanbeggar_gmic.gmic [2012/05/20 17:53:16 | 000,100,488 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\tomkeil.gmic [2012/05/20 17:53:16 | 000,047,450 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\photocomix.gmic [2012/05/20 17:53:16 | 000,001,415 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\ronounours.gmic [2012/05/20 17:53:15 | 000,014,955 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\karos.gmic [2012/05/20 17:53:14 | 000,659,229 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\gmic_def.1513 [2012/05/20 17:51:08 | 000,000,879 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\gmic_sources.cimgz [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012/03/29 17:53:33 | 000,014,663 | ---- | C] () -- C:\Users\christoph\.octave_hist [2011/11/11 18:09:30 | 000,001,160 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\ShiftN.ini [2011/10/27 16:35:40 | 000,007,415 | ---- | C] () -- C:\Windows\PmLite3.ini [2011/10/27 16:35:40 | 000,001,862 | ---- | C] () -- C:\Windows\PMStockCams.Ini [2011/09/04 16:50:23 | 000,013,855 | ---- | C] () -- C:\Users\christoph\ayamrc [2011/03/10 20:01:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/02/05 16:18:38 | 000,026,340 | ---- | C] () -- C:\Users\christoph\AppData\Roaming\UserTile.png [2011/02/04 19:34:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009/02/14 11:52:17 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009/02/14 11:52:17 | 000,000,088 | RHS- | C] () -- C:\ProgramData\EB28B746B4.sys [2008/08/11 16:13:01 | 000,046,080 | ---- | C] () -- C:\Users\christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2003/09/15 20:20:48 | 000,000,053 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-110388515-1034420003-653005438-1000\$R4W9SUT\help\help.button.tools.rc.n [2003/09/15 20:20:48 | 000,000,053 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-110388515-1034420003-653005438-1000\$RM5RYGN\help\help.button.tools.rc.n [2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/08/13 16:58:53 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\.marble [2011/01/30 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Ashampoo Cover Studio 2 [2012/10/17 17:20:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\blaxxun interactive [2011/08/13 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Blender Foundation [2011/08/27 07:09:42 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Bolthouse Software [2011/01/15 13:16:01 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Canneverbe Limited [2008/08/20 07:34:06 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Das Fussball Studio [2012/03/25 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\DVDVideoSoft [2009/01/15 18:26:47 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Engelmann Media [2012/06/24 14:14:52 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Exif Viewer [2012/04/03 17:36:24 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\fltk.org [2012/06/16 17:35:55 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\FreeCAD [2011/01/15 16:06:59 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\FreeFLVConverter [2011/02/01 18:45:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\GetRightToGo [2012/05/22 18:00:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\gtk-2.0 [2008/08/13 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Hemera [2012/08/29 17:56:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\IrfanView [2008/11/28 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Leadertech [2009/03/08 16:06:34 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Livestation [2009/06/25 18:23:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Mchid [2009/01/02 19:10:09 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Nikon [2012/10/12 16:55:59 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Nitro PDF [2010/08/09 16:39:11 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Nokia [2012/03/21 19:55:22 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Notepad++ [2009/01/15 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Orbit [2012/09/12 17:01:09 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Origin [2010/08/09 14:54:38 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\PC Suite [2011/02/05 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\PeerNetworking [2008/12/14 18:06:41 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\PPMate [2012/10/03 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Scilab [2011/11/04 19:05:27 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Sports Interactive [2008/06/21 18:17:16 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\temp [2009/02/07 13:37:00 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\TerraTec [2012/08/11 16:27:17 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\transdat [2012/08/18 10:30:01 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Uniblue [2011/03/06 09:16:30 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\WinFAQ ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012/08/13 16:58:53 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\.marble [2008/11/28 20:04:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Adobe [2009/02/08 15:10:35 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Apple Computer [2011/01/30 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Ashampoo Cover Studio 2 [2009/02/17 07:35:20 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\AVS4YOU [2012/10/17 17:20:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\blaxxun interactive [2011/08/13 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Blender Foundation [2011/08/27 07:09:42 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Bolthouse Software [2011/01/15 13:16:01 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Canneverbe Limited [2012/09/04 17:24:07 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\codeblocks [2009/02/14 11:54:52 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Corel [2009/02/08 09:45:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\CyberLink [2008/08/20 07:34:06 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Das Fussball Studio [2011/02/18 18:18:15 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\DVD Flick [2012/03/25 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\DVDVideoSoft [2009/01/15 18:26:47 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Engelmann Media [2012/06/24 14:14:52 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Exif Viewer [2012/04/03 17:36:24 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\fltk.org [2012/06/16 17:35:55 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\FreeCAD [2011/01/15 16:06:59 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\FreeFLVConverter [2011/02/01 18:45:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\GetRightToGo [2010/12/31 12:40:25 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Google [2012/05/22 18:00:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\gtk-2.0 [2011/12/08 12:21:40 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Help [2008/08/13 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Hemera [2008/05/05 19:08:39 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Hewlett-Packard [2009/01/17 18:34:01 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\HP [2012/09/30 08:28:00 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\HpUpdate [2008/05/05 19:10:16 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Identities [2009/01/10 16:18:57 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\InstallShield [2012/08/29 17:56:58 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\IrfanView [2008/11/28 20:00:13 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Leadertech [2009/03/08 16:06:34 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Livestation [2011/09/25 08:40:09 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Logitech [2008/05/05 19:09:03 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Macromedia [2012/10/19 06:52:26 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Malwarebytes [2012/03/11 08:30:41 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\MathWorks [2009/06/25 18:23:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Mchid [2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Media Center Programs [2012/08/01 16:57:55 | 000,000,000 | --SD | M] -- C:\Users\christoph\AppData\Roaming\Microsoft [2012/03/13 18:21:02 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Microsoft Corporation [2011/02/04 19:34:12 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Mozilla [2009/01/02 19:10:09 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Nikon [2012/10/12 16:55:59 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Nitro PDF [2010/08/09 16:39:11 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Nokia [2012/03/21 19:55:22 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Notepad++ [2012/10/13 15:13:36 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\NVIDIA [2009/01/15 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Orbit [2012/09/12 17:01:09 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Origin [2010/08/09 14:54:38 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\PC Suite [2011/02/05 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\PeerNetworking [2008/12/14 18:06:41 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\PPMate [2011/03/11 08:09:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Real [2012/10/03 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Scilab [2008/06/21 17:55:17 | 000,000,000 | RH-D | M] -- C:\Users\christoph\AppData\Roaming\SecuROM [2009/02/17 08:16:56 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\SopCast [2011/11/04 19:05:27 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Sports Interactive [2009/03/02 17:44:12 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Symantec [2008/06/21 18:17:16 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\temp [2009/02/07 13:37:00 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\TerraTec [2012/08/11 16:27:17 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\transdat [2008/12/14 18:08:25 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\TVU Networks [2012/08/18 10:30:01 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\Uniblue [2012/09/21 16:17:55 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\vlc [2011/03/06 09:16:30 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\WinFAQ [2011/09/03 13:37:03 | 000,000,000 | ---D | M] -- C:\Users\christoph\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012/08/02 16:54:56 | 000,095,315 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_25bb508a.exe [2012/08/02 16:54:56 | 000,053,559 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_25be7a87.exe [2012/08/02 16:54:56 | 000,046,502 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_25c12483.exe [2012/08/02 16:54:56 | 000,046,502 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_2fc2113e.exe [2012/08/02 16:54:56 | 000,061,203 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_55714a50.exe [2012/08/02 16:54:56 | 000,053,394 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_758a6f3e.exe [2012/08/02 16:54:56 | 000,057,332 | R--- | M] () -- C:\Users\christoph\AppData\Roaming\Microsoft\Installer\{D774CBD3-A27F-45A1-A34D-6BE5C918462E}\_7dbc59a7.exe [2008/02/21 16:02:34 | 000,152,952 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\ALUNOTIF.EXE [2008/02/21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\ALUSDSVC.EXE [2008/02/21 16:02:36 | 000,308,600 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\AUPDATE.EXE [2008/02/21 16:03:08 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\LSETUP.EXE [2008/02/21 16:02:40 | 000,873,848 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\LUALL.EXE [2008/02/21 16:02:48 | 000,062,840 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\LUCBPRXY.EXE [2008/02/21 16:03:08 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\LUCheck.exe [2008/02/21 16:02:46 | 003,220,856 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\LUCOMSVR.EXE [2008/02/21 16:02:42 | 000,804,216 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\LuConfig.EXE [2008/02/21 16:02:44 | 000,016,760 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\LUpdate\WLUEX\NotifyHA.exe [2005/05/19 23:50:36 | 002,584,848 | ---- | M] (Microsoft Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\MSI\wiupdate.exe [2008/02/23 20:08:52 | 000,382,320 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\NCO\NCO\APP\COExport.exe [2008/02/23 20:08:18 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\NCO\NCO\APP\coVisPrx.exe [2007/11/29 18:15:06 | 000,288,088 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\NCO\NCO\SYMSHARE\COL\COLUpdtr.exe [2008/02/20 01:03:58 | 000,160,112 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\Remover\Remover.exe [2008/02/20 01:03:51 | 000,990,056 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\Reporter\Reporter.exe [2008/01/25 19:16:58 | 000,832,896 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\SEVINST\SEVINST.EXE [2008/01/26 10:27:32 | 000,661,896 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\UpdMgr.exe [2008/02/20 01:03:49 | 000,687,976 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\SymLnch\SymLnch.exe [2007/02/13 05:10:44 | 002,682,880 | ---- | M] (Microsoft Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\VCRedist\redist32.exe [2007/02/13 05:10:44 | 003,161,088 | ---- | M] (Microsoft Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\001CACE2.tmp\Support\VCRedist\redist64.exe [2008/04/02 19:07:14 | 002,613,088 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Setup.exe [2008/02/20 01:03:53 | 000,778,080 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Stub.exe [2008/01/25 17:57:36 | 000,031,576 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\FWCfg.exe [2008/01/18 19:43:28 | 001,250,656 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\COH32\COH32.exe [2008/01/18 19:58:48 | 001,996,336 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\COH64\COH64.exe [2008/02/26 16:50:42 | 000,448,352 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\MainStub.exe [2008/02/26 16:50:42 | 000,370,528 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\NSWRedir.exe [2008/02/26 16:50:44 | 000,988,512 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\osCheck.exe [2008/02/26 16:50:44 | 000,404,320 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\ScanStub.exe [2008/02/26 16:50:46 | 000,972,640 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\tpNetMap.exe [2008/02/25 07:21:32 | 000,096,424 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\WSCStub.exe [2008/02/21 16:49:04 | 000,051,576 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\HSLoader.exe [2008/02/21 16:49:08 | 000,036,728 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\isUAC.exe [2008/02/21 16:49:14 | 000,042,360 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\npcLULdr.exe [2008/02/21 16:49:16 | 000,082,808 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\npcLUStb.exe [2008/02/23 18:41:38 | 000,423,304 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\cltUAC.exe [2008/02/23 18:40:46 | 000,533,896 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\SSAutoRN.exe [2008/02/23 18:41:28 | 000,611,712 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\SYMCUW.exe [2008/01/22 16:09:02 | 002,368,888 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\IDS\IdsInst.exe [2008/02/07 00:49:36 | 000,443,760 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\SecHist\MCUI32.exe [2007/08/22 02:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\VASCAN\comHost.exe [2007/08/22 02:22:08 | 000,267,096 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\VASCAN64\comHost.exe [2008/02/23 18:40:46 | 000,533,896 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\OPC\SSAutoRN.exe [2008/01/30 14:55:54 | 001,279,368 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\PIF_96E2\pifCrawl.exe [2008/01/30 14:55:34 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\PIF_96E2\PIFSvc.exe [2008/01/25 19:16:59 | 001,022,848 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Supp64\SEVINST\Sevntx64.exe [2008/02/26 10:34:20 | 000,137,568 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Backup\Backup\buDump.exe [2008/02/18 13:37:38 | 000,051,048 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccApp.exe [2008/02/18 13:37:40 | 000,056,168 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccEvtMgr.exe [2008/02/18 13:37:10 | 000,268,648 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccLgView.exe [2008/02/18 13:37:18 | 000,046,440 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSetMgr.exe [2008/02/18 13:37:54 | 000,876,392 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSEUPDT.exe [2008/02/18 13:37:20 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSvcHst.exe [2008/02/21 16:02:34 | 000,152,952 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\ALUNOTIF.EXE [2008/02/21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\ALUSDSVC.EXE [2008/02/21 16:02:36 | 000,308,600 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\AUPDATE.EXE [2008/02/21 16:03:08 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LSETUP.EXE [2008/02/21 16:02:40 | 000,873,848 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUALL.EXE [2008/02/21 16:02:48 | 000,062,840 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCBPRXY.EXE [2008/02/21 16:03:08 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCheck.exe [2008/02/21 16:02:46 | 003,220,856 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCOMSVR.EXE [2008/02/21 16:02:42 | 000,804,216 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LuConfig.EXE [2008/02/21 16:02:44 | 000,016,760 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\NotifyHA.exe [2005/05/19 23:50:36 | 002,584,848 | ---- | M] (Microsoft Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\MSI\wiupdate.exe [2008/02/23 20:08:52 | 000,382,320 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\APP\COExport.exe [2008/02/23 20:08:18 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\APP\coVisPrx.exe [2007/11/29 18:15:06 | 000,288,088 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\SYMSHARE\COL\COLUpdtr.exe [2008/02/20 01:03:58 | 000,160,112 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Remover\Remover.exe [2008/02/20 01:03:51 | 000,990,056 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Reporter\Reporter.exe [2008/01/25 19:16:58 | 000,832,896 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SEVINST\SEVINST.EXE [2008/01/26 10:27:32 | 000,661,896 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\UpdMgr.exe [2008/02/20 01:03:49 | 000,687,976 | ---- | M] (Symantec Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SymLnch\SymLnch.exe [2007/02/13 05:10:44 | 002,682,880 | ---- | M] (Microsoft Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\VCRedist\redist32.exe [2007/02/13 05:10:44 | 003,161,088 | ---- | M] (Microsoft Corporation) -- C:\Users\christoph\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\VCRedist\redist64.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008/05/11 07:46:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008/05/11 07:46:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008/03/28 01:02:59 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4db4e301\atapi.sys [2008/03/28 01:02:59 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20693_none_db7d35eb3dc727cc\atapi.sys [2008/03/28 01:07:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\System32\drivers\atapi.sys [2008/05/11 07:46:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008/05/11 07:46:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [1999/10/02 11:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\Program Files\MATLAB\MATLAB Component Runtime\v76\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll [2007/01/12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2007/07/12 18:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\hp\DRIVERS\Intel_RAID\iastor.sys [2007/07/12 17:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007/07/12 18:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys [2007/07/12 18:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys [2007/07/12 18:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys [2007/07/12 17:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008/01/19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006/11/02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008/03/28 00:41:33 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2008/03/28 00:41:33 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008/01/19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006/11/02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008/01/19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008/01/19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006/11/02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006/11/02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008/01/19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008/01/19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2012/09/09 17:10:00 | 000,143,360 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\d3dx10_33G.dll < > [2006/11/02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006/11/02 15:01:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2008/05/11 12:11:41 | 000,000,590 | ---- | C] () -- C:\Windows\Tasks\Norton Internet Security - Systemprüfung ausführen - christoph.job [2009/01/02 09:02:35 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\PCConfidential.job [2009/02/21 15:55:43 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job [2009/07/01 06:17:59 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2009/07/01 06:18:00 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011/03/03 15:07:30 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\RegistryBooster.job [2011/03/03 15:15:05 | 000,000,322 | ---- | C] () -- C:\Windows\Tasks\RegTask.job [2012/09/09 17:10:00 | 000,000,320 | ---- | C] () -- C:\Windows\Tasks\Lqrpettlq.job < End of report > |
|
21.10.2012, 20:20
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-110388515-1034420003-653005438-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe File not found
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe File not found
SafeBootMin: 33287322.sys - Driver
SafeBootNet: 33287322.sys - Driver
:Files
C:\Program Files\Uniblue
C:\Users\christoph\AppData\Roaming\OpenCandy
C:\Users\christoph\Documents\PremiumTV\setup_PremiumDownloadsForPC.msi
C:\Users\Public\Winferno
C:\Windows\Tasks\RegistryBooster.job
C:\Windows\Tasks\RegTask.job
C:\Windows\Tasks\Lqrpettlq.job
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links |
| abend, aktiviere, aktivieren, aktiviert, angezeigte, dateien, erfolg, erhalt, google, google redirect virus?, guten, heute, häufig, inter, interne, punkt, search, seite, seiten, suchergebnisse, troja, trojaner, umleitung, vermutlich, versuch, weiterleitung |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
