Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner oder ............????

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.10.2012, 15:48   #1
mt62
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



hallo mitteinander

bin nun ganz neu bei euch und habe gleich ein problem .

da ich ein totaler laie bin redet bitte verständlich , habe keine ahnung von computer sprache .

habe gestern ein update von java gemacht und nun habe ich diese probleme .

- wenn ich seiten aufmache wird sie nach ca. 5-10s grau und ich kann nichts bedienen .

- nun habe ich auch noch unten rechts so ein blödes zeichen drauf wo innen die zahl 1 aufleichtet .

bitte helft mir , bin am verzweifeln , da ich über 10.000 fotos und viele daten drauf habe die ich brauche .

vielen dan im vorraus

mfg manfred
Angehängte Grafiken
Dateityp: png cdfr.PNG (168,8 KB, 148x aufgerufen)
Dateityp: png Unbenanntcdsx.PNG (183,5 KB, 169x aufgerufen)
Dateityp: png fff.PNG (136,3 KB, 242x aufgerufen)

Alt 23.10.2012, 16:08   #2
markusg
/// Malware-holic
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 23.10.2012, 16:17   #3
mt62
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



danke für deine schnelle antwort .

aber leider wenig verstanden

-Kopiere nun den Inhalt in die
Textbox.
-------------was ist das ???????

-Klicke nun bitte auf den Quick Scan Button.------------wo ist das ?????????

sorry , aber ich bin wirklich laie . sorry

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.10.2012 23:33:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\manfred\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 49,33% Memory free
5,85 Gb Paging File | 3,84 Gb Available in Paging File | 65,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 222,71 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Globe Broadband\Globe Broadband.exe ()
PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()
MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()
MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Globe Broadband\Globe Broadband.exe ()
MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - C:\Programme\Yahoo!\Messenger\yui.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Globe Broadband\NDISAPI.dll ()
MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll ()
MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll ()
MOD - C:\Programme\Globe Broadband\atcomm.dll ()
MOD - C:\Programme\Globe Broadband\SMSPlugin.dll ()
MOD - C:\Programme\Globe Broadband\DetectDev.dll ()
MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll ()
MOD - C:\Programme\Globe Broadband\FileManager.dll ()
MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll ()
MOD - C:\Programme\Globe Broadband\CallPlugin.dll ()
MOD - C:\Programme\Globe Broadband\XCodec.dll ()
MOD - C:\Programme\Globe Broadband\DeviceOperate.dll ()
MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll ()
MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll ()
MOD - C:\Programme\Globe Broadband\isaputrace.dll ()
MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2
FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.8
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:47:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:47:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:47:21 | 000,000,000 | ---D | M]
 
[2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions
[2012.10.16 00:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions
[2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}
[2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi
[2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi
[2012.10.16 00:44:42 | 000,089,559 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi
[2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml
[2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml
[2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml
[2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml
[2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml
[2012.09.07 21:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.09.07 21:47:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
 
O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F0735F-35A1-4812-B527-E0E99412945B}: NameServer = 10.198.220.124 202.126.40.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ]
O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun
O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun
O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe
[2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.22 10:52:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner
[2012.10.18 12:52:06 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-werkzeug
[2012.10.18 12:51:10 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-baja
[2012.10.18 12:41:10 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-honda
[2012.10.16 21:00:32 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\FB
[2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch
[2012.09.27 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 23:45:46 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe
[2012.10.23 23:26:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job
[2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG
[2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG
[2012.10.23 22:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.23 22:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 22:39:04 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job
[2012.10.23 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job
[2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\Users\manfred\Desktop\sd.PNG
[2012.10.23 19:17:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.23 16:15:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 16:15:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 16:10:48 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 16:10:29 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG
[2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG
[2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG
[2012.10.22 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job
[2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG
[2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL
[2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG
[2012.10.14 19:14:39 | 000,000,078 | ---- | M] () -- C:\Users\manfred\Desktop\httpwww.germanexpatinthephilippines.b....URL
[2012.10.14 12:44:13 | 000,180,864 | ---- | M] () -- C:\Users\manfred\Desktop\fd.PNG
[2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL
[2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL
[2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL
[2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL
[2012.10.11 20:55:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.11 20:55:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk
[2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL
[2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL
[2012.10.10 13:46:58 | 000,000,078 | ---- | M] () -- C:\Users\manfred\Desktop\Dolls of the World - ChinaJeu.URL
[2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE
[2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG
[2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG
[2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL
[2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG
[2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG
[2012.09.24 23:16:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.09.24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.09.24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
 
========== Files Created - No Company Name ==========
 
[2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG
[2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG
[2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\Users\manfred\Desktop\sd.PNG
[2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG
[2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG
[2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG
[2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG
[2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL
[2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG
[2012.10.14 19:14:39 | 000,000,078 | ---- | C] () -- C:\Users\manfred\Desktop\httpwww.germanexpatinthephilippines.b....URL
[2012.10.14 12:44:13 | 000,180,864 | ---- | C] () -- C:\Users\manfred\Desktop\fd.PNG
[2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL
[2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL
[2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL
[2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL
[2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL
[2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL
[2012.10.10 13:46:58 | 000,000,078 | ---- | C] () -- C:\Users\manfred\Desktop\Dolls of the World - ChinaJeu.URL
[2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG
[2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG
[2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL
[2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG
[2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG
[2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL
[2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL
[2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL
[2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.10.2012 23:33:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\manfred\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 49,33% Memory free
5,85 Gb Paging File | 3,84 Gb Available in Paging File | 65,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 222,71 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Globe Broadband\Globe Broadband.exe ()
PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()
MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()
MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Globe Broadband\Globe Broadband.exe ()
MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - C:\Programme\Yahoo!\Messenger\yui.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Globe Broadband\NDISAPI.dll ()
MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll ()
MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll ()
MOD - C:\Programme\Globe Broadband\atcomm.dll ()
MOD - C:\Programme\Globe Broadband\SMSPlugin.dll ()
MOD - C:\Programme\Globe Broadband\DetectDev.dll ()
MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll ()
MOD - C:\Programme\Globe Broadband\FileManager.dll ()
MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll ()
MOD - C:\Programme\Globe Broadband\CallPlugin.dll ()
MOD - C:\Programme\Globe Broadband\XCodec.dll ()
MOD - C:\Programme\Globe Broadband\DeviceOperate.dll ()
MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll ()
MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll ()
MOD - C:\Programme\Globe Broadband\isaputrace.dll ()
MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2
FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.8
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:47:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:47:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:47:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:47:21 | 000,000,000 | ---D | M]
 
[2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions
[2012.10.16 00:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions
[2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}
[2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi
[2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi
[2012.10.16 00:44:42 | 000,089,559 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi
[2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml
[2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml
[2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml
[2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml
[2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml
[2012.09.07 21:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.09.07 21:47:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
 
O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F0735F-35A1-4812-B527-E0E99412945B}: NameServer = 10.198.220.124 202.126.40.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ]
O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun
O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun
O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe
[2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.22 10:52:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner
[2012.10.18 12:52:06 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-werkzeug
[2012.10.18 12:51:10 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-baja
[2012.10.18 12:41:10 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-honda
[2012.10.16 21:00:32 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\FB
[2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch
[2012.09.27 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 23:45:46 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe
[2012.10.23 23:26:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job
[2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG
[2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG
[2012.10.23 22:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.23 22:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 22:39:04 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job
[2012.10.23 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job
[2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\Users\manfred\Desktop\sd.PNG
[2012.10.23 19:17:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.23 16:15:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 16:15:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 16:10:48 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 16:10:29 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG
[2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG
[2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG
[2012.10.22 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job
[2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG
[2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL
[2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG
[2012.10.14 19:14:39 | 000,000,078 | ---- | M] () -- C:\Users\manfred\Desktop\httpwww.germanexpatinthephilippines.b....URL
[2012.10.14 12:44:13 | 000,180,864 | ---- | M] () -- C:\Users\manfred\Desktop\fd.PNG
[2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL
[2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL
[2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL
[2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL
[2012.10.11 20:55:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.11 20:55:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk
[2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL
[2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL
[2012.10.10 13:46:58 | 000,000,078 | ---- | M] () -- C:\Users\manfred\Desktop\Dolls of the World - ChinaJeu.URL
[2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE
[2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG
[2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG
[2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL
[2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG
[2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG
[2012.09.24 23:16:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.09.24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.09.24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
 
========== Files Created - No Company Name ==========
 
[2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG
[2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG
[2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\Users\manfred\Desktop\sd.PNG
[2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG
[2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG
[2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG
[2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG
[2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL
[2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG
[2012.10.14 19:14:39 | 000,000,078 | ---- | C] () -- C:\Users\manfred\Desktop\httpwww.germanexpatinthephilippines.b....URL
[2012.10.14 12:44:13 | 000,180,864 | ---- | C] () -- C:\Users\manfred\Desktop\fd.PNG
[2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL
[2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL
[2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL
[2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL
[2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL
[2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL
[2012.10.10 13:46:58 | 000,000,078 | ---- | C] () -- C:\Users\manfred\Desktop\Dolls of the World - ChinaJeu.URL
[2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG
[2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG
[2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL
[2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG
[2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG
[2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL
[2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL
[2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL
[2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL

< End of report >
         
--- --- ---

ist das richtig ?

ist das was ihr braucht ?

ist das richtig ?

ist das was ihr braucht ?

kann jemand helfen , wer weis was ich habe .
__________________

Alt 24.10.2012, 19:39   #4
markusg
/// Malware-holic
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



otl hat eine box, dort den text einkopieren, bitte noch mal und dann scannen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.10.2012, 18:05   #5
mt62
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



hallo

ich finde auf der seite von OTL nichts von einer box .

sorry ich habe echt keine ahnung .

habe nun auf scan gedrückt und ist nun vertig nun ging eine seite auf wo daten stehen .

soll ich nun die daten hier einfügen ?

bitte habt etwas verständnis das ich nicht ganz durchsehe .

Angehängte Grafiken
Dateityp: png 1...PNG (95,1 KB, 119x aufgerufen)

Alt 26.10.2012, 12:38   #6
mt62
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



Zitat:
Zitat von markusg Beitrag anzeigen
otl hatt eine box, dort den text einkopieren, bitte noch mal und dann scannen
verstehe ich nicht ! was soll ich noch mal und dan scannen ??
das --------- und dann scannen----------- verstehe ich nicht .
ich habe nur gescannt und dann kopiert .

vieleicht verstehe ich da was falsch , aber ich verstehe es nicht , sorry

Alt 28.10.2012, 11:09   #7
mt62
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.10.2012 17:44:09 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\manfred\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 63,40% Memory free
5,85 Gb Paging File | 4,52 Gb Available in Paging File | 77,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 221,36 Gb Free Space | 74,28% Space Free | Partition Type: NTFS
Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2C1FE3E7-D1DD-4B49-AC3B-54F99DD727FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2DB60A46-7F39-4117-B730-092A95268100}" = rport=138 | protocol=17 | dir=out | app=system | 
"{30EDF6BE-E24B-4343-B021-8DEB6BDA6E4C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{31E08B30-1789-480D-8BDE-44B7870E38B7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{638DE2BB-514E-4FF2-8958-2BADFEF0C149}" = lport=445 | protocol=6 | dir=in | app=system | 
"{85BACC20-BC31-4946-875F-8020EC4AA4C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{93479A70-BE2C-454D-8A8F-6574F4E4DCE3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A3FBD9BF-4E92-4881-8FF5-0E0743FDD50A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A6808EBE-09F6-4B4C-9002-AE2B579BCE3A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B9F825C4-9C14-4284-AABD-2859F9990095}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BFE05BF0-126F-47B9-A4CA-3D108D436FA5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F9B39352-094A-4224-90BD-0AFD3BFABF8B}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19E1543E-80B7-4443-A9FF-76D0804919D7}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{25F903B1-D27D-4C46-B419-7E4734106273}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{285C5D39-B54E-42CF-B8BB-E80CDF35CB51}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{3F0AC9F6-0901-4A21-8677-AE1E465813D3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{44DFB270-8F47-4D2B-9CF5-361D73EFA82D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5DB401C8-8C79-4AD7-8C5A-6582D8193FF7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{65516601-ABE0-4902-95EE-C02FA53DF1E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6F65A6CF-6751-4592-B64B-0DD831B1833A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{8E0030B5-9B46-4436-A0E9-E8D8678D2018}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{A5D50297-759A-43CF-9ABD-0F9BA65677F1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{ACC1DFBC-CA68-4E54-BED9-5AF61BC59F9B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{AE0C55FA-7046-4F8C-9FC1-A1CCE387C8C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B3277B74-F9A5-4F72-A21E-83FBC624557C}" = dir=in | app=c:\users\manfred\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{CBBE68BD-44CD-4B89-A60D-0F4A2AD36D75}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avanquest_App'-Anwendungsleiste Toolbar" = Avanquest App'-Anwendungsleiste Toolbar
"avast" = avast! Free Antivirus
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Globe Broadband" = Globe Broadband
"GOM Player" = GOM Player
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.8.0
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Orbit_is1" = Orbit Downloader
"RealPlayer 15.0" = RealPlayer
"TeamViewer 7" = TeamViewer 7
"USB Disk Security_is1" = USB Disk Security
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.07.2012 01:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20
Description = 
 
Error - 15.07.2012 04:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20
Description = 
 
Error - 15.07.2012 22:07:13 | Computer Name = manfred-laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7600.16415,
 Zeitstempel: 0x4a98ae4b  Name des fehlerhaften Moduls: hxmedpltfm.dll, Version: 15.0.5.109,
 Zeitstempel: 0x4fe36f3b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001ca71  ID des fehlerhaften
 Prozesses: 0x178  Startzeit der fehlerhaften Anwendung: 0x01cd62f65b2b7b6c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmplayer.exe  Pfad 
des fehlerhaften Moduls: c:\program files\real\realplayer\common\hxmedpltfm.dll  Berichtskennung:
 f528b2f9-ceea-11e1-802b-c80aa9f28303
 
Error - 15.07.2012 22:22:15 | Computer Name = manfred-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 17.07.2012 01:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20
Description = 
 
Error - 17.07.2012 04:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20
Description = 
 
Error - 17.07.2012 07:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20
Description = 
 
Error - 18.07.2012 01:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20
Description = 
 
Error - 18.07.2012 04:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20
Description = 
 
Error - 20.07.2012 04:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1069
 
Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1069
 
Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1069
 
Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1069
 
Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1069
 
Error - 28.05.2012 13:07:48 | Computer Name = manfred-laptop | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.10.2012 17:44:09 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\manfred\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 63,40% Memory free
5,85 Gb Paging File | 4,52 Gb Available in Paging File | 77,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 221,36 Gb Free Space | 74,28% Space Free | Partition Type: NTFS
Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Globe Broadband\Globe Broadband.exe ()
PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()
MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()
MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Globe Broadband\Globe Broadband.exe ()
MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - C:\Programme\Yahoo!\Messenger\yui.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Globe Broadband\NDISAPI.dll ()
MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll ()
MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll ()
MOD - C:\Programme\Globe Broadband\atcomm.dll ()
MOD - C:\Programme\Globe Broadband\SMSPlugin.dll ()
MOD - C:\Programme\Globe Broadband\DetectDev.dll ()
MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll ()
MOD - C:\Programme\Globe Broadband\FileManager.dll ()
MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll ()
MOD - C:\Programme\Globe Broadband\CallPlugin.dll ()
MOD - C:\Programme\Globe Broadband\XCodec.dll ()
MOD - C:\Programme\Globe Broadband\DeviceOperate.dll ()
MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll ()
MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll ()
MOD - C:\Programme\Globe Broadband\isaputrace.dll ()
MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.9
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M]
 
[2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions
[2012.10.28 01:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions
[2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}
[2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi
[2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi
[2012.10.28 01:46:01 | 000,091,555 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi
[2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml
[2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml
[2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml
[2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml
[2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml
[2012.10.27 22:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.10.27 22:32:12 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
 
O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F0735F-35A1-4812-B527-E0E99412945B}: NameServer = 10.198.220.124 202.126.40.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ]
O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun
O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun
O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2012.10.27 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe
[2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.22 10:52:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner
[2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch
[2012.09.27 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.09.18 10:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.10 17:52:30 | 000,000,000 | ---D | C] -- C:\Global karten
[2012.09.06 21:32:07 | 000,000,000 | R--D | C] -- C:\Users\manfred\Desktop\Schulbücher
[2012.09.06 20:56:14 | 000,000,000 | ---D | C] -- C:\ebay 2 handys gekauft
[2012.09.06 20:51:34 | 000,000,000 | ---D | C] -- C:\Alu Koffer schloss
[2012.09.05 23:24:42 | 000,000,000 | ---D | C] -- C:\silke schicken
[2012.09.04 18:54:40 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\BDO
[2012.09.02 21:47:55 | 000,000,000 | ---D | C] -- C:\elter schicken
 
========== Files - Modified Within 60 Days ==========
 
[2012.10.28 17:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.28 17:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.28 17:26:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job
[2012.10.28 16:39:14 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job
[2012.10.28 11:47:06 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.28 11:47:06 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.28 11:40:44 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.28 11:40:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.28 11:40:17 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.27 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job
[2012.10.27 20:00:54 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.10.26 22:01:49 | 000,000,068 | ---- | M] () -- C:\Users\manfred\Desktop\001-Voyager - 725-26 - Endgame Part 1 - YouTube.URL
[2012.10.26 20:57:23 | 000,008,943 | ---- | M] () -- C:\Users\manfred\Desktop\11.PNG
[2012.10.26 19:27:37 | 000,405,354 | ---- | M] () -- C:\wvb,,mn (2).PNG
[2012.10.26 19:27:04 | 000,198,964 | ---- | M] () -- C:\wvb,,mn (1).PNG
[2012.10.26 14:55:53 | 000,000,150 | ---- | M] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL
[2012.10.26 00:59:31 | 000,097,410 | ---- | M] () -- C:\Users\manfred\Desktop\1...PNG
[2012.10.24 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job
[2012.10.24 10:06:25 | 000,000,075 | ---- | M] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL
[2012.10.24 00:47:14 | 000,198,915 | ---- | M] () -- C:\Users\manfred\Desktop\cf.PNG
[2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe
[2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG
[2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG
[2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\sdbgh.PNG
[2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG
[2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG
[2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG
[2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG
[2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL
[2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG
[2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL
[2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL
[2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL
[2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL
[2012.10.11 20:55:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.11 20:55:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk
[2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL
[2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL
[2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE
[2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG
[2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG
[2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL
[2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG
[2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG
[2012.09.24 23:16:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.09.24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.09.24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.09.22 16:17:21 | 000,869,154 | ---- | M] () -- C:\12.PNG
[2012.09.18 19:57:04 | 174,755,821 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.18 15:36:08 | 000,000,055 | ---- | M] () -- C:\Flüge Fluege Philippinen Thailand Asien Australien.URL
[2012.09.18 10:24:00 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.09.18 10:24:00 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.09.16 21:24:58 | 000,021,504 | ---- | M] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.16 12:28:09 | 000,000,084 | ---- | M] () -- C:\Terra X - Faszination Erde - Philippinen - Inseln zwischen den Weltenwww.youtube.comTerra X - Faszination Erde - Philippinen.URL
[2012.09.14 20:14:24 | 000,000,066 | ---- | M] () -- C:\Users\manfred\Desktop\FreeTranslation Translate English English to Spanish Translation.URL
[2012.09.13 23:10:16 | 000,000,059 | ---- | M] () -- C:\Users\manfred\Desktop\PROMT - ein kostenloser Text - und Webseiten - Übersetzer - Englisch, Deutsch, Französisch, Spanisch, Portugiesisch (Brasili.URL
[2012.09.05 22:35:18 | 000,000,050 | ---- | M] () -- C:\Users\manfred\Desktop\Stadt Heilbronn.URL
[2012.08.30 23:20:10 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.26 22:01:49 | 000,000,068 | ---- | C] () -- C:\Users\manfred\Desktop\001-Voyager - 725-26 - Endgame Part 1 - YouTube.URL
[2012.10.26 20:57:22 | 000,008,943 | ---- | C] () -- C:\Users\manfred\Desktop\11.PNG
[2012.10.26 19:27:37 | 000,405,354 | ---- | C] () -- C:\wvb,,mn (2).PNG
[2012.10.26 19:27:04 | 000,198,964 | ---- | C] () -- C:\wvb,,mn (1).PNG
[2012.10.26 14:55:53 | 000,000,150 | ---- | C] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL
[2012.10.26 00:59:31 | 000,097,410 | ---- | C] () -- C:\Users\manfred\Desktop\1...PNG
[2012.10.24 10:06:25 | 000,000,075 | ---- | C] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL
[2012.10.24 00:47:14 | 000,198,915 | ---- | C] () -- C:\Users\manfred\Desktop\cf.PNG
[2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG
[2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG
[2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\sdbgh.PNG
[2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG
[2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG
[2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG
[2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG
[2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL
[2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG
[2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL
[2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL
[2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL
[2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL
[2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL
[2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL
[2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG
[2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG
[2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL
[2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG
[2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG
[2012.09.22 16:17:21 | 000,869,154 | ---- | C] () -- C:\12.PNG
[2012.09.18 15:36:08 | 000,000,055 | ---- | C] () -- C:\Flüge Fluege Philippinen Thailand Asien Australien.URL
[2012.09.16 12:28:09 | 000,000,084 | ---- | C] () -- C:\Terra X - Faszination Erde - Philippinen - Inseln zwischen den Weltenwww.youtube.comTerra X - Faszination Erde - Philippinen.URL
[2012.09.14 20:14:24 | 000,000,066 | ---- | C] () -- C:\Users\manfred\Desktop\FreeTranslation Translate English English to Spanish Translation.URL
[2012.09.13 23:10:16 | 000,000,059 | ---- | C] () -- C:\Users\manfred\Desktop\PROMT - ein kostenloser Text - und Webseiten - Übersetzer - Englisch, Deutsch, Französisch, Spanisch, Portugiesisch (Brasili.URL
[2012.09.05 22:35:18 | 000,000,050 | ---- | C] () -- C:\Users\manfred\Desktop\Stadt Heilbronn.URL
[2012.09.01 18:28:56 | 000,017,862 | ---- | C] () -- C:\Unbe-adpost.PNG
[2012.09.01 18:28:56 | 000,007,443 | ---- | C] () -- C:\Unbenannt olx.PNG
[2012.09.01 18:28:27 | 000,083,971 | ---- | C] () -- C:\lichtspiel.jpg
[2012.09.01 18:28:13 | 000,026,685 | ---- | C] () -- C:\email = mt.phil62@yahoo.com.PNG
[2012.09.01 18:28:07 | 000,069,263 | ---- | C] () -- C:\ddddddddddddddddddd.PNG
[2012.09.01 18:28:07 | 000,031,374 | ---- | C] () -- C:\email = gerber_ulrich@yahoo.com.PNG
[2012.09.01 18:28:07 | 000,023,064 | ---- | C] () -- C:\ebay dat.PNG
[2012.09.01 18:28:07 | 000,021,980 | ---- | C] () -- C:\email=pauloate@yahoo.com.PNG
[2012.08.30 23:20:10 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL
[2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL
[2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL
[2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL

< End of report >
         
--- --- ---


habe nun nochmal gescant .

ist das nun richtig ???

Alt 29.10.2012, 20:04   #8
markusg
/// Malware-holic
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



du sollst im otl programm in das eingabefeld den text aus der codebox reinkopieren und dann auf quick scan klicken
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.10.2012, 22:20   #9
mt62
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



OTL Logfile:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.10.2012 05:02:47 - Run 10
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\manfred\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,22% Memory free
5,85 Gb Paging File | 4,35 Gb Available in Paging File | 74,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 221,27 Gb Free Space | 74,25% Space Free | Partition Type: NTFS
Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Globe Broadband\Globe Broadband.exe ()
PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()
MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()
MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Globe Broadband\Globe Broadband.exe ()
MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - C:\Programme\Yahoo!\Messenger\yui.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Globe Broadband\NDISAPI.dll ()
MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll ()
MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll ()
MOD - C:\Programme\Globe Broadband\atcomm.dll ()
MOD - C:\Programme\Globe Broadband\SMSPlugin.dll ()
MOD - C:\Programme\Globe Broadband\DetectDev.dll ()
MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll ()
MOD - C:\Programme\Globe Broadband\FileManager.dll ()
MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll ()
MOD - C:\Programme\Globe Broadband\CallPlugin.dll ()
MOD - C:\Programme\Globe Broadband\XCodec.dll ()
MOD - C:\Programme\Globe Broadband\DeviceOperate.dll ()
MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll ()
MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll ()
MOD - C:\Programme\Globe Broadband\isaputrace.dll ()
MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01  [binary data]
IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.9
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M]
 
[2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions
[2012.10.28 01:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions
[2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}
[2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi
[2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi
[2012.10.28 01:46:01 | 000,091,555 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi
[2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml
[2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml
[2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml
[2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml
[2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml
[2012.10.27 22:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.10.27 22:32:12 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
 
O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ]
O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun
O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun
O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.27 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe
[2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner
[2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.30 04:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.30 04:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.30 04:39:05 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job
[2012.10.30 04:26:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job
[2012.10.29 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job
[2012.10.29 19:39:16 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.10.29 14:44:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 14:44:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 14:39:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.29 14:38:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.29 14:38:52 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.26 20:57:23 | 000,008,943 | ---- | M] () -- C:\Users\manfred\Desktop\11.PNG
[2012.10.26 19:27:37 | 000,405,354 | ---- | M] () -- C:\wvb,,mn (2).PNG
[2012.10.26 19:27:04 | 000,198,964 | ---- | M] () -- C:\wvb,,mn (1).PNG
[2012.10.26 14:55:53 | 000,000,150 | ---- | M] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL
[2012.10.26 00:59:31 | 000,097,410 | ---- | M] () -- C:\Users\manfred\Desktop\1...PNG
[2012.10.24 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job
[2012.10.24 10:06:25 | 000,000,075 | ---- | M] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL
[2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe
[2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG
[2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG
[2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\sdbgh.PNG
[2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG
[2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG
[2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG
[2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG
[2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL
[2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG
[2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL
[2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL
[2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL
[2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL
[2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk
[2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL
[2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL
[2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE
[2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG
[2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG
[2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL
[2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG
[2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG
 
========== Files Created - No Company Name ==========
 
[2012.10.26 20:57:22 | 000,008,943 | ---- | C] () -- C:\Users\manfred\Desktop\11.PNG
[2012.10.26 19:27:37 | 000,405,354 | ---- | C] () -- C:\wvb,,mn (2).PNG
[2012.10.26 19:27:04 | 000,198,964 | ---- | C] () -- C:\wvb,,mn (1).PNG
[2012.10.26 14:55:53 | 000,000,150 | ---- | C] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL
[2012.10.26 00:59:31 | 000,097,410 | ---- | C] () -- C:\Users\manfred\Desktop\1...PNG
[2012.10.24 10:06:25 | 000,000,075 | ---- | C] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL
[2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG
[2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG
[2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\sdbgh.PNG
[2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG
[2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG
[2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG
[2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG
[2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL
[2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG
[2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL
[2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL
[2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL
[2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL
[2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL
[2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL
[2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG
[2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG
[2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL
[2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG
[2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG
[2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.02.21 01:07:20 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Farm Mania
[2012.02.15 18:51:53 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\GrabPro
[2012.03.14 00:22:22 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\IrfanView
[2012.05.11 11:11:08 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Lingo4u
[2012.03.14 22:31:14 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Nokia
[2012.04.20 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\OpenOffice.org
[2012.06.19 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Orbit
[2012.03.30 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\PC Suite
[2012.02.15 18:52:00 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\ProgSense
[2012.07.29 00:11:35 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Toshiba
[2012.03.21 23:37:37 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\uTorrent
[2012.09.13 18:27:08 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Wildfire
[2012.03.16 15:41:59 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\WinBatch
[2012.02.22 08:52:59 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Windows SideBar
[2012.02.15 16:53:29 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Zbshareware Lab
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< OTL logfile created on: 30.10.2012 04:37:55 - Run 9 >
[2009.07.14 12:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 12:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.02.19 11:33:05 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.02.19 11:33:06 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.02.29 01:03:23 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job
[2012.02.29 01:03:24 | 000,001,146 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job
[2012.04.13 10:50:10 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.05.17 21:09:41 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job
[2012.05.17 21:09:42 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job
 
< OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\manfred\Desktop >
 
<  Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation >
 
< Internet Explorer (Version = 8.0.7600.16385) >
 
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
 
<   >
 
< 2,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,25% Memory free >
 
< 5,85 Gb Paging File | 4,36 Gb Available in Paging File | 74,46% Paging File free >
 
< Paging file location(s): ?:\pagefile.sys [binary data] >
 
<   >
 
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
 
< Drive C: | 297,99 Gb Total Space | 221,29 Gb Free Space | 74,26% Space Free | Partition Type: NTFS >
 
< Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS >
 
<   >
 
< Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator. >
 
< Boot Mode: Normal | Scan Mode: All users >
 
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
 
<   >
 
< ========== Processes (SafeList) ========== >
Invalid Switch: color]
 
<   >
 
< PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools) >
 
< PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) >
 
< PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) >
 
< PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) >
 
< PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) >
 
< PRC - C:\Programme\Globe Broadband\Globe Broadband.exe () >
 
< PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) >
 
< PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) >
 
< PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) >
 
< PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia) >
 
< PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) >
 
< PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) >
 
< PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) >
 
< PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) >
 
< PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) >
 
< PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) >
 
< PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) >
 
< PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) >
 
< PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) >
 
< PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) >
 
< PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) >
 
< PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) >
 
< PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) >
 
< PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) >
 
< PRC - C:\Windows\explorer.exe (Microsoft Corporation) >
 
< PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) >
 
< PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) >
 
< PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) >
 
< PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) >
 
<   >
 
<   >
 
< ========== Modules (No Company Name) ========== >
Invalid Switch: color]
 
<   >
 
< MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll () >
 
< MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll () >
 
< MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll () >
 
< MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () >
 
< MOD - C:\Programme\Globe Broadband\Globe Broadband.exe () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\NService.dll () >
 
< MOD - C:\Windows\System32\IccLibDll.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll () >
 
< MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll () >
 
< MOD - C:\Programme\Yahoo!\Messenger\yui.dll () >
 
< MOD - C:\Programme\WinRAR\RarExt.dll () >
 
< MOD - C:\Programme\Globe Broadband\NDISAPI.dll () >
 
< MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll () >
 
< MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll () >
 
< MOD - C:\Programme\Globe Broadband\atcomm.dll () >
 
< MOD - C:\Programme\Globe Broadband\SMSPlugin.dll () >
 
< MOD - C:\Programme\Globe Broadband\DetectDev.dll () >
 
< MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll () >
 
< MOD - C:\Programme\Globe Broadband\FileManager.dll () >
 
< MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll () >
 
< MOD - C:\Programme\Globe Broadband\CallPlugin.dll () >
 
< MOD - C:\Programme\Globe Broadband\XCodec.dll () >
 
< MOD - C:\Programme\Globe Broadband\DeviceOperate.dll () >
 
< MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll () >
 
< MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll () >
 
< MOD - C:\Programme\Globe Broadband\isaputrace.dll () >
 
< MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll () >
 
< MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () >
 
< MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () >
 
< MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll () >
 
< MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll () >
 
< MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll () >
 
< MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll () >
 
< MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll () >
 
< MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll () >
 
< MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll () >
 
< MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll () >
 
< MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () >
 
<   >
 
<   >
 
< ========== Services (SafeList) ========== >
Invalid Switch: color]
 
<   >
 
< SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) >
 
< SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) >
 
< SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) >
 
< SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) >
 
< SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) >
 
< SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) >
 
< SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) >
 
< SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) >
 
< SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) >
 
< SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) >
 
< SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) >
 
< SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) >
 
< SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) >
 
<   >
 
<   >
 
< ========== Driver Services (SafeList) ========== >
Invalid Switch: color]
 
<   >
 
< DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) >
 
< DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) >
 
< DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) >
 
< DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) >
 
< DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) >
 
< DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) >
 
< DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) >
 
< DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) >
 
< DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) >
 
< DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) >
 
< DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) >
 
< DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) >
 
< DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) >
 
< DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) >
 
< DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) >
 
< DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) >
 
< DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) >
 
< DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) >
 
< DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) >
 
< DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) >
 
< DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) >
 
< DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) >
 
< DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) >
 
< DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) >
 
< DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) >
 
< DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) >
 
< DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) >
 
< DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) >
 
< DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) >
 
< DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) >
 
< DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) >
 
< DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) >
 
< DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) >
 
< DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation) >
 
< DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) >
 
< DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) >
 
< DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) >
 
<   >
 
<   >
 
< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]
 
<   >
 
<   >
 
< ========== Internet Explorer ========== >
Invalid Switch: color]
 
<   >
 
< IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) >
 
< IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} >
 
< IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC >
 
<   >
 
<   >
 
< IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
<   >
 
< IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
<   >
 
<   >
 
<   >
 
< IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ >
Invalid Switch: 
 
< IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp >
Invalid Switch: ?ocid=iehp
 
< IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de >
 
< IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01  [binary data] >
 
< IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) >
 
< IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} >
 
< IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC >
 
< IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
<   >
 
< ========== FireFox ========== >
Invalid Switch: color]
 
<   >
 
< FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5 >
 
< FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2 >
 
< FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120 >
 
< FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.9 >
 
<   >
 
<   >
 
< FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () >
Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
 
< FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) >
Invalid Switch: ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) >
Invalid Switch: GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
 
< FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) >
Invalid Switch: DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
 
< FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) >
Invalid Switch: JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
 
< FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) >
Invalid Switch: YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) >
Invalid Switch: NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
 
< FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) >
Invalid Switch: nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) >
Invalid Switch: nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) >
Invalid Switch: nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) >
Invalid Switch: nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) >
Invalid Switch: nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
 
< FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
< FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) >
 
< FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) >
Invalid Switch: Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
< FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) >
Invalid Switch: GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
 
< FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () >
Invalid Switch: O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
 
< FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
< FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
< FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) >
Invalid Switch: fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
<   >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M] >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M] >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M] >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M] >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M] >
 
< FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M] >
 
< FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M] >
 
<   >
 
< [2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions >
 
< [2012.10.28 01:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions >
 
< [2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} >
 
< [2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} >
 
< [2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} >
 
< [2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi >
 
< [2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi >
 
< [2012.10.28 01:46:01 | 000,091,555 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi >
 
< [2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi >
 
< [2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml >
 
< [2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml >
 
< [2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml >
 
< [2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml >
 
< [2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml >
 
< [2012.10.27 22:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions >
 
< [2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT >
 
< [2012.10.27 22:32:12 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll >
 
< [2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll >
 
< [2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll >
 
< [2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml >
 
< [2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml >
 
< [2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml >
 
< [2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml >
 
< [2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml >
 
< [2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml >
 
<   >
 
< ========== Chrome  ========== >
Invalid Switch: color]
 
<   >
 
< CHR - homepage: hxxp://www.google.com/ >
Invalid Switch: 
 
< CHR - default_search_provider: Google (Enabled) >
 
< CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} >
 
< CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, >
 
< CHR - homepage: hxxp://www.google.com/ >
Invalid Switch: 
 
< CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer >
 
< CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll >
 
< CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll >
 
< CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll >
 
< CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll >
 
< CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll >
 
< CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll >
 
< CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll >
 
< CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll >
 
< CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll >
 
< CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll >
 
< CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll >
 
< CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll >
 
< CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll >
 
< CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll >
 
< CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll >
 
< CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll >
 
< CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll >
 
< CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll >
 
< CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll >
 
< CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll >
 
< CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll >
 
< CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll >
 
< CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\ >
 
< CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\ >
 
< CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ >
 
< CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ >
 
<   >
 
< O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts >
 
< O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) >
 
< O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) >
 
< O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) >
 
< O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) >
 
< O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) >
 
< O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) >
 
< O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) >
 
< O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) >
 
< O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) >
 
< O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () >
 
< O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) >
 
< O3 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) >
 
< O3 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () >
 
< O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) >
 
< O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) >
 
< O4 - HKLM..\Run: [TaskTray]  File not found >
 
< O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) >
 
< O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) >
 
< O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) >
 
< O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: []  File not found >
 
< O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) >
 
< O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) >
 
< O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) >
 
< O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) >
 
< O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) >
 
< O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) >
 
< O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () >
 
< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 >
 
< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 >
 
< O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) >
 
< O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) >
 
< O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) >
 
< O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) >
 
< O13 - gopher Prefix: missing >
 
< O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) >
Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
 
< O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) >
Invalid Switch: jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
 
< O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) >
Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
 
< O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) >
Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1 >
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2 >
 
< O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) >
 
< O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) >
 
< O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. >
 
< O32 - HKLM CDRom: AutoRun - 1 >
 
< O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ] >
 
< O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] >
 
< O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] >
 
< O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] >
 
< O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun >
 
< O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe >
 
< O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun >
 
< O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe >
 
< O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun >
 
< O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) >
 
< O33 - MountPoints2\E\Shell - "" = AutoRun >
 
< O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe >
 
< O33 - MountPoints2\F\Shell - "" = AutoRun >
 
< O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) >
 
< O34 - HKLM BootExecute: (autocheck autochk *) >
 
< O35 - HKLM\..comfile [open] -- "%1" %* >
 
< O35 - HKLM\..exefile [open] -- "%1" %* >
 
< O37 - HKLM\...com [@ = comfile] -- "%1" %* >
 
< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >
 
< O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) >
 
< O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) >
 
< O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) >
 
<   >
 
< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]
 
<   >
 
< [2012.10.27 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox >
 
< [2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe >
 
< [2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe >
 
< [2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe >
 
< [2012.10.22 10:52:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll >
 
< [2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner >
 
< [2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch >
 
<   >
 
< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]
 
<   >
 
< [2012.10.30 04:39:05 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job >
 
< [2012.10.30 04:26:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job >
 
< [2012.10.30 03:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job >
 
< [2012.10.30 03:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job >
 
< [2012.10.29 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job >
 
< [2012.10.29 19:39:16 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk >
 
< [2012.10.29 14:44:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 >
 
< [2012.10.29 14:44:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 >
 
< [2012.10.29 14:39:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job >
 
< [2012.10.29 14:38:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat >
 
< [2012.10.29 14:38:52 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys >
 
< [2012.10.26 20:57:23 | 000,008,943 | ---- | M] () -- C:\Users\manfred\Desktop\11.PNG >
 
< [2012.10.26 19:27:37 | 000,405,354 | ---- | M] () -- C:\wvb,,mn (2).PNG >
 
< [2012.10.26 19:27:04 | 000,198,964 | ---- | M] () -- C:\wvb,,mn (1).PNG >
 
< [2012.10.26 14:55:53 | 000,000,150 | ---- | M] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL >
 
< [2012.10.26 00:59:31 | 000,097,410 | ---- | M] () -- C:\Users\manfred\Desktop\1...PNG >
 
< [2012.10.24 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job >
 
< [2012.10.24 10:06:25 | 000,000,075 | ---- | M] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL >
 
< [2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe >
 
< [2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG >
 
< [2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG >
 
< [2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\sdbgh.PNG >
 
< [2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG >
 
< [2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG >
 
< [2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG >
 
< [2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG >
 
< [2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL >
 
< [2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat >
 
< [2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat >
 
< [2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat >
 
< [2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat >
 
< [2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG >
 
< [2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL >
 
< [2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL >
 
< [2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL >
 
< [2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL >
 
< [2012.10.11 20:55:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe >
 
< [2012.10.11 20:55:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl >
 
< [2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk >
 
< [2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL >
 
< [2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL >
 
< [2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE >
 
< [2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG >
 
< [2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG >
 
< [2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL >
 
< [2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG >
 
< [2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG >
 
<   >
 
< ========== Files Created - No Company Name ========== >
Invalid Switch: color]
 
<   >
 
< [2012.10.26 20:57:22 | 000,008,943 | ---- | C] () -- C:\Users\manfred\Desktop\11.PNG >
 
< [2012.10.26 19:27:37 | 000,405,354 | ---- | C] () -- C:\wvb,,mn (2).PNG >
 
< [2012.10.26 19:27:04 | 000,198,964 | ---- | C] () -- C:\wvb,,mn (1).PNG >
 
< [2012.10.26 14:55:53 | 000,000,150 | ---- | C] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL >
 
< [2012.10.26 00:59:31 | 000,097,410 | ---- | C] () -- C:\Users\manfred\Desktop\1...PNG >
 
< [2012.10.24 10:06:25 | 000,000,075 | ---- | C] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL >
 
< [2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG >
 
< [2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG >
 
< [2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\sdbgh.PNG >
 
< [2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG >
 
< [2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG >
 
< [2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG >
 
< [2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG >
 
< [2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL >
 
< [2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG >
 
< [2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL >
 
< [2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL >
 
< [2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL >
 
< [2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL >
 
< [2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL >
 
< [2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL >
 
< [2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG >
 
< [2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG >
 
< [2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL >
 
< [2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG >
 
< [2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG >
 
< [2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
 
< [2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll >
 
< [2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini >
 
< [2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll >
 
< [2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll >
 
< [2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll >
 
< [2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config >
 
< [2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin >
 
< [2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin >
 
< [2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin >
 
< [2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll >
 
< [2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll >
 
< [2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll >
 
<   >
 
< ========== ZeroAccess Check ========== >
Invalid Switch: color]
 
<   >
 
< [2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini >
 
<   >
 
< [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] >
 
<   >
 
< [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] >
 
<   >
 
< [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] >
 
< "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) >
 
< "ThreadingModel" = Apartment >
 
<   >
 
< [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] >
 
< "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) >
 
< "ThreadingModel" = Free >
 
<   >
 
< [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] >
 
< "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) >
 
< "ThreadingModel" = Both >
 
<   >
 
< ========== LOP Check ========== >
Invalid Switch: color]
 
<   >
 
< [2012.02.21 01:07:20 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Farm Mania >
 
< [2012.02.15 18:51:53 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\GrabPro >
 
< [2012.03.14 00:22:22 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\IrfanView >
 
< [2012.05.11 11:11:08 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Lingo4u >
 
< [2012.03.14 22:31:14 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Nokia >
 
< [2012.04.20 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\OpenOffice.org >
 
< [2012.06.19 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Orbit >
 
< [2012.03.30 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\PC Suite >
 
< [2012.02.15 18:52:00 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\ProgSense >
 
< [2012.07.29 00:11:35 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Toshiba >
 
< [2012.03.21 23:37:37 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\uTorrent >
 
< [2012.09.13 18:27:08 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Wildfire >
 
< [2012.03.16 15:41:59 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\WinBatch >
 
< [2012.02.22 08:52:59 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Windows SideBar >
 
< [2012.02.15 16:53:29 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Zbshareware Lab >
 
<   >
 
< ========== Purity Check ========== >
Invalid Switch: color]
 
<   >
 
<   >
 
<   >
 
< ========== Files - Unicode (All) ========== >
Invalid Switch: color]
 
< [2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL >
Invalid Switch: ???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL
 
< [2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL >
Invalid Switch: ???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL
 
< [2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL >
 
< [2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL >
 
<  >
 
< < End of report >
         

--- --- ---

--- --- ---
>


========== Files - Unicode (All) ==========
[2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL
[2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL
[2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL
[2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL

< End of report >

ich hoffe das es nun richtig ist ,

habe gescant und dann kopiert und den text im eingabefeld bei OTL eingefügt ,dann auf --Quick Scan gedrückt - nun scant er nochmal . dann ging wieder eine seite auf . diesen text habe ich nun hier eingefügt .

mfg manfred

Alt 31.10.2012, 14:04   #10
mt62
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



habe ich wieder was falsch gemacht ??

Alt 31.10.2012, 19:04   #11
markusg
/// Malware-holic
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



nein nein, alles io
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.11.2012, 04:24   #12
mt62
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



danke für die antwort

aber nun das problem : ich habe avast free

ich war nun auf der seite von avast und sehe da nichts zum ausschalten des programms .
wie geht das ??

mfg manfred

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-31.03 - manfred 01.11.2012  13:08:45.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2998.1800 [GMT 8:00]
ausgeführt von:: c:\users\manfred\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\manfred\AppData\Roaming\Microsoft\Windows\Recent\Baby i miss you - Chris Norman - with lyricswww.youtube.comno copyright intended.URL
c:\users\manfred\AppData\Roaming\Microsoft\Windows\Recent\God Will Make a Waywww.youtube.comDon Moen's popular song God Will Make a Way with lyrics.URL
c:\windows\system32\DEBUG.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-01 bis 2012-11-01  ))))))))))))))))))))))))))))))
.
.
2012-11-01 05:14 . 2012-11-01 05:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-01 03:55 . 2012-11-01 03:55	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E467866C-414B-428B-BE74-4B64C718CC08}\offreg.dll
2012-10-22 02:52 . 2012-09-24 15:16	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 12:55 . 2012-04-13 02:50	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-11 12:55 . 2012-02-15 10:56	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 07:56 . 2012-02-22 11:02	45056	----a-w-	c:\windows\NCUNINST.EXE
2012-09-18 02:24 . 2012-05-20 02:48	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-18 02:24 . 2012-02-15 10:57	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-10-27 14:32 . 2012-10-27 14:32	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d8566bd-f06f-4029-a3be-ba80af5a09f3}"= "c:\program files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d8566bd-f06f-4029-a3be-ba80af5a09f3}"= "c:\program files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1D8566BD-F06F-4029-A3BE-BA80AF5A09F3}"= "c:\program files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 12:43	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-03 6497592]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Facebook Update"="c:\users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-13 138096]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-02-01 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-11-09 824224]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-07-03 296096]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-12-14 2749856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:55]
.
2012-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job
- c:\users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-28 14:34]
.
2012-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job
- c:\users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-28 14:34]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-19 03:32]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-19 03:32]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job
- c:\users\manfred\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 08:40]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job
- c:\users\manfred\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 08:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
TCP: Interfaces\{21F0735F-35A1-4812-B527-E0E99412945B}: NameServer = 10.198.220.124 202.126.40.5
TCP: Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1
FF - ProfilePath - c:\users\manfred\AppData\Roaming\Mozilla\Firefox\Profiles\3til95lj.default\
FF - ExtSQL: 2012-09-27 20:04; {1018e4d6-728f-4b20-ad56-37578a4de76b}; c:\users\manfred\AppData\Roaming\Mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=66756
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar_i.id - d8f1fe63000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - d8f1fe63000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.176:11
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-TaskTray - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-01  13:16:13
ComboFix-quarantined-files.txt  2012-11-01 05:16
.
Vor Suchlauf: 26 Verzeichnis(se), 239.976.271.872 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 240.920.682.496 Bytes frei
.
- - End Of File - - F0D04BAF03088B1875E6A2F52495E161
         
--- --- ---

ein neustart wurde nicht gemacht

Alt 02.11.2012, 18:11   #13
markusg
/// Malware-holic
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.11.2012, 20:33   #14
mt62
 
Trojaner oder ............???? - Standard

Trojaner oder ............????



Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.02.09

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
manfred :: MANFRED-LAPTOP [Administrator]

Schutz: Aktiviert

03.11.2012 01:52:04
mbam-log-2012-11-03 (01-52-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 347742
Laufzeit: 1 Stunde(n), 37 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Antwort

Themen zu Trojaner oder ............????
ahnung, blödes, brauche, computer, daten, fotos, gestern, grau, helft, java, neu, nichts, problem, probleme, rechts, redet, seite, seiten, sprache, totaler, troja, trojaner, update, verzweifeln, zeichen




Ähnliche Themen: Trojaner oder ............????


  1. viren befall ?? oder malware oder unerwuenschte software ?? oder ....
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (6)
  2. Unsicher ob GVU-Trojaner (oder ähnliches) noch auf dem Rechner ist oder ob dieser entfernt wurde.
    Mülltonne - 29.01.2015 (0)
  3. Avira Scan, Trojaner TR/Crypt.ZPACK.50636 gefunden, Fehlalarm oder echter Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (17)
  4. Spam-Trojaner oder Mailkontenmissbrauch oder keins von beiden?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (18)
  5. BSI Mitteilung über Sperrung der Daten! (bekannter Trojaner) Alles läuft weiterhin problemlos. Trojaner ja oder nein?
    Log-Analyse und Auswertung - 27.10.2013 (5)
  6. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  7. BKA oder GVU Trojaner
    Log-Analyse und Auswertung - 24.02.2013 (3)
  8. Trojaner oder Virus oder sonst was schädliches ?
    Log-Analyse und Auswertung - 09.12.2012 (28)
  9. Malware oder Viren oder Trojaner Schutz..Begriffverwirrung
    Antiviren-, Firewall- und andere Schutzprogramme - 12.07.2012 (1)
  10. EXP\JAVA.NIABIL.GEN Exploit oder Trojaner oder beides - Lösung ?
    Log-Analyse und Auswertung - 29.02.2012 (1)
  11. Hab einen Trojaner oder wurm oder nen virus weis aber nicht was für einen
    Log-Analyse und Auswertung - 30.11.2011 (2)
  12. Virus oder Trojaner? Browser reagieren nicht oder verzögert.
    Log-Analyse und Auswertung - 20.10.2010 (26)
  13. Trojaner oder was ?
    Plagegeister aller Art und deren Bekämpfung - 04.04.2009 (3)
  14. ist es Stalking oder ein Trojaner oder was
    Plagegeister aller Art und deren Bekämpfung - 26.08.2008 (5)
  15. Ich hab folgende trojaner oder adware oder was auch immer gefunden!
    Log-Analyse und Auswertung - 23.07.2006 (15)
  16. Trojaner oder was??!!!
    Log-Analyse und Auswertung - 27.12.2004 (1)
  17. spyware oder trojaner)(oder beides???) :-O
    Log-Analyse und Auswertung - 23.10.2004 (9)

Zum Thema Trojaner oder ............???? - hallo mitteinander bin nun ganz neu bei euch und habe gleich ein problem . da ich ein totaler laie bin redet bitte verständlich , habe keine ahnung von computer sprache - Trojaner oder ............????...
Archiv
Du betrachtest: Trojaner oder ............???? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.