Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Startseite " http://www.searchnu.com/406 " bei CHROME

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.10.2012, 20:20   #1
andi2107
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



Hallo,

ich habe seit einiger Zeit die oben angegebene Startseite bei Öffnen von Chrome. Wie mir bekannte mitteilten, handelt es sich hierbei um einen Virus. Könnt ihr mir bitte weiterhelfen?

Den Debugger und OTL hab ich bereits durchgeführt. Hier das Ergebnis von OTL

OTL logfile created on: 10/24/2012 8:58:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andi\unwichtigeOrdner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.75 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 60.98% Memory free
7.49 Gb Paging File | 5.54 Gb Available in Paging File | 73.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 131.75 Gb Total Space | 69.20 Gb Free Space | 52.52% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32

Computer Name: ANDI-HP | User Name: andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\andi\unwichtigeOrdner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe (Uniblue Systems Ltd)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c6f50454841e46989bfbf8b70d598db0\CustomMarshalers.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{507E76F3-1DE3-4614-887F-0B1011E4770C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=0b7e6a38-ec1d-44f3-929a-679e7da1f489&apn_sauid=559B7EB5-CEE7-4A65-A62D-613146B2001B
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.1
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.479
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=0b7e6a38-ec1d-44f3-929a-679e7da1f489&apn_ptnrs=%5EABT&apn_sauid=559B7EB5-CEE7-4A65-A62D-613146B2001B&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\andi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\andi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\andi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\andi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2012/09/03 10:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/09 13:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/09 14:55:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/09 13:05:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/09 14:55:50 | 000,000,000 | ---D | M]

[2011/02/21 20:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Extensions
[2012/10/24 20:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\1c3dr9as.default\extensions
[2012/08/16 22:54:02 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\1c3dr9as.default\extensions\toolbar@ask.com
[2012/10/23 19:03:17 | 000,558,413 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\1c3dr9as.default\extensions\toolbar@web.de.xpi
[2012/08/16 22:54:02 | 000,002,344 | ---- | M] () -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\1c3dr9as.default\searchplugins\askcom.xml
[2012/05/13 14:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/09 13:05:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/14 22:37:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Users\andi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2012/06/21 21:41:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E00C872-5886-46BE-81DB-FEDECAADDD36}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B20EDAB1-112B-43CE-81C0-CEC8C015A170}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/24 20:56:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\andi\unwichtigeOrdner\Desktop\OTL.exe
[2012/10/23 15:21:53 | 000,000,000 | ---D | C] -- C:\Temp
[2012/10/23 15:15:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012/10/23 12:06:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/23 11:53:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012/10/23 11:53:06 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Local\Samsung
[2012/10/23 11:52:48 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\Samsung
[2012/10/23 11:52:41 | 000,000,000 | ---D | C] -- C:\Users\andi\unwichtigeOrdner\Documents\samsung
[2012/10/23 11:51:47 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WdfCoInstaller01007.dll
[2012/10/23 11:51:47 | 000,708,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinUSBCoInstaller.dll
[2012/10/23 11:51:47 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudmdm.sys
[2012/10/23 11:51:46 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudbus.sys
[2012/10/23 11:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/10/23 11:50:32 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\windows\SysWow64\Redemption.dll
[2012/10/23 11:50:15 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\windows\SysWow64\dgderapi.dll
[2012/10/23 11:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/10/23 11:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/10/23 11:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/10/23 11:47:15 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Local\Downloaded Installations
[2012/10/23 11:39:38 | 081,131,360 | ---- | C] (Samsung Electronics Co., Ltd. ) -- C:\Users\andi\unwichtigeOrdner\Desktop\Kies_2.5.0.12094_27_11.exe
[2012/10/10 12:37:00 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/10/10 12:36:59 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/10/10 12:36:59 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/10/10 12:36:46 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/10/10 12:36:46 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/10/10 12:36:45 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/10/10 12:36:45 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/10/10 12:36:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/10/10 12:36:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/10/10 12:36:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/10/10 12:36:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/10/10 12:36:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/10/10 12:36:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/10/10 12:36:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/10/10 12:36:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/10/10 12:36:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 12:36:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 12:36:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 12:36:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 12:36:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 12:36:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 12:36:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 12:36:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 12:36:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 12:36:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 12:36:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 12:36:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 12:36:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 12:36:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 12:36:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 12:36:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 12:36:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 12:36:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 12:36:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 12:36:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 12:36:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 12:36:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 12:36:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 12:36:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/10/10 12:36:33 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/10/10 12:36:12 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/10/10 12:36:11 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/10/06 13:52:12 | 000,000,000 | ---D | C] -- C:\opt
[2012/10/05 21:32:43 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2012/10/05 21:32:37 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Local\Android
[2012/10/05 21:14:16 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012/10/05 21:13:59 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012/10/05 21:13:59 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012/10/05 21:13:59 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012/09/26 20:57:16 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\windows\MASetupCaller.dll
[2012/09/26 20:57:16 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\windows\MAMCityDownload.ocx
[2012/09/26 20:57:14 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\windows\SysWow64\muzdecode.ax
[2012/09/26 20:57:14 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzapp.dll
[2012/09/26 20:57:14 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\windows\SysWow64\MSLUR71.dll
[2012/09/26 20:57:14 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\windows\SysWow64\muzoggsp.ax
[2012/09/26 20:57:14 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\windows\SysWow64\MSCLib.dll
[2012/09/26 20:57:14 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\windows\SysWow64\muzwmts.dll
[2012/09/26 20:57:14 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzapp.exe
[2012/09/26 20:57:14 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\windows\SysWow64\MSFLib.dll
[2012/09/26 20:57:14 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzaf1.dll
[2012/09/26 20:57:14 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\windows\SysWow64\muzmpgsp.ax
[2012/09/26 20:57:14 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\windows\SysWow64\muzeffect.ax
[2012/09/26 20:57:14 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\windows\SysWow64\MaDRM.dll
[2012/09/26 20:57:14 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\windows\SysWow64\muzmp4sp.ax
[2012/09/26 20:57:14 | 000,057,344 | ---- | C] (Marktek) -- C:\windows\SysWow64\MK_Lyric.dll
[2012/09/26 20:57:14 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\windows\SysWow64\MTXSYNCICON.dll
[2012/09/26 20:57:14 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\windows\SysWow64\MaJGUILib.dll
[2012/09/26 20:57:14 | 000,045,320 | ---- | C] (MARKANY) -- C:\windows\SysWow64\MAMACExtract.dll
[2012/09/26 20:57:14 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\windows\SysWow64\MaXMLProto.dll
[2012/09/26 20:57:14 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\windows\SysWow64\MACXMLProto.dll
[2012/09/26 20:57:14 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\windows\SysWow64\MTTELECHIP.dll
[2012/09/26 20:57:14 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\windows\SysWow64\MASetupCleaner.exe
[2012/09/26 08:39:02 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe
[2011/11/14 21:37:25 | 006,638,560 | ---- | C] (Microsoft Corporation) -- C:\Users\andi\MsJav86i.exe
[1 C:\Users\andi\*.tmp files -> C:\Users\andi\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/24 20:56:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andi\unwichtigeOrdner\Desktop\OTL.exe
[2012/10/24 20:49:50 | 000,050,477 | ---- | M] () -- C:\Users\andi\unwichtigeOrdner\Desktop\Defogger.exe
[2012/10/24 20:46:01 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/24 20:33:17 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 20:33:17 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 20:30:02 | 001,513,970 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/10/24 20:30:02 | 000,659,690 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/10/24 20:30:02 | 000,620,836 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/24 20:30:02 | 000,132,970 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/10/24 20:30:02 | 000,108,760 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/10/24 20:29:01 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3509303512-1638139293-2482028298-1001UA.job
[2012/10/24 20:25:26 | 000,000,334 | ---- | M] () -- C:\windows\tasks\SpeedUpMyPC.job
[2012/10/24 20:25:25 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/24 20:24:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/24 20:24:51 | 4022,927,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/23 19:10:11 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/23 15:14:43 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/10/23 14:54:26 | 000,162,694 | ---- | M] () -- C:\Users\andi\unwichtigeOrdner\Desktop\Stöhlker.pdf
[2012/10/23 11:52:34 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/10/23 11:46:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/10/23 11:01:50 | 081,131,360 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\andi\unwichtigeOrdner\Desktop\Kies_2.5.0.12094_27_11.exe
[2012/10/18 21:22:03 | 000,055,847 | ---- | M] () -- C:\Users\andi\unwichtigeOrdner\Desktop\DM-Exercise3.pdf
[2012/10/18 21:22:02 | 001,230,682 | ---- | M] () -- C:\Users\andi\unwichtigeOrdner\Desktop\DM-Lecture3.pdf
[2012/10/12 16:32:28 | 000,002,487 | ---- | M] () -- C:\Users\andi\unwichtigeOrdner\Desktop\Google Chrome.lnk
[2012/10/10 13:29:00 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3509303512-1638139293-2482028298-1001Core.job
[2012/10/10 13:10:46 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/10/10 13:10:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/05 21:13:47 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012/10/05 21:13:47 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012/10/05 21:13:47 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012/10/05 21:13:46 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012/10/05 21:13:46 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012/10/05 21:13:46 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/09/26 20:57:22 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\windows\SysWow64\Redemption.dll
[2012/09/26 20:57:16 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\windows\MASetupCaller.dll
[2012/09/26 20:57:16 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\windows\MAMCityDownload.ocx
[2012/09/26 20:57:16 | 000,030,568 | ---- | M] () -- C:\windows\MusiccityDownload.exe
[2012/09/26 20:57:14 | 000,974,848 | ---- | M] () -- C:\windows\SysWow64\cis-2.4.dll
[2012/09/26 20:57:14 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\windows\SysWow64\muzdecode.ax
[2012/09/26 20:57:14 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzapp.dll
[2012/09/26 20:57:14 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\windows\SysWow64\MSLUR71.dll
[2012/09/26 20:57:14 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\windows\SysWow64\muzoggsp.ax
[2012/09/26 20:57:14 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\windows\SysWow64\MSCLib.dll
[2012/09/26 20:57:14 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\windows\SysWow64\muzwmts.dll
[2012/09/26 20:57:14 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzapp.exe
[2012/09/26 20:57:14 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\windows\SysWow64\MSFLib.dll
[2012/09/26 20:57:14 | 000,143,360 | ---- | M] () -- C:\windows\SysWow64\3DAudio.ax
[2012/09/26 20:57:14 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzaf1.dll
[2012/09/26 20:57:14 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\windows\SysWow64\muzmpgsp.ax
[2012/09/26 20:57:14 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\windows\SysWow64\muzeffect.ax
[2012/09/26 20:57:14 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\windows\SysWow64\MaDRM.dll
[2012/09/26 20:57:14 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\windows\SysWow64\muzmp4sp.ax
[2012/09/26 20:57:14 | 000,081,920 | ---- | M] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 20:57:14 | 000,065,536 | ---- | M] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 20:57:14 | 000,057,344 | ---- | M] (Marktek) -- C:\windows\SysWow64\MK_Lyric.dll
[2012/09/26 20:57:14 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\windows\SysWow64\MTXSYNCICON.dll
[2012/09/26 20:57:14 | 000,057,344 | ---- | M] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2012/09/26 20:57:14 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\windows\SysWow64\MaJGUILib.dll
[2012/09/26 20:57:14 | 000,045,320 | ---- | M] (MARKANY) -- C:\windows\SysWow64\MAMACExtract.dll
[2012/09/26 20:57:14 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\windows\SysWow64\MaXMLProto.dll
[2012/09/26 20:57:14 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\windows\SysWow64\MACXMLProto.dll
[2012/09/26 20:57:14 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\windows\SysWow64\MTTELECHIP.dll
[2012/09/26 20:57:14 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\windows\SysWow64\MASetupCleaner.exe
[2012/09/26 20:57:12 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\windows\SysWow64\dgderapi.dll
[1 C:\Users\andi\*.tmp files -> C:\Users\andi\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/24 20:49:49 | 000,050,477 | ---- | C] () -- C:\Users\andi\unwichtigeOrdner\Desktop\Defogger.exe
[2012/10/23 15:14:43 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/10/23 14:54:25 | 000,162,694 | ---- | C] () -- C:\Users\andi\unwichtigeOrdner\Desktop\Stöhlker.pdf
[2012/10/23 11:52:34 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/10/23 11:46:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/10/18 21:22:03 | 000,055,847 | ---- | C] () -- C:\Users\andi\unwichtigeOrdner\Desktop\DM-Exercise3.pdf
[2012/10/18 21:21:50 | 001,230,682 | ---- | C] () -- C:\Users\andi\unwichtigeOrdner\Desktop\DM-Lecture3.pdf
[2012/10/13 22:44:03 | 000,882,727 | ---- | C] () -- C:\Users\andi\unwichtigeOrdner\Desktop\P6260057.JPG
[2012/09/26 20:57:16 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/09/26 20:57:14 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2012/09/26 20:57:14 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\3DAudio.ax
[2012/09/26 20:57:14 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 20:57:14 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 20:57:14 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2012/07/03 20:12:35 | 000,307,200 | ---- | C] () -- C:\Users\andi\jaudioMp3Win.tar
[2012/05/28 20:50:53 | 000,000,000 | ---- | C] () -- C:\Users\andi\defogger_reenable
[2012/03/14 22:33:42 | 000,147,227 | ---- | C] () -- C:\Users\andi\QuickSteuer_Deluxe_2012_Dasi.zip
[2011/11/14 21:37:59 | 000,006,550 | ---- | C] () -- C:\windows\jautoexp.dat
[2011/06/07 13:45:51 | 000,951,944 | ---- | C] () -- C:\Users\andi\Trainingstipps_fuer_den_Start_beim_Nehlsen-Triathlon_2011.pdf
[2011/03/29 20:43:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/18 21:41:20 | 001,535,962 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/18 10:53:50 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll
[2010/11/18 10:53:50 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/11/18 10:53:49 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/11/18 10:41:57 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

< End of report >


viele Grüße

Andi

Alt 25.10.2012, 13:02   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________

__________________

Alt 25.10.2012, 15:17   #3
andi2107
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



Hallo cosinus,

hier die Textdatei


# AdwCleaner v2.005 - Datei am 25/10/2012 um 16:14:44 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : andi - ANDI-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\andi\unwichtigeOrdner\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\andi\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\Free Offers from Freeze.com
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\andi\AppData\Local\Babylon
Ordner Gefunden : C:\Users\andi\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\andi\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\andi\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\andi\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\Cr_Installer
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE

-\\ Mozilla Firefox v13.0.1 (de)

Profilname : default
Datei : C:\Users\andi\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\prefs.js

Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=10051[...]
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gefunden : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Gefunden : user_pref("extensions.funmoods.cntry", "DE");
Gefunden : user_pref("extensions.funmoods.hdrMd5", "0D57AD5491289F35534401BD554D5CAA");
Gefunden : user_pref("extensions.funmoods.hrdid", "a8baa772000000000000e02a823bea36");
Gefunden : user_pref("extensions.funmoods.keywordurl", "");
Gefunden : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:46:24");
Gefunden : user_pref("extensions.funmoods.newTab", true);
Gefunden : user_pref("extensions.funmoods.newtab", true);
Gefunden : user_pref("extensions.funmoods.savedVrsnTs", "1");
Gefunden : user_pref("extensions.funmoods.sg", "none");
Gefunden : user_pref("extensions.funmoods.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods.smplgrp", "none");
Gefunden : user_pref("extensions.funmoods.srch", "");
Gefunden : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:46:24");
Gefunden : user_pref("extensions.funmoods.vrsnts", "1.5.23.2220:46:24");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

-\\ Google Chrome v22.0.1229.94

Datei : C:\Users\andi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.15] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
Gefunden [l.1491] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]

*************************

AdwCleaner[R1].txt - [12473 octets] - [25/10/2012 16:14:44]

########## EOF - C:\AdwCleaner[R1].txt - [12534 octets] ##########


Gruß

Andi
__________________

Alt 25.10.2012, 15:19   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.10.2012, 15:19   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



Edit: doppelt

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.10.2012, 16:33   #6
andi2107
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



hier ist die Datei

# AdwCleaner v2.005 - Datei am 25/10/2012 um 17:26:48 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : andi - ANDI-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\andi\unwichtigeOrdner\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\andi\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Free Offers from Freeze.com
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\andi\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\andi\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\andi\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\andi\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\andi\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profilname : default
Datei : C:\Users\andi\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\prefs.js

C:\Users\andi\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=10051[...]
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Gelöscht : user_pref("extensions.funmoods.cntry", "DE");
Gelöscht : user_pref("extensions.funmoods.hdrMd5", "0D57AD5491289F35534401BD554D5CAA");
Gelöscht : user_pref("extensions.funmoods.hrdid", "a8baa772000000000000e02a823bea36");
Gelöscht : user_pref("extensions.funmoods.keywordurl", "");
Gelöscht : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:46:24");
Gelöscht : user_pref("extensions.funmoods.newTab", true);
Gelöscht : user_pref("extensions.funmoods.newtab", true);
Gelöscht : user_pref("extensions.funmoods.savedVrsnTs", "1");
Gelöscht : user_pref("extensions.funmoods.sg", "none");
Gelöscht : user_pref("extensions.funmoods.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods.smplgrp", "none");
Gelöscht : user_pref("extensions.funmoods.srch", "");
Gelöscht : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:46:24");
Gelöscht : user_pref("extensions.funmoods.vrsnts", "1.5.23.2220:46:24");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

-\\ Google Chrome v22.0.1229.94

Datei : C:\Users\andi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.15] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
Gelöscht [l.1491] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]

*************************

AdwCleaner[R1].txt - [12560 octets] - [25/10/2012 16:14:44]
AdwCleaner[S1].txt - [12670 octets] - [25/10/2012 17:26:48]

########## EOF - C:\AdwCleaner[S1].txt - [12731 octets] ##########


Gruß

Andi

Alt 25.10.2012, 19:53   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



Ok, eine Kontrolle bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.10.2012, 21:19   #8
andi2107
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



hier die Logs

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/25/2012 9:54:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\andi\unwichtigeOrdner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.75 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 58.64% Memory free
7.49 Gb Paging File | 5.40 Gb Available in Paging File | 72.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 131.75 Gb Total Space | 69.05 Gb Free Space | 52.41% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
 
Computer Name: ANDI-HP | User Name: andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\andi\unwichtigeOrdner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe (Uniblue Systems Ltd)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c6f50454841e46989bfbf8b70d598db0\CustomMarshalers.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = 
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes\{507E76F3-1DE3-4614-887F-0B1011E4770C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=0b7e6a38-ec1d-44f3-929a-679e7da1f489&apn_sauid=559B7EB5-CEE7-4A65-A62D-613146B2001B
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..backup.old.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.1
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.479
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\andi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\andi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\andi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\andi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2012/09/03 10:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/09 13:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/09 14:55:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/09 13:05:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/09 14:55:50 | 000,000,000 | ---D | M]
 
[2011/02/21 20:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Extensions
[2012/10/25 17:26:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\1c3dr9as.default\extensions
[2012/10/23 19:03:17 | 000,558,413 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\1c3dr9as.default\extensions\toolbar@web.de.xpi
[2012/05/13 14:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/09 13:05:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/14 22:37:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\andi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\andi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
 
O1 HOSTS File: ([2012/06/21 21:41:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001..\Run: [SpeedUpMyPC] C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E00C872-5886-46BE-81DB-FEDECAADDD36}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B20EDAB1-112B-43CE-81C0-CEC8C015A170}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/24 20:56:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\andi\unwichtigeOrdner\Desktop\OTL.exe
[2012/10/23 15:21:53 | 000,000,000 | ---D | C] -- C:\Temp
[2012/10/23 15:15:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012/10/23 12:06:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/23 11:53:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2012/10/23 11:53:06 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Local\Samsung
[2012/10/23 11:52:48 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\Samsung
[2012/10/23 11:52:41 | 000,000,000 | ---D | C] -- C:\Users\andi\unwichtigeOrdner\Documents\samsung
[2012/10/23 11:51:47 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WdfCoInstaller01007.dll
[2012/10/23 11:51:47 | 000,708,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinUSBCoInstaller.dll
[2012/10/23 11:51:47 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudmdm.sys
[2012/10/23 11:51:46 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudbus.sys
[2012/10/23 11:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/10/23 11:50:32 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\windows\SysWow64\Redemption.dll
[2012/10/23 11:50:15 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\windows\SysWow64\dgderapi.dll
[2012/10/23 11:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/10/23 11:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/10/23 11:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/10/23 11:47:15 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Local\Downloaded Installations
[2012/10/23 11:39:38 | 081,131,360 | ---- | C] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\andi\unwichtigeOrdner\Desktop\Kies_2.5.0.12094_27_11.exe
[2012/10/10 12:37:00 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/10/10 12:36:59 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/10/10 12:36:59 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/10/10 12:36:46 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/10/10 12:36:46 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/10/10 12:36:45 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/10/10 12:36:45 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/10/10 12:36:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/10/10 12:36:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/10/10 12:36:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/10/10 12:36:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/10/10 12:36:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/10/10 12:36:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/10/10 12:36:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/10/10 12:36:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/10/10 12:36:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 12:36:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 12:36:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 12:36:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 12:36:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 12:36:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 12:36:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 12:36:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 12:36:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 12:36:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 12:36:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 12:36:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 12:36:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 12:36:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 12:36:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 12:36:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 12:36:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 12:36:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 12:36:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 12:36:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 12:36:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 12:36:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 12:36:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 12:36:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 12:36:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/10/10 12:36:33 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/10/10 12:36:12 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/10/10 12:36:11 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/10/06 13:52:12 | 000,000,000 | ---D | C] -- C:\opt
[2012/10/05 21:32:43 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2012/10/05 21:32:37 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Local\Android
[2012/10/05 21:14:16 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012/10/05 21:13:59 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012/10/05 21:13:59 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012/10/05 21:13:59 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012/09/26 20:57:16 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\windows\MASetupCaller.dll
[2012/09/26 20:57:16 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\windows\MAMCityDownload.ocx
[2012/09/26 20:57:14 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\windows\SysWow64\muzdecode.ax
[2012/09/26 20:57:14 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzapp.dll
[2012/09/26 20:57:14 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\windows\SysWow64\MSLUR71.dll
[2012/09/26 20:57:14 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\windows\SysWow64\muzoggsp.ax
[2012/09/26 20:57:14 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\windows\SysWow64\MSCLib.dll
[2012/09/26 20:57:14 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\windows\SysWow64\muzwmts.dll
[2012/09/26 20:57:14 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzapp.exe
[2012/09/26 20:57:14 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\windows\SysWow64\MSFLib.dll
[2012/09/26 20:57:14 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzaf1.dll
[2012/09/26 20:57:14 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\windows\SysWow64\muzmpgsp.ax
[2012/09/26 20:57:14 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\windows\SysWow64\muzeffect.ax
[2012/09/26 20:57:14 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\windows\SysWow64\MaDRM.dll
[2012/09/26 20:57:14 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\windows\SysWow64\muzmp4sp.ax
[2012/09/26 20:57:14 | 000,057,344 | ---- | C] (Marktek) -- C:\windows\SysWow64\MK_Lyric.dll
[2012/09/26 20:57:14 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\windows\SysWow64\MTXSYNCICON.dll
[2012/09/26 20:57:14 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\windows\SysWow64\MaJGUILib.dll
[2012/09/26 20:57:14 | 000,045,320 | ---- | C] (MARKANY) -- C:\windows\SysWow64\MAMACExtract.dll
[2012/09/26 20:57:14 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\windows\SysWow64\MaXMLProto.dll
[2012/09/26 20:57:14 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\windows\SysWow64\MACXMLProto.dll
[2012/09/26 20:57:14 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\windows\SysWow64\MTTELECHIP.dll
[2012/09/26 20:57:14 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\windows\SysWow64\MASetupCleaner.exe
[2012/09/26 08:39:02 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe
[2011/11/14 21:37:25 | 006,638,560 | ---- | C] (Microsoft Corporation) -- C:\Users\andi\MsJav86i.exe
[1 C:\Users\andi\*.tmp files -> C:\Users\andi\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/25 21:46:51 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/25 21:29:10 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3509303512-1638139293-2482028298-1001UA.job
[2012/10/25 21:10:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/25 20:29:29 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 20:29:29 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 20:26:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/25 17:33:12 | 001,513,970 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/10/25 17:33:12 | 000,659,690 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/10/25 17:33:12 | 000,620,836 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/25 17:33:12 | 000,132,970 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/10/25 17:33:12 | 000,108,760 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/10/25 17:28:48 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/25 17:28:47 | 000,000,334 | ---- | M] () -- C:\windows\tasks\SpeedUpMyPC.job
[2012/10/25 17:28:13 | 4022,927,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/25 16:13:51 | 000,538,941 | ---- | M] () -- C:\Users\andi\unwichtigeOrdner\Desktop\adwcleaner.exe
[2012/10/24 20:56:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andi\unwichtigeOrdner\Desktop\OTL.exe
[2012/10/24 20:49:50 | 000,050,477 | ---- | M] () -- C:\Users\andi\unwichtigeOrdner\Desktop\Defogger.exe
[2012/10/23 15:14:43 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/10/23 14:54:26 | 000,162,694 | ---- | M] () -- C:\Users\andi\unwichtigeOrdner\Desktop\Stöhlker.pdf
[2012/10/23 11:52:34 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/10/23 11:46:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/10/23 11:01:50 | 081,131,360 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\andi\unwichtigeOrdner\Desktop\Kies_2.5.0.12094_27_11.exe
[2012/10/18 21:22:03 | 000,055,847 | ---- | M] () -- C:\Users\andi\unwichtigeOrdner\Desktop\DM-Exercise3.pdf
[2012/10/18 21:22:02 | 001,230,682 | ---- | M] () -- C:\Users\andi\unwichtigeOrdner\Desktop\DM-Lecture3.pdf
[2012/10/12 16:32:28 | 000,002,487 | ---- | M] () -- C:\Users\andi\unwichtigeOrdner\Desktop\Google Chrome.lnk
[2012/10/10 13:29:00 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3509303512-1638139293-2482028298-1001Core.job
[2012/10/10 13:10:46 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/10/10 13:10:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/05 21:13:47 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012/10/05 21:13:47 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012/10/05 21:13:47 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012/10/05 21:13:46 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012/10/05 21:13:46 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012/10/05 21:13:46 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/09/26 20:57:22 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\windows\SysWow64\Redemption.dll
[2012/09/26 20:57:16 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\windows\MASetupCaller.dll
[2012/09/26 20:57:16 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\windows\MAMCityDownload.ocx
[2012/09/26 20:57:16 | 000,030,568 | ---- | M] () -- C:\windows\MusiccityDownload.exe
[2012/09/26 20:57:14 | 000,974,848 | ---- | M] () -- C:\windows\SysWow64\cis-2.4.dll
[2012/09/26 20:57:14 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\windows\SysWow64\muzdecode.ax
[2012/09/26 20:57:14 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzapp.dll
[2012/09/26 20:57:14 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\windows\SysWow64\MSLUR71.dll
[2012/09/26 20:57:14 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\windows\SysWow64\muzoggsp.ax
[2012/09/26 20:57:14 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\windows\SysWow64\MSCLib.dll
[2012/09/26 20:57:14 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\windows\SysWow64\muzwmts.dll
[2012/09/26 20:57:14 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzapp.exe
[2012/09/26 20:57:14 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\windows\SysWow64\MSFLib.dll
[2012/09/26 20:57:14 | 000,143,360 | ---- | M] () -- C:\windows\SysWow64\3DAudio.ax
[2012/09/26 20:57:14 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzaf1.dll
[2012/09/26 20:57:14 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\windows\SysWow64\muzmpgsp.ax
[2012/09/26 20:57:14 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\windows\SysWow64\muzeffect.ax
[2012/09/26 20:57:14 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\windows\SysWow64\MaDRM.dll
[2012/09/26 20:57:14 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\windows\SysWow64\muzmp4sp.ax
[2012/09/26 20:57:14 | 000,081,920 | ---- | M] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 20:57:14 | 000,065,536 | ---- | M] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 20:57:14 | 000,057,344 | ---- | M] (Marktek) -- C:\windows\SysWow64\MK_Lyric.dll
[2012/09/26 20:57:14 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\windows\SysWow64\MTXSYNCICON.dll
[2012/09/26 20:57:14 | 000,057,344 | ---- | M] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2012/09/26 20:57:14 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\windows\SysWow64\MaJGUILib.dll
[2012/09/26 20:57:14 | 000,045,320 | ---- | M] (MARKANY) -- C:\windows\SysWow64\MAMACExtract.dll
[2012/09/26 20:57:14 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\windows\SysWow64\MaXMLProto.dll
[2012/09/26 20:57:14 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\windows\SysWow64\MACXMLProto.dll
[2012/09/26 20:57:14 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\windows\SysWow64\MTTELECHIP.dll
[2012/09/26 20:57:14 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\windows\SysWow64\MASetupCleaner.exe
[2012/09/26 20:57:12 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\windows\SysWow64\dgderapi.dll
[1 C:\Users\andi\*.tmp files -> C:\Users\andi\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/25 16:13:49 | 000,538,941 | ---- | C] () -- C:\Users\andi\unwichtigeOrdner\Desktop\adwcleaner.exe
[2012/10/24 20:49:49 | 000,050,477 | ---- | C] () -- C:\Users\andi\unwichtigeOrdner\Desktop\Defogger.exe
[2012/10/23 15:14:43 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/10/23 14:54:25 | 000,162,694 | ---- | C] () -- C:\Users\andi\unwichtigeOrdner\Desktop\Stöhlker.pdf
[2012/10/23 11:52:34 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/10/23 11:46:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/10/18 21:22:03 | 000,055,847 | ---- | C] () -- C:\Users\andi\unwichtigeOrdner\Desktop\DM-Exercise3.pdf
[2012/10/18 21:21:50 | 001,230,682 | ---- | C] () -- C:\Users\andi\unwichtigeOrdner\Desktop\DM-Lecture3.pdf
[2012/10/13 22:44:03 | 000,882,727 | ---- | C] () -- C:\Users\andi\unwichtigeOrdner\Desktop\P6260057.JPG
[2012/09/26 20:57:16 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/09/26 20:57:14 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2012/09/26 20:57:14 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\3DAudio.ax
[2012/09/26 20:57:14 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 20:57:14 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 20:57:14 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2012/07/03 20:12:35 | 000,307,200 | ---- | C] () -- C:\Users\andi\jaudioMp3Win.tar
[2012/05/28 20:50:53 | 000,000,000 | ---- | C] () -- C:\Users\andi\defogger_reenable
[2012/03/14 22:33:42 | 000,147,227 | ---- | C] () -- C:\Users\andi\QuickSteuer_Deluxe_2012_Dasi.zip
[2011/11/14 21:37:59 | 000,006,550 | ---- | C] () -- C:\windows\jautoexp.dat
[2011/06/07 13:45:51 | 000,951,944 | ---- | C] () -- C:\Users\andi\Trainingstipps_fuer_den_Start_beim_Nehlsen-Triathlon_2011.pdf
[2011/03/29 20:43:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/18 21:41:20 | 001,535,962 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/18 10:53:50 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll
[2010/11/18 10:53:50 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/11/18 10:53:49 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/11/18 10:41:57 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10/25/2012 9:54:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\andi\unwichtigeOrdner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.75 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 58.64% Memory free
7.49 Gb Paging File | 5.40 Gb Available in Paging File | 72.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 131.75 Gb Total Space | 69.05 Gb Free Space | 52.41% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
 
Computer Name: ANDI-HP | User Name: andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D39F339-8F17-49A1-8D0B-9058B4A808A6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{26C35838-44F9-4FCF-91B6-818DB99A7AB2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2D883177-6D29-4E3F-A308-7F599DB6CCE7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{34C7A14A-FFDD-4C03-B794-53122EF5531A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4607A599-E6B7-4DEC-B1FC-DEAB2D016D75}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4903C950-9523-4BBA-A564-FBFD98A941F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4CB343DE-0B15-4F37-B706-D1C656349EFB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D2C2C95-0DDC-4E9F-8BC6-294FBA45FA3E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5277BD3A-2258-41D0-8589-EAAD7CE9BEDF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5F5C3634-E500-4011-80E9-1EE59DA8DF60}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6EF7479F-374B-4872-877E-0925D09EFB79}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{745669AF-055D-4A96-9CA4-9FB17921CCEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7E722AFB-463B-4E78-B311-228F1E06684F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{859A2588-2D64-4370-8B76-7B5C0972B446}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{921E54E1-FC58-4CA1-912C-C28E28E1D5D8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{985310A5-307E-45DE-BE51-45242394B960}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B0B31531-3EE9-4112-B787-044DCBC6364D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD3C7E50-8259-4D21-B224-38853690001D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D44EF9A8-D495-4CB9-9B19-53FB9DFDAC82}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{EE699008-A863-449D-BE8A-BB6256756C75}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F4B579FC-BF60-4E42-9AA7-56D0FA8D5C8C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F69AF8C1-2F38-4DA5-833E-F3AEAB14E3CB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FDF6B15D-1CA9-43CF-88DA-33DA6609D209}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13F18FC8-0293-4174-AB90-9690EEA4479B}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{176D228C-CF1D-437C-9FCF-E06E72D10B6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1881D78A-C1A3-4C01-B4D7-2AD515DA9336}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1FA6A257-4F95-478D-A76F-7AF6643D37F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{28C9D16F-2B3B-4699-B2F8-28A012DCC5F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3A530E28-806B-428D-946A-036ADA801BC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5589705C-789B-4CE8-87C0-12AF3C09156F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{64F9F546-3D23-4951-BC87-D6865A1954AC}" = protocol=6 | dir=out | app=system | 
"{76A022E5-C4DF-4D4E-AB1E-F79CC1C1871E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8254F2BE-A95E-4F77-AF10-6C65E94DBEA6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{96CF263D-A1D5-445B-9D3D-6372B927D251}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{9F397CD2-1AA1-4CBA-BA3E-B4A819B7EB3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7D8D0C2-2B41-4B78-8132-7122F3DF8837}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{ACB7EDB2-9445-42E9-9AB0-D5BB740293AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF8BA974-C0A1-46D0-908B-C509FEF3E1C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B77A6FD0-5565-453B-AD4B-303D9E7185CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C0A1E4BA-BF54-499B-A00B-26A918C182A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{C5408337-7CE9-49F0-BED8-0F1BDDA716CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CBF530D2-B957-4709-8F12-50C057B818C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D90A2B3B-88AA-4006-9A17-E8AC0C6AB4B8}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{D9562E97-BF8C-42C6-9EFE-179DBF18E2A7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E33EBB17-7E59-4146-8549-E40B37DC81A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E6BC333B-7A0B-4F60-B0EF-510593CF81D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FEFFA0D7-E03A-4EFB-B866-BDDE0DD2FB0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{24E0D4AA-3ED6-44B2-AC68-F21CCC0F05D2}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{5CD56D9F-7B50-48CA-A037-FE5FE5F40B72}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support
"{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD3BB19-993E-469D-9E1F-B57A175C1411}" = HP Software Framework
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1DE827D-8A61-4A77-9CCF-31AD84CC1FB6}" = HP Documentation
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4B7F2AF-AEDA-4DE8-8014-9ADAFF7B4164}" = QuickSteuer Deluxe 2012
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Android SDK Tools" = Android SDK Tools
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP240 series Benutzerregistrierung" = Canon MP240 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Nokia PC Suite" = Nokia PC Suite
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Scribus 1.3.3.14" = Scribus 1.3.3.14
"SumatraPDF" = SumatraPDF
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/17/2012 2:45:41 AM | Computer Name = andi-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 9/17/2012 5:19:30 AM | Computer Name = andi-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 9/17/2012 5:19:38 AM | Computer Name = andi-HP | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 9/20/2012 6:05:29 AM | Computer Name = andi-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 9/20/2012 6:05:40 AM | Computer Name = andi-HP | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 9/25/2012 7:30:37 AM | Computer Name = andi-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 9/25/2012 7:30:46 AM | Computer Name = andi-HP | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 9/25/2012 9:00:29 AM | Computer Name = andi-HP | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f00    Startzeit: 
01cd9aff8f1b73d2    Endzeit: 63    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 e2c46c2f-0710-11e2-8f39-368ba635c4e3  
 
Error - 9/26/2012 6:09:10 AM | Computer Name = andi-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 9/26/2012 6:09:18 AM | Computer Name = andi-HP | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Hewlett-Packard Events ]
Error - 8/13/2012 3:30:37 PM | Computer Name = andi-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201208132130.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 8/20/2012 2:42:12 PM | Computer Name = andi-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201208202042.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 8/28/2012 10:43:18 AM | Computer Name = andi-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201208281643.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 9/3/2012 2:42:45 PM | Computer Name = andi-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201209032042.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 9/11/2012 5:11:21 AM | Computer Name = andi-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201209111111.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 9/18/2012 7:13:56 AM | Computer Name = andi-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201209181313.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 9/25/2012 5:32:29 AM | Computer Name = andi-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201209251132.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 10/2/2012 2:24:31 AM | Computer Name = andi-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201210020824.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 10/10/2012 7:11:38 AM | Computer Name = andi-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201210101311.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 10/18/2012 1:08:10 PM | Computer Name = andi-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201210181908.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
[ HP Wireless Assistant Events ]
Error - 11/18/2010 4:40:10 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     at HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 11/18/2010 4:40:10 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0
Description = System.Exception Register() failed : e_GENERAL_EXCEPTION    at HP_Common.CaslWrapper.Register(EventArrivedEventHandler
 handler)     at HPPA_Service.CurrentConfiguration..ctor()
 
Error - 11/18/2010 4:40:13 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
 calibration)     at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 2/18/2011 3:25:43 PM | Computer Name = andi-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 8/5/2011 2:02:55 PM | Computer Name = andi-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
[ System Events ]
Error - 10/23/2012 5:45:31 AM | Computer Name = andi-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 10/23/2012 5:45:33 AM | Computer Name = andi-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 10/23/2012 5:45:34 AM | Computer Name = andi-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 10/23/2012 5:45:35 AM | Computer Name = andi-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 10/23/2012 5:45:36 AM | Computer Name = andi-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 10/23/2012 1:02:32 PM | Computer Name = andi-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
Error - 10/23/2012 1:03:52 PM | Computer Name = andi-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Media Player-Netzwerkfreigabedienst erreicht.
 
Error - 10/23/2012 1:03:52 PM | Computer Name = andi-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 10/24/2012 4:48:17 PM | Computer Name = andi-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 10/25/2012 4:02:08 PM | Computer Name = andi-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
 
< End of report >
         
--- --- ---


Gruß

Andi

Alt 26.10.2012, 11:11   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



Sieht gut aus

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.10.2012, 17:12   #10
andi2107
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



ich habe die von Dir angegebene Meldung beim ersten Scan nicht bekommen, wusste also nicht, ob das Programm abgestürzt war oder nicht. Deshalb habe ich es ein zweites Mal mit "none" im DropDown Feld gestarte. Beide Logs poste ich Dir im Folgenden.

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-26 17:33:52
-----------------------------
17:33:52.736    OS Version: Windows x64 6.1.7601 Service Pack 1
17:33:52.736    Number of processors: 1 586 0x603
17:33:52.737    ComputerName: ANDI-HP  UserName: andi
17:33:53.653    Initialize success
17:35:16.977    AVAST engine defs: 12102600
17:35:21.314    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:35:21.320    Disk 0 Vendor: Hitachi_HTS725016A9A364 PCBOCH0A Size: 152627MB BusType: 11
17:35:21.332    Disk 0 MBR read successfully
17:35:21.339    Disk 0 MBR scan
17:35:21.350    Disk 0 Windows 7 default MBR code
17:35:21.360    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          300 MB offset 2048
17:35:21.381    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       134916 MB offset 616448
17:35:21.417    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15360 MB offset 276924416
17:35:21.436    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     2043 MB offset 308381696
17:35:21.471    Disk 0 scanning C:\windows\system32\drivers
17:35:38.586    Service scanning
17:36:15.452    Modules scanning
17:36:15.472    Disk 0 trace - called modules:
17:36:15.850    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
17:36:15.862    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047aa060]
17:36:15.876    3 CLASSPNP.SYS[fffff880011ba43f] -> nt!IofCallDriver -> [0xfffffa8004767520]
17:36:15.885    5 ACPI.sys[fffff88000f1f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004771060]
17:36:16.526    AVAST engine scan C:\windows
17:36:18.851    AVAST engine scan C:\windows\system32
17:40:22.651    AVAST engine scan C:\windows\system32\drivers
17:40:41.687    AVAST engine scan C:\Users\andi
17:49:52.125    Disk 0 MBR has been saved successfully to "C:\Users\andi\unwichtigeOrdner\Desktop\MBR.dat"
17:49:52.134    The log file has been saved successfully to "C:\Users\andi\unwichtigeOrdner\Desktop\aswMBR.txt"
         
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-26 17:52:15
-----------------------------
17:52:15.942    OS Version: Windows x64 6.1.7601 Service Pack 1
17:52:15.942    Number of processors: 1 586 0x603
17:52:15.943    ComputerName: ANDI-HP  UserName: andi
17:52:21.658    Initialze error C000010E - driver not loaded
17:52:21.718    write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
17:52:21.937    AVAST engine defs: 12102600
17:52:58.095    Service scanning
17:53:32.752    Modules scanning
17:53:32.763    Disk 0 trace - called modules:
17:53:32.769    
17:53:32.774    Scan finished successfully
18:09:13.746    The log file has been saved successfully to "C:\Users\andi\unwichtigeOrdner\Desktop\aswMBR1.txt"
         

Alt 26.10.2012, 22:04   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Scans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.10.2012, 22:28   #12
andi2107
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.23.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
andi :: ANDI-HP [Administrator]

27.10.2012 20:29:22
mbam-log-2012-10-27 (20-29-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 432848
Laufzeit: 2 Stunde(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

[code/]


super anti spyware
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/27/2012 at 11:16 PM

Application Version : 5.6.1012

Core Rules Database Version : 9484
Trace Rules Database Version: 7296

Scan type       : Quick Scan
Total Scan Time : 00:04:40

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 829
Memory threats detected   : 0
Registry items scanned    : 60559
Registry threats detected : 0
File items scanned        : 10686
File threats detected     : 161

Adware.Tracking Cookie
	C:\Users\andi\AppData\Roaming\Microsoft\Windows\Cookies\OP4JGRTC.txt [ /accounts.google.com ]
	C:\Users\andi\AppData\Roaming\Microsoft\Windows\Cookies\TZRUOSPZ.txt [ /adfarm1.adition.com ]
	C:\Users\andi\AppData\Roaming\Microsoft\Windows\Cookies\XHHNDL79.txt [ /track.adform.net ]
	C:\Users\andi\AppData\Roaming\Microsoft\Windows\Cookies\OVUI3IQQ.txt [ /adform.net ]
	C:\Users\andi\AppData\Roaming\Microsoft\Windows\Cookies\PYY4LJ6A.txt [ /ad.zanox.com ]
	C:\Users\andi\AppData\Roaming\Microsoft\Windows\Cookies\7IC5W0YC.txt [ /apmebf.com ]
	C:\Users\andi\AppData\Roaming\Microsoft\Windows\Cookies\UKIO9ULO.txt [ /imrworldwide.com ]
	C:\Users\andi\AppData\Roaming\Microsoft\Windows\Cookies\6JUN27MZ.txt [ /fastclick.net ]
	C:\Users\andi\AppData\Roaming\Microsoft\Windows\Cookies\5XVXXZ5P.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\andi\AppData\Roaming\Microsoft\Windows\Cookies\4I6FD3WA.txt [ /zanox.com ]
	C:\Users\andi\AppData\Roaming\Microsoft\Windows\Cookies\YNBYIW4E.txt [ /mediaplex.com ]
	C:\Users\andi\AppData\Roaming\Microsoft\Windows\Cookies\2PT6QE5U.txt [ /doubleclick.net ]
	C:\Users\andi\AppData\Roaming\Microsoft\Windows\Cookies\P65DJ1OZ.txt [ /atdmt.com ]
	C:\USERS\ANDI\Cookies\OP4JGRTC.txt [ Cookie:andi@accounts.google.com/ ]
	C:\USERS\ANDI\Cookies\OVUI3IQQ.txt [ Cookie:andi@adform.net/ ]
	C:\USERS\ANDI\Cookies\PYY4LJ6A.txt [ Cookie:andi@ad.zanox.com/ ]
	C:\USERS\ANDI\Cookies\7IC5W0YC.txt [ Cookie:andi@apmebf.com/ ]
	C:\USERS\ANDI\Cookies\UKIO9ULO.txt [ Cookie:andi@imrworldwide.com/cgi-bin ]
	C:\USERS\ANDI\Cookies\6JUN27MZ.txt [ Cookie:andi@fastclick.net/ ]
	C:\USERS\ANDI\Cookies\5XVXXZ5P.txt [ Cookie:andi@ad1.adfarm1.adition.com/ ]
	C:\USERS\ANDI\Cookies\4I6FD3WA.txt [ Cookie:andi@zanox.com/ ]
	C:\USERS\ANDI\Cookies\YNBYIW4E.txt [ Cookie:andi@mediaplex.com/ ]
	C:\USERS\ANDI\Cookies\2PT6QE5U.txt [ Cookie:andi@doubleclick.net/ ]
	C:\USERS\ANDI\Cookies\P65DJ1OZ.txt [ Cookie:andi@atdmt.com/ ]
	.serving-sys.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revenuemax.de [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.a.revenuemax.de [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad.adnet.de [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad.adnet.de [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.zanox.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox-affiliate.de [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.etracker.de [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.xiti.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.specificclick.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adviva.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.fastclick.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.oracle.112.2o7.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	server.adformdsp.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adformdsp.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adform.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.questionmarket.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.questionmarket.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox-affiliate.de [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad1.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.stepstone.112.2o7.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.overture.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.googleadservices.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bs.serving-sys.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	wbr-ads-01.odmedia.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.etracker.de [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradetracker.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.zanox-affiliate.de [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.histats.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.statcounter.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.histats.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.gostats.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.gostats.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracker.vinsight.de [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tribalfusion.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	server.adform.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	de.sitestat.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad4.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.traffictrack.de [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ww251.smartadserver.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.zanox.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.webmasterplan.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	track.adform.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adform.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad2.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad3.adfarm1.adition.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.accounts.google.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.accounts.google.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tradedoubler.com [ C:\USERS\ANDI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
         
[code]

Alt 27.10.2012, 23:25   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.10.2012, 20:34   #14
andi2107
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Daumen hoch

Startseite " http://www.searchnu.com/406 " bei CHROME



Danke für die Tipps und Hinweise und für Deine Mühen. Die Startseite ist weg und darüber hinaus gibt es auch keine Probleme.
Einzig, dass bei meiner Frau auf ihrem PC die selbe Startseite da ist. Doch dafür macht sie wohl besser ein eigenes Thema auf.

Also nochmal: Besten Dank

Andi

Alt 29.10.2012, 12:03   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite " http://www.searchnu.com/406 " bei CHROME - Standard

Startseite " http://www.searchnu.com/406 " bei CHROME



Ja für einen anderen Rechner bitte auch einen neuen Strang aufmachen

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Scan machen, aber immer vorher ans Update denken.

Es empfiehlt sich auf jeden Fall nach der beseitigten Infektion auch möglichst alle Passwörter zu ändern.

Abschließend ein ganz wichtiger Punkt: Absicherung des Rechners, aktualisieren der Programme siehe http://www.trojaner-board.de/96344-a...tml#post627442
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Startseite " http://www.searchnu.com/406 " bei CHROME
adobe, adobe flash player, antivir, autorun, avg, avira, avira searchfree toolbar, bho, defender, explorer, firefox, flash player, format, google, helper, home, http://www.searchnu.com/406, logfile, mozilla, nodrives, opera, pdf, plug-in, realtek, registry, scan, software, speedupmypc, symantec, windows




Ähnliche Themen: Startseite " http://www.searchnu.com/406 " bei CHROME


  1. Win 8: TR/Trash.Gen kommt immer wieder und "istart.websearch" als Google Chrome Startseite.
    Log-Analyse und Auswertung - 01.08.2014 (3)
  2. Startseite "http://search.conduit.com"
    Plagegeister aller Art und deren Bekämpfung - 15.04.2014 (11)
  3. Ungwollte Startseite/Suchmaschine: " http://www.searchnu.com/413" - wie entferne ich das?
    Plagegeister aller Art und deren Bekämpfung - 13.12.2013 (11)
  4. Ungewollte Startseite bei Chrome: " http://wisersearch.com/?channel=de_nt" - Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 07.12.2013 (17)
  5. ohne mein zutun wird "http://wisersearch.com/?channel=de" als Startseite ausgeführt.
    Log-Analyse und Auswertung - 26.09.2013 (19)
  6. Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (17)
  7. "Funmoods Search" Startseite in Chrome lässt sich nicht entfernen - möglicher Virus?
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (9)
  8. http://www.searchnu.com/406?tag=newtab als Startseite
    Log-Analyse und Auswertung - 13.12.2012 (15)
  9. Startseite "http://www.searchnu.com/406" beim öffnen von Chrome
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (19)
  10. Startseite http://www.searchnu.com/410 Windows 7
    Log-Analyse und Auswertung - 27.08.2012 (17)
  11. Trojaner an Board? "http://www.searchnu.com/410" , wie werde ich wieder los?
    Log-Analyse und Auswertung - 17.05.2012 (1)
  12. Startseite http://www.searchnu.com/410
    Log-Analyse und Auswertung - 15.04.2012 (18)
  13. http://www.searchnu.com/410 als STARTSEITE in Thunderbird und ie
    Log-Analyse und Auswertung - 02.04.2012 (1)
  14. http://www.searchnu.com/414 <Startseite
    Log-Analyse und Auswertung - 26.03.2012 (1)
  15. ungewollte startseite "http://www.searchqu.com/410"
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (11)
  16. als startseite erscheint "http://www.searchqu.com/410"
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (10)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema Startseite " http://www.searchnu.com/406 " bei CHROME - Hallo, ich habe seit einiger Zeit die oben angegebene Startseite bei Öffnen von Chrome. Wie mir bekannte mitteilten, handelt es sich hierbei um einen Virus. Könnt ihr mir bitte weiterhelfen? - Startseite " http://www.searchnu.com/406 " bei CHROME...
Archiv
Du betrachtest: Startseite " http://www.searchnu.com/406 " bei CHROME auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.