| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weiß nicht weiterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.11.2012, 20:04
| #16 |
 |  Weiß nicht weiter ok dann muss ich mal die Anleitung abarbeiten damit ich es als zip Datei Hochladen kann. code-tags geht nicht weil es einfach zu groß ist. oder soll ich einfach 2 hälften aus dem logfile machen die ich dann im code-tags poste? Ich habe nicht ganz verstanden wie und wo ich die zip datei hochladen muss/soll. |
|
12.11.2012, 22:27
| #17 |
| | Weiß nicht weiter Ich hoffe das ist richtig so.
__________________ |
|
12.11.2012, 22:41
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Weiß nicht weiter Bitte besser aufpassen bei OTL und sorgfältiger arbeiten!
__________________Du hast nicht meinen Text aus der CODE-Box eingefügt sondern ein Log vom TDSS-Killer, das macht hinten und vorne keinen Sinn und kann gefährlich sein! Bitte mach das Log richtig!
__________________ |
|
12.11.2012, 22:44
| #19 |
| | Weiß nicht weiter Du hast ja geschrieben das ich alle Logs Posten soll also gehe ich mal davon aus das du das hier auch brauchst,das wurde als Extras Abgespeichert Code:
ATTFilter OTL Extras logfile created on: 12.11.2012 15:33:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vicky-Michi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,85 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 64,03% Memory free
7,71 Gb Paging File | 6,05 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 151,61 Gb Total Space | 91,67 Gb Free Space | 60,47% Space Free | Partition Type: NTFS
Drive D: | 146,39 Gb Total Space | 124,24 Gb Free Space | 84,87% Space Free | Partition Type: NTFS
Computer Name: VICKY-MICHI-PC | User Name: Vicky-Michi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4243700590-2715580582-1987515716-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DCB5C36-A30A-48A2-A0A2-0C4BB2550DF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21940805-A8A8-4A3D-A5E3-5A950132CE56}" = rport=138 | protocol=17 | dir=out | app=system |
"{22AA4B97-3ABE-4B84-8FF9-DC9854C0FBC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27BF9936-F3AB-4052-81FA-63D741B8511B}" = lport=445 | protocol=6 | dir=in | app=system |
"{2CCCCA27-E3A8-477B-82D3-BE5E65394806}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{429AC7F1-92B3-443A-955E-7E4749A38122}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57F2B750-8689-4E74-9B2A-FF8F56F215C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{59C0017E-F122-4BDE-BB57-8D08FDF02CA8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{60266C95-1482-45B6-908E-9BCBE8130469}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{66851177-6B73-4447-B778-4CABFB7B3E7B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{69813EE8-C276-4613-A649-48EDBB13D8C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6E783586-119F-4CF5-A768-E32A2B8131A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A9C40ED-B249-427C-AFEC-CDB1DA19B991}" = lport=139 | protocol=6 | dir=in | app=system |
"{85DDF9F6-1A1F-474A-822C-F26F43F3A493}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92632AD3-5FB6-43C5-8B16-562EB5EC420F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A5B820B5-EDC1-4363-B4D3-C5942316DD51}" = rport=445 | protocol=6 | dir=out | app=system |
"{B2C9476D-3E60-4A68-AB83-4AAFDF8DF8A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{C01832D1-C165-4927-892B-56ABCB70BEA7}" = rport=137 | protocol=17 | dir=out | app=system |
"{C1BEFC65-4A70-4986-B458-93700BC83320}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6142F3C-E981-47F5-8BC5-45BBBC173939}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CC21F94E-26B8-454E-8E93-3DF62D038304}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D0052CB4-21C1-42F8-974B-0800ED47039F}" = rport=139 | protocol=6 | dir=out | app=system |
"{D877C006-6F48-49BE-8D54-A7D78C6A5610}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5A58987-0F98-46D5-B25A-4A58802837F9}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04889087-3D4A-4509-8D74-3C2112681A18}" = protocol=17 | dir=in | app=c:\users\vicky-michi\appdata\local\akamai\netsession_win.exe |
"{14CFF144-2072-4C79-BA94-293857C4C3B0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2782EA2F-1388-4EDA-88EC-4686E72FBF32}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{32160843-C8E0-4D0D-A287-549F215FD7D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DD1042E-4FDC-4DD6-9EAE-80B86F4615AB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E408BF5-DB65-4FB1-8A5F-7F0FD6BEADD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{458ABD61-CDC1-4F8F-8A95-50FA377A5B67}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5A3AC3A5-8A54-4D9A-8AF7-673C65CE2A3D}" = protocol=6 | dir=in | app=c:\users\vicky-michi\appdata\local\akamai\netsession_win.exe |
"{5C394483-DD39-4CB5-A4AA-2FECD40BA82A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6550181F-92B3-467B-84D2-7D1C98311894}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{659833E5-3456-4730-ABEE-D215829D6D33}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{66D77FC6-09AB-413F-9AB0-1A7A8E419A76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6FF7EB51-EFAF-4C8D-847F-6C10C1E7A9F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BBF893B-A2A9-41B1-AC2E-6DECA2023D66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85756542-0E00-4CB0-BA15-7945909A37F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8B2F1558-5882-4C99-8F7B-F06D558F47BC}" = protocol=6 | dir=out | app=system |
"{A9FC8C0F-824B-411E-B635-98C974BFD0B1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB25F19E-0D4C-4DE6-A318-AED2EDDE0AD4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BEC960B5-4FB2-4A9B-8576-69DB41BFB64E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CB5B5D7C-10D6-4B5B-A487-0C89BFBDE8BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4FECB7A-74BA-4C41-AD99-9D1FD4D2BA02}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D51FBAB1-77D7-4FE7-A825-BC02CFDCF240}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E83848EF-5A95-49FC-A782-FDB35865AABE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ECBDFFEA-827B-4010-8836-71E2250272FD}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{F0111AF1-8073-48F9-8720-72D3B48E7AAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F0155967-CA9F-4B01-B374-B4396D5B4138}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{F6E452B9-2A7B-4A94-AD77-1EE7CE7F0507}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{FDE41882-9C6E-44BE-BD98-586A1692575B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{04E367A0-D8FD-4F5D-955C-E1B6FB23B664}C:\users\vicky-michi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\vicky-michi\appdata\local\akamai\netsession_win.exe |
"TCP Query User{21BBDDC9-F509-4A03-BA2F-DAA4E52BA001}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{259EF017-5523-411E-A0A8-2E23340A56F6}C:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe |
"TCP Query User{B31FBC21-116A-49BA-A0CF-DCE1882BD5C1}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{00C45F8F-9DC1-40AF-B832-AC3B201E99B7}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{19584E5C-C599-49F5-8AD9-5F290530777C}C:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe |
"UDP Query User{214E05CD-B421-4F58-93FB-3C303FEE7BC9}C:\users\vicky-michi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\vicky-michi\appdata\local\akamai\netsession_win.exe |
"UDP Query User{5B555E37-CB37-4138-9679-F87B275C94D1}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.474
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F82D3110-2996-B896-9ADC-394C18071095}" = ccc-utility64
"{F8FEEFC0-D7D6-9A40-28E9-1E7A6716E803}" = ATI Catalyst Install Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058E7BC0-15C3-D5F6-FD8D-34E4B44E4F82}" = CCC Help Thai
"{085C9E07-E122-DECF-350D-5CB3594EC54D}" = Catalyst Control Center Graphics Previews Common
"{11A5DA06-82B8-B47C-B6A9-6BFA8008108C}" = CCC Help Dutch
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{283EFC5E-041A-4AC7-8824-2F33695EBC11}" = CCC Help Korean
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D4E3A20-01D9-713F-2CD5-15FBD9312F28}" = CCC Help Chinese Traditional
"{31CABF76-F113-30F6-1BF1-19CA660C72B4}" = CCC Help Finnish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43609114-F9B7-48AA-BAAC-F320BB5E88DD}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A87034C-621A-DAC1-D7C3-FB9102A453D4}" = CCC Help Japanese
"{4FBB6BFD-774C-E86B-84E6-23C08FD76C0C}" = Catalyst Control Center Graphics Light
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6BCE77FA-82A3-E502-0956-AA9AE0E169D0}" = CCC Help English
"{74866E65-2DE2-4A63-99FE-F84A835E2AAD}" = TubeBox
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{78FDD286-2C51-17B5-22BC-DA769D237E1A}" = CCC Help Swedish
"{79B0F7B2-31BD-D377-CCA2-F647601283C0}" = CCC Help Polish
"{80059A57-F141-5556-7FA2-CD97EB8A05F9}" = CCC Help Danish
"{9061e40a-fdc9-4cc2-a47a-cf978c2a3993}" = TubeBox
"{983D01A7-FD14-5F70-9A46-3DBE1C0A3FFF}" = Catalyst Control Center InstallProxy
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Premium
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C51C947-7E8D-3EEB-6087-276446E4914C}" = CCC Help Hungarian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B1FA9E3F-86F3-136A-84DA-809A40458243}" = CCC Help Russian
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7FB9C80-A61F-6BFE-7F93-C493AC3F9E91}" = CCC Help Turkish
"{B91B9BD2-C3D1-2632-26C9-170EB39CADAC}" = CCC Help Greek
"{BD8D4FE1-8E1D-2D41-ED33-3E2B64ED3AF3}" = CCC Help Chinese Standard
"{C28CE716-3F07-528A-6CC8-FDF2865BCAAF}" = ccc-core-static
"{C9F9C082-A19F-9672-4F78-CC93F363A07D}" = CCC Help Norwegian
"{CEF185AA-392D-82EF-339B-F36547C0D9F8}" = Catalyst Control Center Core Implementation
"{D1886477-86CD-8365-CE96-42AD6F950ED0}" = CCC Help Italian
"{D1FAD629-67C3-B9D5-FD06-73A4EF76528A}" = CCC Help Portuguese
"{D53D7F78-94AC-CE27-199E-5F509437C7E6}" = Catalyst Control Center Graphics Previews Vista
"{D55BE2BD-14D6-E8AA-A1C0-519C50E28EB2}" = Catalyst Control Center Graphics Full Existing
"{E91CD838-0ED0-0BCD-ECAF-1A089F1A27E5}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF1E3D76-6F52-3F63-6848-346ACD86096D}" = CCC Help German
"{F0B13553-B3CA-76A9-182A-9E352F4EB749}" = Catalyst Control Center Graphics Full New
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6340C10-589F-7D1E-1819-2F8CF6247505}" = CCC Help French
"{FFE45CD9-4070-78E3-5794-8575B389336E}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VLC media player 2.0.1
"Wajam" = Wajam
"WinPcapInst" = WinPcap 4.1.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4243700590-2715580582-1987515716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.11.2012 04:09:19 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 01.11.2012 15:06:38 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 03.11.2012 09:58:27 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 04.11.2012 02:26:42 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 05.11.2012 04:42:29 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 05.11.2012 23:11:25 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 06.11.2012 13:43:09 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 07.11.2012 06:07:25 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 08.11.2012 02:34:40 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10.11.2012 08:50:01 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 11.11.2012 06:13:37 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 09.10.2012 03:36:15 | Computer Name = Vicky-Michi-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 09.10.2012 03:38:14 | Computer Name = Vicky-Michi-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 12.10.2012 05:34:23 | Computer Name = Vicky-Michi-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 24.10.2012 17:30:40 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1062
Error - 24.10.2012 17:36:53 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%1747
Error - 24.10.2012 17:36:54 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1115
Error - 24.10.2012 17:36:54 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1062
Error - 24.10.2012 17:37:00 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%1450
Error - 10.11.2012 07:34:43 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Freemium Self Update Service erreicht.
Error - 10.11.2012 07:34:43 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Freemium Self Update Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
|
|
12.11.2012, 23:04
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiß nicht weiterZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.11.2012, 23:12
| #21 |
| | Weiß nicht weiter hoffe das es jetzt richtig ist. Code:
ATTFilter OTL logfile created on: 12.11.2012 22:59:46 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vicky-Michi\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,85 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 48,40% Memory free 7,71 Gb Paging File | 5,29 Gb Available in Paging File | 68,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 151,61 Gb Total Space | 91,42 Gb Free Space | 60,30% Space Free | Partition Type: NTFS Drive D: | 146,39 Gb Total Space | 124,20 Gb Free Space | 84,85% Space Free | Partition Type: NTFS Computer Name: VICKY-MICHI-PC | User Name: Vicky-Michi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.12 15:29:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky-Michi\Desktop\OTL.exe PRC - [2012.11.12 11:57:46 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe PRC - [2012.10.30 14:58:21 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.30 14:58:06 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.30 14:58:06 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.27 17:09:40 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.10.09 13:22:53 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Vicky-Michi\AppData\Local\Akamai\netsession_win.exe PRC - [2012.10.09 01:17:54 | 000,580,096 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.20 10:53:26 | 005,686,272 | ---- | M] () -- C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe PRC - [2012.07.29 10:23:14 | 000,188,760 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.14 16:20:22 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe PRC - [2012.04.24 13:21:01 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe PRC - [2010.04.27 17:10:50 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.04.27 17:10:48 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.04.07 22:40:06 | 000,843,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.04.08 08:56:30 | 001,647,912 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe PRC - [2008.01.22 10:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2008.01.22 10:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.11.12 11:57:46 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll MOD - [2012.10.31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll MOD - [2012.10.31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll MOD - [2012.10.31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll MOD - [2012.10.31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll MOD - [2012.10.31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll MOD - [2012.10.31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll MOD - [2012.10.31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll MOD - [2012.10.31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll MOD - [2012.10.27 17:09:40 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.10.09 13:22:52 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2012.06.26 18:55:42 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll MOD - [2012.06.26 18:55:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll MOD - [2012.06.26 18:55:06 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.06.26 18:40:53 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.06.26 18:40:38 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.06.26 18:40:31 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.06.26 18:40:27 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.06.26 18:40:25 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.06.26 18:40:24 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.06.26 18:40:21 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.06.26 18:40:15 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.06.20 18:24:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.06.20 18:24:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.06.20 18:24:25 | 000,453,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\690b92468a3a69a5c4127f9f229459b7\IAStorUtil.ni.dll MOD - [2012.06.20 18:24:22 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.19 17:08:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.19 17:08:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.06.19 17:08:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.06.19 17:08:21 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.23 15:35:23 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.10.24 16:47:33 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.05.04 22:15:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.11.12 11:57:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.30 14:58:21 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.30 14:58:06 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.27 17:09:40 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.13 04:58:02 | 009,012,224 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe -- (SystemStoreService) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.20 10:53:26 | 005,686,272 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe -- (FreemiumSelfUpdateService) SRV - [2012.07.29 10:23:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.14 16:20:22 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2012.04.24 13:21:01 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore) SRV - [2010.04.27 17:10:50 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 14:58:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.09.13 14:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.13 03:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2010.12.21 06:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.12.21 06:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010.12.21 06:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.05.04 22:47:10 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.05.04 21:23:26 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.04.27 16:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.01.28 23:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.28 15:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/413 IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6R8BMeHx6C&i=26 IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 222.127.244.211:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/413" FF - prefs.js..extensions.enabledAddons: de_AT@dicts.j3e.de:20120628 FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628 FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.474 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=" FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vicky-Michi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vicky-Michi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.08.11 18:50:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.06 18:36:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.11 18:50:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 17:09:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 17:09:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 19:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Extensions [2012.11.09 16:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions [2012.03.22 15:06:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.31 23:24:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.19 05:18:20 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-AT), Hunspell-unterstützt) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\de_AT@dicts.j3e.de [2012.07.19 05:18:20 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\de_DE@dicts.j3e.de [2012.10.14 11:16:37 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.08.11 18:50:47 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\ffxtlbr@incredibar.com [2012.11.09 16:19:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\ich@maltegoetz.de [2012.07.19 05:18:11 | 000,171,666 | ---- | M] () (No name found) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\firefox\profiles\5wu4hiry.default\extensions\jid1-nGMZvOxL2PYSxg@jetpack.xpi [2012.10.30 01:26:59 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\firefox\profiles\5wu4hiry.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.11 18:50:42 | 000,002,203 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\firefox\profiles\5wu4hiry.default\searchplugins\MyStart Search.xml [2012.09.27 12:55:24 | 000,002,515 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\firefox\profiles\5wu4hiry.default\searchplugins\Search_Results.xml [2012.10.27 17:09:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.11 18:50:44 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.10.27 17:09:40 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.05.04 11:45:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 11:22:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.05.04 11:45:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.05.04 11:45:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.27 12:55:24 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012.05.04 11:45:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.04 11:45:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\npbrowserext.dll CHR - plugin: Wajam (Enabled) = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Google Update (Enabled) = C:\Users\Vicky-Michi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Web Assistant = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Wajam = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ CHR - Extension: Google Mail = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [Akamai NetSession Interface] C:\Users\Vicky-Michi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [C:\Users\Vicky-Michi\AppData\Local\Temp\tmpC6BD.tmp.exe] C:\Users\Vicky-Michi\AppData\Local\Temp\tmpC6BD.tmp.exe (Freemium) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [WidgetAlarm] C:\Program Files (x86)\e-load\Tiefpreisalarm\Tiefpreisalarm.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vicky-Michi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vicky-Michi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C7286B9-7242-4F50-97E5-A3C1B29571B4}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.12 15:29:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vicky-Michi\Desktop\OTL.exe [2012.11.12 12:32:25 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Vicky-Michi\Desktop\tdsskiller.exe [2012.11.12 12:02:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Vicky-Michi\Desktop\aswMBR.exe [2012.11.09 16:38:10 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{73F1648A-09E7-42F2-AC00-ED1BB666B8E2} [2012.11.09 16:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.11.09 16:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.11.08 17:51:49 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{63DE2E4A-6C61-4B70-BEA6-9BAE5EC07F70} [2012.11.08 17:41:35 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Roaming\Malwarebytes [2012.11.08 17:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.08 17:41:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.08 17:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.08 17:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.06 09:40:14 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{E0646533-F9EB-4917-A9D5-69BE0F02A9C6} [2012.11.03 05:08:07 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{595E6E13-C285-4BCF-8DB1-7DF55B4B4ECB} [2012.11.02 04:41:37 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{77AD6A41-7E7C-43E1-84C3-3AD7A38D0EA3} [2012.10.31 20:53:23 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{A54EF83C-F3A2-4A66-B60E-49F66FFDFD02} [2012.10.31 05:41:18 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{2E8D0DD3-79F8-473D-98A5-59E7326CD906} [2012.10.30 14:53:51 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{D24344B5-1F43-4715-ACC9-5611062414A1} [2012.10.29 12:32:44 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{E211691B-A45A-45BE-AA8B-CD0B12D6CE53} [2012.10.28 09:29:17 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{AFD6303E-A24C-4129-878E-54FF2B856E62} [2012.10.27 17:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.27 06:33:44 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{48F39FB0-DDCF-41CB-B0F2-300177BEFE30} [2012.10.26 15:13:37 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.10.26 13:34:29 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{52AE4C5A-A9FB-4BAF-95FF-E5B69870846C} [2012.10.25 11:32:21 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{EDA0CEC5-3F92-411C-BCB8-ED7F95F11353} [2012.10.24 08:01:33 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{695F766A-9212-4E5F-A080-81B56B702579} [2012.10.23 07:49:48 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{56177439-F896-460C-8536-EE8370DAE760} [2012.10.21 10:05:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.10.21 10:04:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2012.10.21 10:03:53 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012.10.21 10:03:53 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2012.10.21 09:26:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{CA1EEAD9-5ED2-47FE-87B1-4B2FB06920C0} [2012.10.20 11:45:47 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{77CC361B-CDC4-4281-A22C-52AE1265FADA} [2012.10.19 12:30:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{ED19BC11-7669-408D-B17C-A4BF51FCE0D3} [2012.10.18 18:25:24 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{F46E7B82-53A2-42F0-8D3D-4A467EC627B8} [2012.10.17 09:55:07 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Roaming\Avira [2012.10.17 09:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.17 09:49:29 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.17 09:49:29 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.17 09:49:29 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.17 09:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.17 09:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.17 09:40:06 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{B4236B8A-36C9-4065-91AB-0F9EEC8C701E} [2012.10.16 00:32:18 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{6770E02A-44DF-4AF7-9140-8C9982E7785D} [2012.10.15 00:59:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{3CCBD32D-2BBA-4BA1-A90B-F465F03DA756} [2012.10.14 11:16:03 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{CE27B863-1683-464B-AD51-8B3BC81FFCD5} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Users\Vicky-Michi\Desktop\mein-fussball-bild. [2012.11.12 22:22:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4243700590-2715580582-1987515716-1000UA.job [2012.11.12 22:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.12 16:32:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.12 16:22:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4243700590-2715580582-1987515716-1000Core.job [2012.11.12 15:29:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky-Michi\Desktop\OTL.exe [2012.11.12 12:32:27 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Vicky-Michi\Desktop\tdsskiller.exe [2012.11.12 12:29:29 | 000,000,512 | ---- | M] () -- C:\Users\Vicky-Michi\Desktop\MBR.dat [2012.11.12 12:04:28 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.12 12:04:28 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.12 12:03:02 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Vicky-Michi\Desktop\aswMBR.exe [2012.11.12 11:55:04 | 3103,387,648 | -HS- | M] () -- C:\hiberfil.sys [2012.10.31 20:58:31 | 001,613,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.31 20:58:31 | 000,697,156 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.31 20:58:31 | 000,652,434 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.31 20:58:31 | 000,148,420 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.31 20:58:31 | 000,121,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.30 14:58:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.27 19:20:22 | 000,059,392 | -H-- | M] () -- C:\Users\Vicky-Michi\Desktop\photothumb.db [2012.10.22 20:44:08 | 000,001,125 | ---- | M] () -- C:\Users\Vicky-Michi\Dokumente - Verknüpfung (2).lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Users\Vicky-Michi\Desktop\mein-fussball-bild. [2012.11.12 12:29:29 | 000,000,512 | ---- | C] () -- C:\Users\Vicky-Michi\Desktop\MBR.dat [2012.10.26 15:12:33 | 000,001,144 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4243700590-2715580582-1987515716-1000UA.job [2012.10.26 15:12:33 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4243700590-2715580582-1987515716-1000Core.job [2012.10.22 20:44:08 | 000,001,125 | ---- | C] () -- C:\Users\Vicky-Michi\Dokumente - Verknüpfung (2).lnk [2012.09.20 06:15:45 | 000,007,666 | ---- | C] () -- C:\Users\Vicky-Michi\AppData\Roaming\.freeciv-client-rc-2.3 [2012.05.23 13:55:58 | 001,591,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.07 18:35:21 | 000,001,125 | ---- | C] () -- C:\Users\Vicky-Michi\Dokumente - Verknüpfung.lnk [2012.04.26 23:59:02 | 000,003,584 | ---- | C] () -- C:\Users\Vicky-Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.03.22 13:57:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.22 13:53:01 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.20 06:14:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\.freeciv [2012.11.09 16:29:39 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\DVDVideoSoft [2012.03.22 15:06:15 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.04 16:40:36 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Floodlight Games [2012.10.25 08:35:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\FreeFLVConverter [2012.05.23 13:54:25 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Freemium [2012.03.25 07:51:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Jens Lorek [2012.09.04 22:31:36 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Need for Speed World [2012.06.30 21:21:42 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\OpenCandy [2012.08.17 16:06:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\PhotoScape [2012.09.09 17:04:23 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung [2012.10.01 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Solveig Multimedia [2012.07.09 22:23:20 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\TeamViewer [2012.05.06 12:49:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Temp [2012.06.30 21:22:02 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\TuneUp Software [2012.09.07 18:24:44 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\YourFileDownloader ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.03.24 04:11:22 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.11.09 16:52:53 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.03.22 12:31:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.03.22 13:58:59 | 000,000,000 | ---D | M] -- C:\Intel [2012.07.17 01:13:37 | 000,000,000 | ---D | M] -- C:\output [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.10.01 19:31:16 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.12 22:28:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.11.08 17:41:29 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.03.22 12:31:11 | 000,000,000 | -HSD | M] -- C:\Programme [2012.03.22 12:31:11 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.11.12 23:02:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.07.05 17:13:16 | 000,000,000 | ---D | M] -- C:\Temp [2012.03.22 12:31:23 | 000,000,000 | R--D | M] -- C:\Users [2012.11.09 16:48:11 | 000,000,000 | ---D | M] -- C:\Windows < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.09.20 06:14:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\.freeciv [2012.07.08 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Adobe [2012.08.21 10:21:04 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Ahead [2012.03.22 13:58:03 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\ATI [2012.10.17 09:55:07 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Avira [2012.08.20 19:23:45 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\dvdcss [2012.11.09 16:29:39 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\DVDVideoSoft [2012.03.22 15:06:15 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.04 16:40:36 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Floodlight Games [2012.10.25 08:35:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\FreeFLVConverter [2012.05.23 13:54:25 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Freemium [2012.03.22 12:31:44 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Identities [2012.03.22 14:01:00 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\InstallShield [2012.03.22 14:14:20 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Intel Corporation [2012.03.25 07:51:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Jens Lorek [2012.03.22 14:32:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Macromedia [2012.11.08 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Malwarebytes [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Media Center Programs [2012.11.09 17:00:26 | 000,000,000 | --SD | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Microsoft [2012.03.22 12:58:04 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Mozilla [2012.09.04 22:31:36 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Need for Speed World [2012.06.30 21:21:42 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\OpenCandy [2012.08.17 16:06:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\PhotoScape [2012.07.19 05:21:47 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Real [2012.09.09 17:04:23 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung [2012.11.12 16:34:25 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Skype [2012.10.01 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Solveig Multimedia [2012.07.09 22:23:20 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\TeamViewer [2012.05.06 12:49:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\Temp [2012.06.30 21:22:02 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\TuneUp Software [2012.11.07 11:22:57 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\vlc [2012.03.22 13:18:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\WinRAR [2012.09.07 18:24:44 | 000,000,000 | ---D | M] -- C:\Users\Vicky-Michi\AppData\Roaming\YourFileDownloader < %APPDATA%\*.exe /s > [2012.07.08 22:23:46 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Vicky-Michi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012.06.25 23:13:38 | 027,565,504 | ---- | M] (TuneUp Software) -- C:\Users\Vicky-Michi\AppData\Roaming\OpenCandy\5A1E123C03E049B0A3F41A2DE4F42CE2\TuneUpUtilities2012_de-DE.exe [2012.06.03 18:25:15 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Vicky-Michi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe [2012.06.03 21:25:40 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Vicky-Michi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe [2012.06.03 21:25:17 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Vicky-Michi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe [2012.10.21 10:04:49 | 000,060,888 | ---- | M] (Samsung) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AdminDelegator.exe [2012.10.21 10:04:49 | 000,088,024 | ---- | M] (Samsung) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe [2012.10.21 10:04:50 | 000,077,264 | ---- | M] (Samsung) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe [2012.10.21 10:04:50 | 000,843,208 | ---- | M] (Samsung) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe [2012.08.31 01:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe [2012.08.28 02:06:22 | 000,291,840 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesAgent.exe [2012.08.31 01:52:14 | 000,278,968 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe [2012.08.31 01:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe [2012.08.28 02:05:28 | 000,182,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe [2012.08.28 02:05:28 | 000,322,048 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe [2012.08.28 02:05:32 | 000,717,312 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe [2012.08.31 01:52:18 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe [2012.07.30 06:17:10 | 000,057,344 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\RegisterCOM.exe [2012.08.28 02:05:14 | 000,106,960 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe [2012.08.28 02:05:14 | 000,101,328 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe [2012.08.31 01:52:22 | 000,021,432 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe [2012.08.31 01:52:24 | 003,765,256 | ---- | M] (Freeware) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe [2012.06.26 08:03:02 | 000,262,144 | ---- | M] (ENJsoft corp.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV.exe [2012.06.26 08:03:04 | 000,090,112 | ---- | M] (ENJsoft corp.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV2.exe [2012.08.31 01:52:26 | 000,593,848 | ---- | M] (ml) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Updater\Kies.Update.exe [2012.08.28 02:04:28 | 024,177,352 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe [2012.10.11 01:33:52 | 000,297,912 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAgent.exe [2012.10.09 01:17:54 | 000,580,096 | ---- | M] (Samsung Electronics) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAirMessage.exe [2012.10.11 01:33:56 | 000,277,432 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe [2012.09.27 07:19:08 | 000,171,008 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe [2012.09.27 07:21:52 | 000,325,120 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe [2012.10.10 06:06:28 | 000,689,152 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe [2012.10.11 01:33:56 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe [2012.10.11 01:34:04 | 000,063,416 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\RegisterCOM.exe [2012.10.11 01:22:52 | 000,060,888 | ---- | M] (Samsung) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AdminDelegator.exe [2012.10.11 01:22:52 | 000,088,024 | ---- | M] (Samsung) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe [2012.10.11 01:22:50 | 000,077,264 | ---- | M] (Samsung) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe [2012.10.11 01:33:58 | 000,842,680 | ---- | M] (Samsung) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe [2012.10.11 01:34:00 | 003,767,312 | ---- | M] (Freeware) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe [2012.09.26 12:57:20 | 000,266,240 | ---- | M] (ENJsoft corp.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV.exe [2012.09.26 12:57:20 | 000,102,400 | ---- | M] (ENJsoft corp.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV2.exe [2012.10.11 01:34:02 | 000,596,920 | ---- | M] (ml) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Updater\Kies.Update.exe [2012.09.26 12:57:10 | 014,754,760 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2012.08.31 01:52:26 | 000,593,848 | ---- | M] (ml) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2012.10.11 01:34:02 | 000,596,920 | ---- | M] (ml) -- C:\Users\Vicky-Michi\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > < End of report > |
|
12.11.2012, 23:19
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiß nicht weiter ja so ist richtig Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6R8BMeHx6C&i=26
IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 222.127.244.211:3128
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/413"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q="
FF - prefs.js..network.proxy.type: 2
[2012.08.11 18:50:47 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\ffxtlbr@incredibar.com
[2012.08.11 18:50:42 | 000,002,203 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\firefox\profiles\5wu4hiry.default\searchplugins\MyStart Search.xml
[2012.09.27 12:55:24 | 000,002,515 | ---- | M] () -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\firefox\profiles\5wu4hiry.default\searchplugins\Search_Results.xml
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [C:\Users\Vicky-Michi\AppData\Local\Temp\tmpC6BD.tmp.exe] C:\Users\Vicky-Michi\AppData\Local\Temp\tmpC6BD.tmp.exe (Freemium)
O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [WidgetAlarm] C:\Program Files (x86)\e-load\Tiefpreisalarm\Tiefpreisalarm.exe File not found
:Files
C:\Program Files (x86)\e-load
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.11.2012, 23:39
| #23 |
| | Weiß nicht weiterCode:
ATTFilter All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ not found.
Registry key HKEY_USERS\S-1-5-21-4243700590-2715580582-1987515716-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ not found.
Registry key HKEY_USERS\S-1-5-21-4243700590-2715580582-1987515716-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Search Results" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.searchnu.com/413" removed from browser.startup.homepage
Prefs.js: ffxtlbr@incredibar.com:1.5.0 removed from extensions.enabledAddons
Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=" removed from keyword.URL
Prefs.js: 2 removed from network.proxy.type
C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs folder moved successfully.
C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\ffxtlbr@incredibar.com\content\imgs folder moved successfully.
C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\ffxtlbr@incredibar.com\content folder moved successfully.
C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\ffxtlbr@incredibar.com folder moved successfully.
C:\Users\Vicky-Michi\AppData\Roaming\mozilla\firefox\profiles\5wu4hiry.default\searchplugins\MyStart Search.xml moved successfully.
C:\Users\Vicky-Michi\AppData\Roaming\mozilla\firefox\profiles\5wu4hiry.default\searchplugins\Search_Results.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ deleted successfully.
C:\Program Files (x86)\Wajam\IE\priam_bho.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4243700590-2715580582-1987515716-1000\Software\Microsoft\Windows\CurrentVersion\Run\\C:\Users\Vicky-Michi\AppData\Local\Temp\tmpC6BD.tmp.exe deleted successfully.
C:\Users\Vicky-Michi\AppData\Local\Temp\tmpC6BD.tmp.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4243700590-2715580582-1987515716-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WidgetAlarm deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\e-load not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Vicky-Michi\Desktop\cmd.bat deleted successfully.
C:\Users\Vicky-Michi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Vicky-Michi
->Temp folder emptied: 7372723989 bytes
->Temporary Internet Files folder emptied: 117401777 bytes
->Java cache emptied: 64153150 bytes
->FireFox cache emptied: 106780436 bytes
->Google Chrome cache emptied: 366139252 bytes
->Flash cache emptied: 57234 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2531948107 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045869 bytes
RecycleBin emptied: 564283351 bytes
Total Files Cleaned = 10.643,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 11122012_233025
Files\Folders moved on Reboot...
C:\Users\Vicky-Michi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
12.11.2012, 23:43
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiß nicht weiter adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.11.2012, 23:46
| #25 |
| | Weiß nicht weiterCode:
ATTFilter # AdwCleaner v2.007 - Datei am 12/11/2012 um 23:45:39 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Vicky-Michi - VICKY-MICHI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Vicky-Michi\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : WajamUpdater
Gefunden : Web Assistant Updater
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\Wajam
Ordner Gefunden : C:\Program Files\Web Assistant
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gefunden : C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gefunden : C:\Users\Vicky-Michi\AppData\Local\Wajam
Ordner Gefunden : C:\Users\Vicky-Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gefunden : C:\Users\Vicky-Michi\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\Cr_Installer
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Wajam
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\Software\Wajam
Schlüssel Gefunden : HKLM\Software\Web Assistant
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Web Assistant
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/413
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Vicky-Michi\AppData\Roaming\Mozilla\Firefox\Profiles\5wu4hiry.default\prefs.js
Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6R8BMeHx6C&loc=FF_NT");
Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Gefunden : user_pref("extensions.incredibar_i.did", "10643");
Gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Gefunden : user_pref("extensions.incredibar_i.id", "487b4b3a0000000000004ceddee4b019");
Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar_i.instlDay", "15563");
Gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Gefunden : user_pref("extensions.incredibar_i.newTab", false);
Gefunden : user_pref("extensions.incredibar_i.ppd", "1");
Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar_i.productid", "26");
Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8BMeHx6C&loc=IB[...]
Gefunden : user_pref("extensions.incredibar_i.upn2", "6R8BMeHx6C");
Gefunden : user_pref("extensions.incredibar_i.upn2n", "92824863590767078");
Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:50:47");
Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gefunden : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Google Chrome v23.0.1271.64
Datei : C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [8930 octets] - [12/11/2012 23:45:39]
########## EOF - C:\AdwCleaner[R1].txt - [8990 octets] ##########
|
|
12.11.2012, 23:51
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiß nicht weiter adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.11.2012, 23:58
| #27 |
| | Weiß nicht weiterCode:
ATTFilter # AdwCleaner v2.007 - Datei am 12/11/2012 um 23:53:56 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Vicky-Michi - VICKY-MICHI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Vicky-Michi\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : WajamUpdater
Gestoppt & Gelöscht : Web Assistant Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files (x86)\Wajam
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gelöscht : C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\Vicky-Michi\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\Vicky-Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gelöscht : C:\Users\Vicky-Michi\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/413 --> hxxp://www.google.com
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Vicky-Michi\AppData\Roaming\Mozilla\Firefox\Profiles\5wu4hiry.default\prefs.js
C:\Users\Vicky-Michi\AppData\Roaming\Mozilla\Firefox\Profiles\5wu4hiry.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6R8BMeHx6C&loc=FF_NT");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10643");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "487b4b3a0000000000004ceddee4b019");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15563");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "1");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8BMeHx6C&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6R8BMeHx6C");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92824863590767078");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:50:47");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Google Chrome v23.0.1271.64
Datei : C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [9039 octets] - [12/11/2012 23:45:39]
AdwCleaner[S1].txt - [9059 octets] - [12/11/2012 23:53:56]
########## EOF - C:\AdwCleaner[S1].txt - [9119 octets] ##########
Code:
ATTFilter OTL logfile created on: 13.11.2012 00:02:32 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vicky-Michi\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,85 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 56,27% Memory free 7,71 Gb Paging File | 5,72 Gb Available in Paging File | 74,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 151,61 Gb Total Space | 105,68 Gb Free Space | 69,70% Space Free | Partition Type: NTFS Drive D: | 146,39 Gb Total Space | 124,28 Gb Free Space | 84,90% Space Free | Partition Type: NTFS Computer Name: VICKY-MICHI-PC | User Name: Vicky-Michi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Vicky-Michi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Users\Vicky-Michi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () MOD - C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll () MOD - C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll () MOD - C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll () MOD - C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll () MOD - C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll () MOD - C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\690b92468a3a69a5c4127f9f229459b7\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SystemStoreService) -- C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (FreemiumSelfUpdateService) -- C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (SystemStore) -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe () SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledAddons: de_AT@dicts.j3e.de:20120628 FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vicky-Michi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vicky-Michi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.06 18:36:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 17:09:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 17:09:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 19:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Extensions [2012.11.09 16:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions [2012.03.22 15:06:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.31 23:24:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.19 05:18:20 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-AT), Hunspell-unterstützt) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\de_AT@dicts.j3e.de [2012.07.19 05:18:20 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\de_DE@dicts.j3e.de [2012.10.14 11:16:37 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.11.09 16:19:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\Firefox\Profiles\5wu4hiry.default\extensions\ich@maltegoetz.de [2012.07.19 05:18:11 | 000,171,666 | ---- | M] () (No name found) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\firefox\profiles\5wu4hiry.default\extensions\jid1-nGMZvOxL2PYSxg@jetpack.xpi [2012.10.30 01:26:59 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Vicky-Michi\AppData\Roaming\mozilla\firefox\profiles\5wu4hiry.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.27 17:09:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.27 17:09:40 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.05.04 11:45:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 11:22:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.05.04 11:45:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.05.04 11:45:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.04 11:45:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.04 11:45:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\npbrowserext.dll CHR - plugin: Wajam (Enabled) = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Google Update (Enabled) = C:\Users\Vicky-Michi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ CHR - Extension: Google Mail = C:\Users\Vicky-Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.11.12 23:32:29 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [Akamai NetSession Interface] C:\Users\Vicky-Michi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-4243700590-2715580582-1987515716-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vicky-Michi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vicky-Michi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C7286B9-7242-4F50-97E5-A3C1B29571B4}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.12 23:30:25 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.12 15:29:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vicky-Michi\Desktop\OTL.exe [2012.11.12 12:32:25 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Vicky-Michi\Desktop\tdsskiller.exe [2012.11.12 12:02:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Vicky-Michi\Desktop\aswMBR.exe [2012.11.09 16:38:10 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{73F1648A-09E7-42F2-AC00-ED1BB666B8E2} [2012.11.09 16:34:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.11.09 16:34:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.11.09 16:34:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012.11.09 16:34:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012.11.09 16:34:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012.11.09 16:34:07 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.11.09 16:34:07 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012.11.09 16:34:07 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012.11.09 16:34:07 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012.11.09 16:34:07 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012.11.09 16:34:07 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012.11.09 16:34:07 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012.11.09 16:34:07 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012.11.09 16:34:07 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012.11.09 16:34:07 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012.11.09 16:34:07 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012.11.09 16:34:07 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012.11.09 16:34:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012.11.09 16:34:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012.11.09 16:34:07 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012.11.09 16:34:07 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012.11.09 16:34:07 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012.11.09 16:34:06 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012.11.09 16:34:06 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012.11.09 16:33:33 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.11.09 16:33:33 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.11.09 16:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.11.09 16:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.11.08 17:51:49 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{63DE2E4A-6C61-4B70-BEA6-9BAE5EC07F70} [2012.11.08 17:41:35 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Roaming\Malwarebytes [2012.11.08 17:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.08 17:41:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.08 17:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.08 17:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.06 10:31:49 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.11.06 10:31:49 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.11.06 10:31:49 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.11.06 09:40:14 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{E0646533-F9EB-4917-A9D5-69BE0F02A9C6} [2012.11.03 05:08:07 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{595E6E13-C285-4BCF-8DB1-7DF55B4B4ECB} [2012.11.02 04:41:37 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{77AD6A41-7E7C-43E1-84C3-3AD7A38D0EA3} [2012.10.31 20:53:23 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{A54EF83C-F3A2-4A66-B60E-49F66FFDFD02} [2012.10.31 05:41:18 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{2E8D0DD3-79F8-473D-98A5-59E7326CD906} [2012.10.30 14:53:51 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{D24344B5-1F43-4715-ACC9-5611062414A1} [2012.10.29 12:32:44 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{E211691B-A45A-45BE-AA8B-CD0B12D6CE53} [2012.10.28 09:29:17 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{AFD6303E-A24C-4129-878E-54FF2B856E62} [2012.10.27 17:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.27 06:33:44 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{48F39FB0-DDCF-41CB-B0F2-300177BEFE30} [2012.10.26 15:13:37 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.10.26 13:34:29 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{52AE4C5A-A9FB-4BAF-95FF-E5B69870846C} [2012.10.25 11:32:21 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{EDA0CEC5-3F92-411C-BCB8-ED7F95F11353} [2012.10.24 08:01:33 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{695F766A-9212-4E5F-A080-81B56B702579} [2012.10.23 07:49:48 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{56177439-F896-460C-8536-EE8370DAE760} [2012.10.21 10:05:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.10.21 10:04:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2012.10.21 10:03:53 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012.10.21 10:03:53 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2012.10.21 09:26:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{CA1EEAD9-5ED2-47FE-87B1-4B2FB06920C0} [2012.10.20 11:45:47 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{77CC361B-CDC4-4281-A22C-52AE1265FADA} [2012.10.19 12:30:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{ED19BC11-7669-408D-B17C-A4BF51FCE0D3} [2012.10.18 18:25:24 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{F46E7B82-53A2-42F0-8D3D-4A467EC627B8} [2012.10.17 09:55:07 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Roaming\Avira [2012.10.17 09:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.17 09:49:29 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.17 09:49:29 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.17 09:49:29 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.17 09:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.17 09:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.17 09:40:06 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{B4236B8A-36C9-4065-91AB-0F9EEC8C701E} [2012.10.16 00:32:18 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{6770E02A-44DF-4AF7-9140-8C9982E7785D} [2012.10.15 00:59:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{3CCBD32D-2BBA-4BA1-A90B-F465F03DA756} [2012.10.14 11:16:03 | 000,000,000 | ---D | C] -- C:\Users\Vicky-Michi\AppData\Local\{CE27B863-1683-464B-AD51-8B3BC81FFCD5} ========== Files - Modified Within 30 Days ========== File not found -- C:\Users\Vicky-Michi\Desktop\mein-fussball-bild. [2012.11.13 00:03:28 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.13 00:03:28 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.12 23:55:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.12 23:55:22 | 3103,387,648 | -HS- | M] () -- C:\hiberfil.sys [2012.11.12 23:44:47 | 000,541,569 | ---- | M] () -- C:\Users\Vicky-Michi\Desktop\adwcleaner.exe [2012.11.12 23:32:29 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012.11.12 23:22:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4243700590-2715580582-1987515716-1000UA.job [2012.11.12 23:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.12 16:22:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4243700590-2715580582-1987515716-1000Core.job [2012.11.12 15:29:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky-Michi\Desktop\OTL.exe [2012.11.12 12:32:27 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Vicky-Michi\Desktop\tdsskiller.exe [2012.11.12 12:29:29 | 000,000,512 | ---- | M] () -- C:\Users\Vicky-Michi\Desktop\MBR.dat [2012.11.12 12:03:02 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Vicky-Michi\Desktop\aswMBR.exe [2012.11.12 11:57:46 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.11.12 11:57:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.31 20:58:31 | 001,613,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.31 20:58:31 | 000,697,156 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.31 20:58:31 | 000,652,434 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.31 20:58:31 | 000,148,420 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.31 20:58:31 | 000,121,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.30 14:58:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.27 19:20:22 | 000,059,392 | -H-- | M] () -- C:\Users\Vicky-Michi\Desktop\photothumb.db [2012.10.22 20:44:08 | 000,001,125 | ---- | M] () -- C:\Users\Vicky-Michi\Dokumente - Verknüpfung (2).lnk ========== Files Created - No Company Name ========== File not found -- C:\Users\Vicky-Michi\Desktop\mein-fussball-bild. [2012.11.12 23:44:47 | 000,541,569 | ---- | C] () -- C:\Users\Vicky-Michi\Desktop\adwcleaner.exe [2012.11.12 12:29:29 | 000,000,512 | ---- | C] () -- C:\Users\Vicky-Michi\Desktop\MBR.dat [2012.10.26 15:12:33 | 000,001,144 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4243700590-2715580582-1987515716-1000UA.job [2012.10.26 15:12:33 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4243700590-2715580582-1987515716-1000Core.job [2012.10.22 20:44:08 | 000,001,125 | ---- | C] () -- C:\Users\Vicky-Michi\Dokumente - Verknüpfung (2).lnk [2012.09.20 06:15:45 | 000,007,666 | ---- | C] () -- C:\Users\Vicky-Michi\AppData\Roaming\.freeciv-client-rc-2.3 [2012.05.23 13:55:58 | 001,591,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.07 18:35:21 | 000,001,125 | ---- | C] () -- C:\Users\Vicky-Michi\Dokumente - Verknüpfung.lnk [2012.04.26 23:59:02 | 000,003,584 | ---- | C] () -- C:\Users\Vicky-Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.03.22 13:57:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.22 13:53:01 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.11.2012 00:02:32 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vicky-Michi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,85 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 56,27% Memory free
7,71 Gb Paging File | 5,72 Gb Available in Paging File | 74,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 151,61 Gb Total Space | 105,68 Gb Free Space | 69,70% Space Free | Partition Type: NTFS
Drive D: | 146,39 Gb Total Space | 124,28 Gb Free Space | 84,90% Space Free | Partition Type: NTFS
Computer Name: VICKY-MICHI-PC | User Name: Vicky-Michi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4243700590-2715580582-1987515716-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DCB5C36-A30A-48A2-A0A2-0C4BB2550DF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21940805-A8A8-4A3D-A5E3-5A950132CE56}" = rport=138 | protocol=17 | dir=out | app=system |
"{22AA4B97-3ABE-4B84-8FF9-DC9854C0FBC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27BF9936-F3AB-4052-81FA-63D741B8511B}" = lport=445 | protocol=6 | dir=in | app=system |
"{2CCCCA27-E3A8-477B-82D3-BE5E65394806}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{429AC7F1-92B3-443A-955E-7E4749A38122}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57F2B750-8689-4E74-9B2A-FF8F56F215C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{59C0017E-F122-4BDE-BB57-8D08FDF02CA8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{60266C95-1482-45B6-908E-9BCBE8130469}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{66851177-6B73-4447-B778-4CABFB7B3E7B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{69813EE8-C276-4613-A649-48EDBB13D8C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6E783586-119F-4CF5-A768-E32A2B8131A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A9C40ED-B249-427C-AFEC-CDB1DA19B991}" = lport=139 | protocol=6 | dir=in | app=system |
"{85DDF9F6-1A1F-474A-822C-F26F43F3A493}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92632AD3-5FB6-43C5-8B16-562EB5EC420F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A5B820B5-EDC1-4363-B4D3-C5942316DD51}" = rport=445 | protocol=6 | dir=out | app=system |
"{B2C9476D-3E60-4A68-AB83-4AAFDF8DF8A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{C01832D1-C165-4927-892B-56ABCB70BEA7}" = rport=137 | protocol=17 | dir=out | app=system |
"{C1BEFC65-4A70-4986-B458-93700BC83320}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6142F3C-E981-47F5-8BC5-45BBBC173939}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CC21F94E-26B8-454E-8E93-3DF62D038304}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D0052CB4-21C1-42F8-974B-0800ED47039F}" = rport=139 | protocol=6 | dir=out | app=system |
"{D877C006-6F48-49BE-8D54-A7D78C6A5610}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5A58987-0F98-46D5-B25A-4A58802837F9}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04889087-3D4A-4509-8D74-3C2112681A18}" = protocol=17 | dir=in | app=c:\users\vicky-michi\appdata\local\akamai\netsession_win.exe |
"{14CFF144-2072-4C79-BA94-293857C4C3B0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2782EA2F-1388-4EDA-88EC-4686E72FBF32}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{32160843-C8E0-4D0D-A287-549F215FD7D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DD1042E-4FDC-4DD6-9EAE-80B86F4615AB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E408BF5-DB65-4FB1-8A5F-7F0FD6BEADD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{458ABD61-CDC1-4F8F-8A95-50FA377A5B67}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5A3AC3A5-8A54-4D9A-8AF7-673C65CE2A3D}" = protocol=6 | dir=in | app=c:\users\vicky-michi\appdata\local\akamai\netsession_win.exe |
"{5C394483-DD39-4CB5-A4AA-2FECD40BA82A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6550181F-92B3-467B-84D2-7D1C98311894}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{659833E5-3456-4730-ABEE-D215829D6D33}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{66D77FC6-09AB-413F-9AB0-1A7A8E419A76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6FF7EB51-EFAF-4C8D-847F-6C10C1E7A9F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BBF893B-A2A9-41B1-AC2E-6DECA2023D66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85756542-0E00-4CB0-BA15-7945909A37F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8B2F1558-5882-4C99-8F7B-F06D558F47BC}" = protocol=6 | dir=out | app=system |
"{A9FC8C0F-824B-411E-B635-98C974BFD0B1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB25F19E-0D4C-4DE6-A318-AED2EDDE0AD4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BEC960B5-4FB2-4A9B-8576-69DB41BFB64E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CB5B5D7C-10D6-4B5B-A487-0C89BFBDE8BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4FECB7A-74BA-4C41-AD99-9D1FD4D2BA02}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D51FBAB1-77D7-4FE7-A825-BC02CFDCF240}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E83848EF-5A95-49FC-A782-FDB35865AABE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ECBDFFEA-827B-4010-8836-71E2250272FD}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{F0111AF1-8073-48F9-8720-72D3B48E7AAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F0155967-CA9F-4B01-B374-B4396D5B4138}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{F6E452B9-2A7B-4A94-AD77-1EE7CE7F0507}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{FDE41882-9C6E-44BE-BD98-586A1692575B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{04E367A0-D8FD-4F5D-955C-E1B6FB23B664}C:\users\vicky-michi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\vicky-michi\appdata\local\akamai\netsession_win.exe |
"TCP Query User{21BBDDC9-F509-4A03-BA2F-DAA4E52BA001}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{259EF017-5523-411E-A0A8-2E23340A56F6}C:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe |
"TCP Query User{B31FBC21-116A-49BA-A0CF-DCE1882BD5C1}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{00C45F8F-9DC1-40AF-B832-AC3B201E99B7}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{19584E5C-C599-49F5-8AD9-5F290530777C}C:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeciv-2.3.2-gtk2\freeciv-server.exe |
"UDP Query User{214E05CD-B421-4F58-93FB-3C303FEE7BC9}C:\users\vicky-michi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\vicky-michi\appdata\local\akamai\netsession_win.exe |
"UDP Query User{5B555E37-CB37-4138-9679-F87B275C94D1}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F82D3110-2996-B896-9ADC-394C18071095}" = ccc-utility64
"{F8FEEFC0-D7D6-9A40-28E9-1E7A6716E803}" = ATI Catalyst Install Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058E7BC0-15C3-D5F6-FD8D-34E4B44E4F82}" = CCC Help Thai
"{085C9E07-E122-DECF-350D-5CB3594EC54D}" = Catalyst Control Center Graphics Previews Common
"{11A5DA06-82B8-B47C-B6A9-6BFA8008108C}" = CCC Help Dutch
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{283EFC5E-041A-4AC7-8824-2F33695EBC11}" = CCC Help Korean
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D4E3A20-01D9-713F-2CD5-15FBD9312F28}" = CCC Help Chinese Traditional
"{31CABF76-F113-30F6-1BF1-19CA660C72B4}" = CCC Help Finnish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43609114-F9B7-48AA-BAAC-F320BB5E88DD}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A87034C-621A-DAC1-D7C3-FB9102A453D4}" = CCC Help Japanese
"{4FBB6BFD-774C-E86B-84E6-23C08FD76C0C}" = Catalyst Control Center Graphics Light
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6BCE77FA-82A3-E502-0956-AA9AE0E169D0}" = CCC Help English
"{74866E65-2DE2-4A63-99FE-F84A835E2AAD}" = TubeBox
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{78FDD286-2C51-17B5-22BC-DA769D237E1A}" = CCC Help Swedish
"{79B0F7B2-31BD-D377-CCA2-F647601283C0}" = CCC Help Polish
"{80059A57-F141-5556-7FA2-CD97EB8A05F9}" = CCC Help Danish
"{9061e40a-fdc9-4cc2-a47a-cf978c2a3993}" = TubeBox
"{983D01A7-FD14-5F70-9A46-3DBE1C0A3FFF}" = Catalyst Control Center InstallProxy
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Premium
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C51C947-7E8D-3EEB-6087-276446E4914C}" = CCC Help Hungarian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B1FA9E3F-86F3-136A-84DA-809A40458243}" = CCC Help Russian
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7FB9C80-A61F-6BFE-7F93-C493AC3F9E91}" = CCC Help Turkish
"{B91B9BD2-C3D1-2632-26C9-170EB39CADAC}" = CCC Help Greek
"{BD8D4FE1-8E1D-2D41-ED33-3E2B64ED3AF3}" = CCC Help Chinese Standard
"{C28CE716-3F07-528A-6CC8-FDF2865BCAAF}" = ccc-core-static
"{C9F9C082-A19F-9672-4F78-CC93F363A07D}" = CCC Help Norwegian
"{CEF185AA-392D-82EF-339B-F36547C0D9F8}" = Catalyst Control Center Core Implementation
"{D1886477-86CD-8365-CE96-42AD6F950ED0}" = CCC Help Italian
"{D1FAD629-67C3-B9D5-FD06-73A4EF76528A}" = CCC Help Portuguese
"{D53D7F78-94AC-CE27-199E-5F509437C7E6}" = Catalyst Control Center Graphics Previews Vista
"{D55BE2BD-14D6-E8AA-A1C0-519C50E28EB2}" = Catalyst Control Center Graphics Full Existing
"{E91CD838-0ED0-0BCD-ECAF-1A089F1A27E5}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF1E3D76-6F52-3F63-6848-346ACD86096D}" = CCC Help German
"{F0B13553-B3CA-76A9-182A-9E352F4EB749}" = Catalyst Control Center Graphics Full New
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6340C10-589F-7D1E-1819-2F8CF6247505}" = CCC Help French
"{FFE45CD9-4070-78E3-5794-8575B389336E}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VLC media player 2.0.1
"WinPcapInst" = WinPcap 4.1.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4243700590-2715580582-1987515716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.11.2012 09:58:27 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 04.11.2012 02:26:42 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 05.11.2012 04:42:29 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 05.11.2012 23:11:25 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 06.11.2012 13:43:09 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 07.11.2012 06:07:25 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 08.11.2012 02:34:40 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10.11.2012 08:50:01 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 11.11.2012 06:13:37 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 12.11.2012 07:43:12 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 12.11.2012 17:09:42 | Computer Name = Vicky-Michi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 09.10.2012 03:36:15 | Computer Name = Vicky-Michi-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 09.10.2012 03:38:14 | Computer Name = Vicky-Michi-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 12.10.2012 05:34:23 | Computer Name = Vicky-Michi-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 24.10.2012 17:30:40 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1062
Error - 24.10.2012 17:36:53 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%1747
Error - 24.10.2012 17:36:54 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1115
Error - 24.10.2012 17:36:54 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1062
Error - 24.10.2012 17:37:00 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%1450
Error - 10.11.2012 07:34:43 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Freemium Self Update Service erreicht.
Error - 10.11.2012 07:34:43 | Computer Name = Vicky-Michi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Freemium Self Update Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
|
|
13.11.2012, 09:53
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiß nicht weiter Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.11.2012, 10:45
| #29 |
| | Weiß nicht weiter ok werde das gleich noch machen. Habe plötzlich ein anderes Problem. Beim hochfahren wird mir immer was angezeigt seit gestern Abend was auftrat nachdem ich adwcleaner benutzt hatte. Habe einen Screenshot gemacht. |
|
13.11.2012, 10:50
| #30 |
| | Weiß nicht weiterCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.13.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Vicky-Michi :: VICKY-MICHI-PC [Administrator] Schutz: Aktiviert 13.11.2012 10:46:42 mbam-log-2012-11-13 (10-49-17).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202416 Laufzeit: 2 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b2a1e1bdf4b67a41a36446663aa703d1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-13 11:04:12
# local_time=2012-11-13 12:04:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 2336805 2336805 0 0
# compatibility_mode=5893 16776574 100 94 2417944 104430419 0 0
# compatibility_mode=8192 67108863 100 0 3790 3790 0 0
# scanned=139880
# found=0
# cleaned=0
# scan_time=4082
|
|
| Themen zu Weiß nicht weiter |
| administrator, aktion, angst, anti-malware, autostart, bösartige, dateien, explorer, falsch, gefunde, gen, infiziert, microsoft, minute, objekte, registrierung, registry, registry key, service, software, speicher, test, version, verzeichnisse, vorgehen, weiterhelfen |
Linear-Darstellung
