| |
| |||||||
Log-Analyse und Auswertung: Mbam logfileWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.11.2012, 18:42
| #1 |
 |  Mbam logfile Hallo und guten Abend zusammen, habe eben mit mbam nen quickscan durchgeführt und es wurden einige infizierte objekte gefunden. die meisten befinden sich im appdata\roaming ordner. ich hab keine ahnung was das genau ist..der ordner scheint bei mir aber fast 10gb zu umfassen... wäre super wenn jemand mal drüberschauen könnte. lieben dank ps: otl läuft grade  hier das file: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.17.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Katja :: KATJA-PC [Administrator] 17.11.2012 18:17:32 mbam-log-2012-11-17 (18-17-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 200411 Laufzeit: 13 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\Katja\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Katja\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Keine Aktion durchgeführt. Infizierte Dateien: 11 C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Katja\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Katja\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Katja\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Katja\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Katja\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Katja\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Katja\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Katja\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Katja\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Katja\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. (Ende) |
|
18.11.2012, 01:14
| #2 |
| /// Helfer-Team  | Mbam logfile Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
danach Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
18.11.2012, 12:26
| #3 |
| | Mbam logfile hallo,
__________________vielen dank. hab die logfiles von otl. soll ich die in voller länger hier einstellen? oder gibts ne möglichkeit das abzukürzen? |
|
19.11.2012, 03:57
| #4 |
| /// Helfer-Team | Mbam logfile Ist das dein Ernst? Natuerlich in voller Laenge. |
|
19.11.2012, 08:16
| #5 |
| | Mbam logfile natürlich war das mein ernst. es gibt foren wo ausdrücklich gesagt wird, man soll mit hilfe eines spoilers, oder als dateianhang....die logs einstellen, damit die threads nicht so ellenlang sind. ist mir schon klar dass ich nicht die hälfte des logs abschneide  |
|
19.11.2012, 15:39
| #6 |
| /// Helfer-Team | Mbam logfile Also doch keine Logs?
__________________ --> Mbam logfile |
|
19.11.2012, 15:44
| #7 |
| | Mbam logfile doch..nach feierabend wenn ich an meinem pc daheim bin  |
|
19.11.2012, 16:03
| #8 |
| /// Helfer-Team | Mbam logfile Alles klar |
|
21.11.2012, 17:22
| #9 |
| | Mbam logfile hier endlich die logs seit neuestem geht meine maus nicht mehr..obwohl ich alle treiber nochmals runtergeladen habe!OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.11.2012 20:48:31 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katja\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 50,65% Memory free
5,93 Gb Paging File | 3,97 Gb Available in Paging File | 66,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,02 Gb Total Space | 38,56 Gb Free Space | 13,43% Space Free | Partition Type: NTFS
Drive D: | 11,07 Gb Total Space | 1,31 Gb Free Space | 11,83% Space Free | Partition Type: NTFS
Computer Name: KATJA-PC | User Name: Katja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C95DEE-10ED-4A88-A9ED-94B86E26B8B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0EBE3C23-1415-44DA-BD29-93A5E7383136}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{543E785D-5B3A-4877-98CB-98C15133502F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{64987E2B-1A81-47FA-8BCF-A7114B9FE700}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{666C2CE4-89D3-4E2C-9201-88470940CEC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{76AF872C-4A41-4073-8B59-861B857F57D3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A98EE38A-F7B4-498A-8CE5-879671DA765A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF553513-4EAE-4411-A164-EF70E3BB4ADE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3C17585-8604-43E8-87BC-676919689524}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB7046EE-8804-4D3C-8D28-15D7E7CB092D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BB9B1D24-DD5B-4479-AD70-45078315061B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C3B7C273-3501-4DF6-8BE1-EB13DD8D9F77}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CAF69944-ED7A-4381-9642-BC628944B1A3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CE195FAF-D03B-408F-B72C-0A2DF1149707}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1604C28-5897-4BAF-BE80-063307087DCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D47C5E80-689A-426C-BECB-6C22F3BBCCC7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{DC56EE08-50D4-47EE-A9D3-B79029B51396}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E19B6FC5-BCAB-4AB4-BBE7-194AACD567D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F689CB89-89D6-4ED6-A5BA-DA915F6F6FEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F840609F-41D9-4C2F-B047-0C68D64D6BDF}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019BAD7E-E618-45EA-A974-627D332B167A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0205F053-F97C-4209-84A0-4EF90048028B}" = protocol=17 | dir=in | app=c:\users\katja\desktop\pdfconvertersetup.exe |
"{077B5F1E-3AED-4C65-95C1-5EFEA707C69D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BE9D024-A20F-4059-B78E-159E6F83A632}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{0F4C7A7D-EDA3-475A-B278-8B093DAC07B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1083281B-5D5B-4FAF-B28E-B84A9F968BB4}" = dir=in | app=c:\users\katja\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{2090DDE9-DF9E-4826-B6D1-008206D04B7C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3EDE5DA5-96D2-4DE3-9DDC-4087269F9847}" = protocol=6 | dir=in | app=c:\users\katja\desktop\pdfconvertersetup.exe |
"{68FF32FB-2C0C-4FCA-9FE2-3297996C5CE6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6A501928-8CE4-4D47-A07A-68AB5C686C2C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6BEB9479-3083-4373-9E0A-C3111F8F3469}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{80CD9617-3A24-4234-A159-1EF32E4DD7E2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{908E0178-FE1B-4EDF-B406-13690D0D75FE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9801ECFE-7809-4115-9E50-572FAF0BB28D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9EDE0A2F-FA2E-4AC7-AF87-16196DAE3A01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A383625A-4B4D-432E-A1E0-32562A7D1190}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3354E65-6930-4FD6-AA40-D18F56637F7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CEFB8864-6FC3-43A7-AC5E-7C374BC4EC41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D7DE6BE7-A441-40FC-A964-C610BF4D744C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB0C5B10-DDAC-421D-AC78-1D93D54C848D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DDC6B513-1B23-4F60-BAB5-B6573725C7A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F905B63A-0B4B-41D4-8F44-C72220D3DDA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB4BF755-116A-4D0B-8296-163F3C097110}" = protocol=6 | dir=out | app=system |
"TCP Query User{37304A89-05FE-487B-A821-C73BE4946CE4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{86FB7817-8771-45B4-A537-56FD221AD3A7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EBE7E4F6-6604-41E3-AA41-CB26FF65D8A9}C:\program files\onone software\perfect effects free\perfecteffects.exe" = protocol=6 | dir=in | app=c:\program files\onone software\perfect effects free\perfecteffects.exe |
"UDP Query User{714435CF-F640-4168-A465-597C0F717F96}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7219DD6E-EF44-4053-87AE-BF2DDD924A7E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FD798055-6D1A-4F17-A128-8FB225CF35EB}C:\program files\onone software\perfect effects free\perfecteffects.exe" = protocol=17 | dir=in | app=c:\program files\onone software\perfect effects free\perfecteffects.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63206fc1-1e32-43ee-a596-e8e660cb3c4e}" = Nero 9
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E4413BB-CE31-4E01-A1C0-E37BDD0187CE}" = Nero 11
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9501434E-8251-484D-819E-FCB93624899A}" = MP3 Recorder for YouTube
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C538746-C2DC-40FC-B1FB-D4EA7966ABEB}" = Skype™ 5.0
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A7AC8E69-01FF-494E-9A2C-423B82CEA604}" = HP MediaSmart SmartMenu
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B8D92680-34AC-4B76-8D95-7E95B11B5121}" = Perfect Effects 3 Free
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E1B2BA63-4023-B582-0D88-ABB528E281D9}" = Catalyst Control Center InstallProxy
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA300000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 3.0
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Australien Screen Saver" = Australien Screen Saver
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"FLAC" = FLAC 1.2.1b (remove only)
"FoxTab PDF Converter" = FoxTab PDF Converter
"Glary Utilities_is1" = Glary Utilities 2.43.0.1419
"Google Updater" = Google Updater
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"SopCast" = SopCast 3.4.7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 2.0.0
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.0.0
"XP Codec Pack" = XP Codec Pack
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1853009572-889368067-1826519071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.04.2011 18:56:58 | Computer Name = Katja-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2011 19:41:04 | Computer Name = Katja-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 2.0.0.4094 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17f4 Startzeit:
01cc020d38ea870f Endzeit: 17584 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
02f84670-6e03-11e0-9062-00269e20293a
Error - 24.04.2011 06:06:45 | Computer Name = Katja-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.04.2011 06:56:34 | Computer Name = Katja-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 24.04.2011 18:48:41 | Computer Name = Katja-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2011 14:53:59 | Computer Name = Katja-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2011 15:46:04 | Computer Name = Katja-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 27.04.2011 13:20:22 | Computer Name = Katja-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.04.2011 14:17:00 | Computer Name = Katja-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 28.04.2011 14:49:49 | Computer Name = Katja-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 17.11.2012 10:59:56 | Computer Name = Katja-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
jyhvt
Error - 18.11.2012 06:37:48 | Computer Name = Katja-PC | Source = hpdskflt | ID = 263145
Description = An unsupported disk adapter was found.
Error - 18.11.2012 06:38:08 | Computer Name = Katja-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 18.11.2012 06:38:08 | Computer Name = Katja-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.11.2012 06:38:35 | Computer Name = Katja-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
jyhvt
Error - 19.11.2012 11:44:51 | Computer Name = Katja-PC | Source = hpdskflt | ID = 263145
Description = An unsupported disk adapter was found.
Error - 19.11.2012 11:45:11 | Computer Name = Katja-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 19.11.2012 11:45:11 | Computer Name = Katja-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 19.11.2012 11:45:37 | Computer Name = Katja-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
jyhvt
Error - 20.11.2012 13:03:12 | Computer Name = Katja-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
number 2:OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.11.2012 20:48:31 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katja\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 50,65% Memory free 5,93 Gb Paging File | 3,97 Gb Available in Paging File | 66,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,02 Gb Total Space | 38,56 Gb Free Space | 13,43% Space Free | Partition Type: NTFS Drive D: | 11,07 Gb Total Space | 1,31 Gb Free Space | 11,83% Space Free | Partition Type: NTFS Computer Name: KATJA-PC | User Name: Katja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Katja\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Katja\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\UseNeXT\UseNeXT.exe () PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (ABBYY) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\SMINST\BLService.exe () PRC - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () PRC - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a30d7e65103254213dc62f238be50f97\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a30d7e65103254213dc62f238be50f97\System.EnterpriseServices.Wrapper.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Users\Katja\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Katja\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Katja\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll () MOD - C:\Users\Katja\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll () MOD - C:\Users\Katja\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll () MOD - C:\Users\Katja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll () MOD - C:\Users\Katja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll () MOD - C:\Users\Katja\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll () MOD - C:\Users\Katja\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll () MOD - C:\Users\Katja\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll () MOD - C:\Users\Katja\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll () MOD - C:\Program Files\UseNeXT\UseNeXT.exe () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files\UseNeXT\unrar.dll () MOD - C:\Program Files\UseNeXT\Par2Calc.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll () MOD - C:\Program Files\Logitech\SetPoint\khalwrapper.dll () MOD - C:\Windows\System32\msjetoledb40.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll () MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll () MOD - C:\Program Files\Common Files\Adobe\Shell\psicon.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.) SRV - (ABBYY.Licensing.PDFTransformer.Classic.3.0) -- C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (ABBYY) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation) SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe () SRV - (TVCapSvc) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () SRV - (TVSched) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (jyhvt) -- System32\drivers\robtwodn.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {09EECF31-D086-4C6A-88ED-D417D57B6D2F} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{09EECF31-D086-4C6A-88ED-D417D57B6D2F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{5EABDA3D-110C-48B7-A1DF-5F6D81CA9446}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=7fde735b-0239-11e1-a419-00269e20293a&q={searchTerms} IE - HKLM\..\SearchScopes\{E89AE38C-AB97-41DF-84E8-78E332833273}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\..\SearchScopes\{09EECF31-D086-4C6A-88ED-D417D57B6D2F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=07519eba00000000000000265e8c5f0c IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=07519eba00000000000000265e8c5f0c&tlver=1.4.19.19&affID=17160 IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\..\SearchScopes\{5EABDA3D-110C-48B7-A1DF-5F6D81CA9446}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=7fde735b-0239-11e1-a419-00269e20293a&q={searchTerms} IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\..\SearchScopes\{67DBB583-6E66-4E92-8BBF-51F7B4FE44EC}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\..\SearchScopes\{E89AE38C-AB97-41DF-84E8-78E332833273}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1" FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: qtl.co.il@gmail.com:15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search"# Mozilla User Preferences FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1" FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: qtl.co.il@gmail.com:15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search"# Mozilla User Preferences FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1" FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: qtl.co.il@gmail.com:15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&src=sp&cf=7fde735b-0239-11e1-a419-00269e20293a&q=" FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search"# Mozilla User Preferences FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1" FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: qtl.co.il@gmail.com:15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Katja\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Katja\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Katja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Katja\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Katja\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.06 16:31:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.24 21:16:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 21:55:30 | 000,000,000 | ---D | M] [2010.02.21 06:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Extensions [2012.07.06 16:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\g7e91yje.default\extensions [2010.08.07 18:19:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\g7e91yje.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.03 17:23:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\g7e91yje.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.09.02 20:18:36 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\g7e91yje.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2011.04.13 18:32:34 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\g7e91yje.default\extensions\finder@meingutscheincode.de [2010.11.23 00:09:31 | 000,000,000 | ---D | M] (qtl) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\g7e91yje.default\extensions\qtl.co.il@gmail.com [2012.07.06 16:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\g7e91yje.default\extensions\staged [2012.10.14 19:10:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\posv2gdw.Katja Neu\extensions [2011.02.03 21:22:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\posv2gdw.Katja Neu\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.17 22:05:18 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\posv2gdw.Katja Neu\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} [2011.06.03 10:13:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\posv2gdw.Katja Neu\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.02.17 22:36:22 | 000,000,000 | ---D | M] (Picnik) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\posv2gdw.Katja Neu\extensions\{5b1fdac4-a239-4933-9c52-b65a2a720b75} [2011.02.17 22:13:24 | 000,000,000 | ---D | M] (Pimp My Facebook Skin!) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\posv2gdw.Katja Neu\extensions\nitsansfbskins@nitsan.binnun.co.il [2011.03.13 13:59:08 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\posv2gdw.Katja Neu\extensions\personas@christopher.beard [2011.06.04 08:55:12 | 000,079,618 | ---- | M] () (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\firefox\profiles\posv2gdw.Katja Neu\extensions\FirefoxAddon@myfacebook.com.xpi [2012.10.14 19:10:07 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\firefox\profiles\posv2gdw.Katja Neu\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2010.12.18 18:37:30 | 000,000,950 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\mozilla\firefox\profiles\g7e91yje.default\searchplugins\icqplugin-1.xml [2010.12.12 00:55:52 | 000,000,950 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\mozilla\firefox\profiles\g7e91yje.default\searchplugins\icqplugin-2.xml [2010.10.25 22:39:30 | 000,001,056 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\mozilla\firefox\profiles\g7e91yje.default\searchplugins\icqplugin.xml [2010.11.23 00:09:42 | 000,002,109 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\mozilla\firefox\profiles\g7e91yje.default\searchplugins\qtl.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\mozilla\firefox\profiles\g7e91yje.default\searchplugins\startsear.xml [2011.09.02 20:18:28 | 000,003,915 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\mozilla\firefox\profiles\g7e91yje.default\searchplugins\sweetim.xml [2012.07.03 11:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.05.29 13:39:53 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2011.06.07 20:49:36 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2012.07.02 15:50:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.18 13:43:36 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012.07.02 15:50:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.26 11:45:55 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.07.02 15:50:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.02 15:50:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.02 15:50:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.02 15:50:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.02 15:50:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://startsear.ch/?aff=1 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://startsear.ch/?aff=1 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Katja\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Katja\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Katja\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Katja\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Katja\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Katja\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Angry Birds = C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: YouTube = C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Kate Spade = C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhpfdkiglaphjhmhojbofcplejkjkoc\3_0\ CHR - Extension: Google-Suche = C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Kill Facebook Questions = C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\kblnmiaeiakehndaagoomiddbblbeeoh\1.1.2_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-1853009572-889368067-1826519071-1000..\Run: [Facebook Update] C:\Users\Katja\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll () O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll () O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll () O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll () O4 - HKU\S-1-5-21-1853009572-889368067-1826519071-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Katja\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - res:///105 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O15 - HKU\S-1-5-21-1853009572-889368067-1826519071-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73ACA067-DAB3-4A18-8B50-B023122D806B}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDA2DB3F-E72E-4050-AF4F-BB46CF782143}: DhcpNameServer = 10.57.177.6 10.57.177.53 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\BlackGold1.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\BlackGold1.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.20 20:20:01 | 000,129,536 | ---- | C] (Intel Corporation) -- C:\Windows\System32\IJL15.dll [2012.11.20 20:19:56 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Australien Bildschirmschoner [2012.11.20 20:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Australien Bildschirmschoner [2012.11.20 20:19:43 | 000,094,208 | ---- | C] (Info-ZIP) -- C:\Windows\System32\ScrUnZip.dll [2012.11.17 18:16:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.16 16:08:12 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.16 16:08:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.16 16:07:31 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.16 16:07:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.16 16:07:29 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.16 10:48:32 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.16 10:48:32 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.16 10:48:31 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.16 10:48:23 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.16 10:48:21 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.16 10:48:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.16 10:48:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.10.26 16:32:01 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.23 19:18:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.23 19:18:21 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.23 19:18:21 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll ========== Files - Modified Within 30 Days ========== [2012.11.20 20:51:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1853009572-889368067-1826519071-1000UA.job [2012.11.20 20:46:10 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.20 20:20:01 | 000,129,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IJL15.dll [2012.11.20 20:19:43 | 000,094,208 | ---- | M] (Info-ZIP) -- C:\Windows\System32\ScrUnZip.dll [2012.11.20 20:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.20 20:01:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1853009572-889368067-1826519071-1000UA.job [2012.11.20 20:01:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1853009572-889368067-1826519071-1000Core.job [2012.11.20 18:18:02 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1853009572-889368067-1826519071-1000Core.job [2012.11.20 18:14:57 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.20 18:03:46 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.11.20 18:03:41 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job [2012.11.20 18:03:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.19 16:53:16 | 000,019,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.19 16:53:16 | 000,019,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.19 16:45:19 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.11.19 16:44:58 | 2390,114,304 | -HS- | M] () -- C:\hiberfil.sys [2012.11.17 18:17:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.17 18:16:41 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.17 15:59:19 | 000,433,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.16 16:18:57 | 000,657,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.16 16:18:57 | 000,618,966 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.16 16:18:57 | 000,131,070 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.16 16:18:57 | 000,107,286 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.26 17:06:09 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.26 17:06:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012.11.17 18:16:41 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.16 16:08:15 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 16:07:29 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.10.26 16:32:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2011.11.01 19:10:46 | 000,002,192 | ---- | C] () -- C:\Users\Katja\.recently-used.xbel [2011.09.02 23:20:46 | 000,000,615 | ---- | C] () -- C:\Users\Katja\AppData\Roaming\AutoGK.ini [2011.09.02 20:21:16 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.06.08 22:53:52 | 000,011,264 | ---- | C] () -- C:\Users\Katja\Bild.wps [2011.06.08 22:48:05 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.06.08 22:34:33 | 000,000,612 | ---- | C] () -- C:\Users\Katja\AppData\Roaming\wklnhst.dat [2011.06.03 20:51:29 | 000,007,605 | ---- | C] () -- C:\Users\Katja\AppData\Local\Resmon.ResmonCfg [2011.05.29 13:51:37 | 000,065,780 | ---- | C] () -- C:\Users\Katja\99_Windows-7-Shortcuts.zip [2011.05.13 22:32:36 | 000,005,120 | ---- | C] () -- C:\Users\Katja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.15 13:47:40 | 000,000,000 | ---- | C] () -- C:\Users\Katja\AppData\Roaming\downloads.m3u [2010.12.03 16:52:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.02.21 12:12:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.27 23:09:29 | 000,000,177 | ---- | C] () -- C:\Users\Katja\AppData\Roaming\default.rss ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:A4C0DDD1 < End of report > lieben dank! |
|
22.11.2012, 06:02
| #10 |
| /// Helfer-Team | Mbam logfile Wo bleibt der adwCleaner Bericht? Bitte Avira Funde posten: http://www.trojaner-board.de/125889-...tml#post941534 |
|
22.11.2012, 06:55
| #11 |
| | Mbam logfile Adware oder avira? |
|
22.11.2012, 07:24
| #12 |
| /// Helfer-Team | Mbam logfile Beides! |
|
22.11.2012, 07:33
| #13 |
| | Mbam logfile sorry...hab nicht richtig gelesen,und war verwirrt..weil du weiter oben von avira nichts gesagt hast. weiss nicht ob das jetzt noch reicht bevor ich zur arbeit gehe...aber ansonsten heute abend. hier aber schonmal adware :-) # AdwCleaner v2.008 - Datei am 22/11/2012 um 07:25:17 erstellt # Aktualisiert am 17/11/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : Katja - KATJA-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Katja\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Datei Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\g7e91yje.default\searchplugins\icqplugin.xml Datei Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\g7e91yje.default\searchplugins\icqplugin-1.xml Datei Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\g7e91yje.default\searchplugins\icqplugin-2.xml Datei Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\g7e91yje.default\searchplugins\Startsear.xml Datei Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\g7e91yje.default\searchplugins\SweetIm.xml Datei Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\posv2gdw.Katja Neu\searchplugins\Conduit.xml Datei Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\posv2gdw.Katja Neu\searchplugins\MyStart Search.xml Datei Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\posv2gdw.Katja Neu\searchplugins\SweetIm.xml Ordner Gelöscht : C:\Program Files\ICQ6Toolbar Ordner Gelöscht : C:\Program Files\incredibar.com Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Ordner Gelöscht : C:\Program Files\Perion Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\Users\Katja\AppData\Local\Babylon Ordner Gelöscht : C:\Users\Katja\AppData\LocalLow\BabylonToolbar Ordner Gelöscht : C:\Users\Katja\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Users\Katja\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Katja\AppData\LocalLow\incredibar.com Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\loadtbs Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\g7e91yje.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\g7e91yje.default\extensions\ffxtlbr@incredibar.com Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\g7e91yje.default\extensions\staged Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\posv2gdw.Katja Neu\Conduit Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\posv2gdw.Katja Neu\extensions\ffxtlbr@incredibar.com Ordner Gelöscht : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\posv2gdw.Katja Neu\SweetIMToolbarData ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\StartSearch Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F} Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BabylonToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=NT_ss&affID=100474&mntrId=07519eba00000000000000265e8c5f0c --> hxxp://www.google.com -\\ Mozilla Firefox v12.0 (de) Profilname : default Datei : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\g7e91yje.default\prefs.js Gelöscht : user_pref("browser.search.defaultenginename", "Web Search"); Gelöscht : user_pref("browser.startup.homepage", "hxxp://startsear.ch/?aff=1"); Gelöscht : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...] Gelöscht : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2"); Gelöscht : user_pref("extensions.veohsearchrecs.id", "e22b47c4e-4e7e-2046-bd69-add7d62425a"); Gelöscht : user_pref("extensions.veohsearchrecs.lastsitedate", "29"); Gelöscht : user_pref("extensions.veohsearchrecs.veohenabled", "false"); Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="[...] Gelöscht : user_pref("browser.search.defaultengine", "Web Search"); Gelöscht : user_pref("browser.search.order.1", "Web Search");# Mozilla User Preferences Gelöscht : user_pref("browser.search.defaultenginename", "Web Search"); Gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); Gelöscht : user_pref("browser.startup.homepage", "hxxp://startsear.ch/?aff=1"); Gelöscht : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...] Gelöscht : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2"); Gelöscht : user_pref("extensions.veohsearchrecs.id", "e22b47c4e-4e7e-2046-bd69-add7d62425a"); Gelöscht : user_pref("extensions.veohsearchrecs.lastsitedate", "29"); Gelöscht : user_pref("extensions.veohsearchrecs.veohenabled", "false"); Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="[...] Gelöscht : user_pref("browser.search.defaultengine", "Web Search"); Gelöscht : user_pref("browser.search.order.1", "Web Search");# Mozilla User Preferences Gelöscht : user_pref("browser.search.defaultenginename", "Web Search"); Gelöscht : user_pref("browser.startup.homepage", "hxxp://startsear.ch/?aff=1"); Gelöscht : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...] Gelöscht : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2"); Gelöscht : user_pref("extensions.veohsearchrecs.id", "e22b47c4e-4e7e-2046-bd69-add7d62425a"); Gelöscht : user_pref("extensions.veohsearchrecs.lastsitedate", "29"); Gelöscht : user_pref("extensions.veohsearchrecs.veohenabled", "false"); Gelöscht : user_pref("keyword.URL", "hxxp://startsear.ch/?aff=1&src=sp&cf=7fde735b-0239-11e1-a419-00269e20293a&[...] Gelöscht : user_pref("browser.search.defaultengine", "Web Search"); Gelöscht : user_pref("browser.search.order.1", "Web Search");# Mozilla User Preferences Gelöscht : user_pref("browser.search.defaultenginename", "Web Search"); Gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); Gelöscht : user_pref("browser.startup.homepage", "hxxp://startsear.ch/?aff=1"); Gelöscht : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...] Gelöscht : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2"); Gelöscht : user_pref("extensions.veohsearchrecs.id", "e22b47c4e-4e7e-2046-bd69-add7d62425a"); Gelöscht : user_pref("extensions.veohsearchrecs.lastsitedate", "29"); Gelöscht : user_pref("extensions.veohsearchrecs.veohenabled", "false"); Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="[...] Gelöscht : user_pref("browser.search.defaultengine", "Web Search"); Gelöscht : user_pref("browser.search.order.1", "Web Search"); Profilname : Katja Neu [Profil par défaut] Datei : C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\posv2gdw.Katja Neu\prefs.js Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 3); Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE"); Gelöscht : user_pref("extensions.BabylonToolbar.firstRun", false); Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "34D02ECCDB2ED05679ED88919F39BC25"); Gelöscht : user_pref("extensions.BabylonToolbar.lastActv", "3"); Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 3); Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q="); Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false"); Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=07[...] Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...] Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10"); Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{534DF8D4-D598-11E0-B405-00269E20293A}"); Gelöscht : user_pref("sweetim.toolbar.version", "1.2.0.2"); -\\ Google Chrome v23.0.1271.64 Datei : C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.8] : homepage = "hxxp://startsear.ch/?aff=1", Gelöscht [l.12] : urls_to_restore_on_startup = [ "hxxp://startsear.ch/?aff=1", "hxxp://www.google.com/" ] Gelöscht [l.1751] : homepage = "hxxp://startsear.ch/?aff=1", Gelöscht [l.2349] : urls_to_restore_on_startup = [ "hxxp://startsear.ch/?aff=1", "hxxp://www.google.com/" ] ************************* AdwCleaner[S1].txt - [13451 octets] - [22/11/2012 07:25:17] ########## EOF - C:\AdwCleaner[S1].txt - [13512 octets] ########## leider kann ich wohl aus avira nicht exportieren. es sollte sich da doch dann ein fensterchen öffnen, richtig? tut es leider nicht :-/ |
|
22.11.2012, 14:07
| #15 |
| | Mbam logfile ja, genau! aber wenn ich auf exportieren klicke..passiert nix. es geht weder ein fenster auf...noch kann ich das irgendwie anderweitig einfügen :-/ |
|
| Themen zu Mbam logfile |
| administrator, ahnung, aktion, anti-malware, appdata, autostart, dateien, dateisystem, durchgeführt, explorer, file, files, firefox, guten, heuristiks/extra, heuristiks/shuriken, html, infizierte, install.exe, logfile, mbam, mozilla, plugins, roaming, service, speicher, super, uninstall.exe, version, zusammen |
Linear-Darstellung
