|
Plagegeister aller Art und deren Bekämpfung: Internetseiten-FehlerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.11.2012, 18:28 | #16 |
| Internetseiten-Fehler wie mache ich schritt drei denn? Tut mir leid wie gesagt habe gar keine ahnung |
23.11.2012, 18:39 | #17 |
/// TB-Ausbilder | Internetseiten-Fehler Deswegen haben wir eine Anleitung die man lesen sollte.
__________________Liste der installierten Programme (Combofix) Bitte suche und poste mir die folgende Datei:
__________________ |
23.11.2012, 19:04 | #18 |
| Internetseiten-FehlerCode:
ATTFilter Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Age of Empires III Angry Birds Angry Birds Rio Angry Birds Space Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager Avira Free Antivirus Bing Rewards Client Installer Bonjour Broadcom 2070 Bluetooth 3.0 Broadcom 802.11 Wireless LAN Adapter Catalyst Control Center - Branding Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cogs GO Lite Conduit Engine Corel Home Office Corel Home Office - CS Templates Corel Home Office - CT Templates Corel Home Office - IPM Corel Home Office - JP Templates Corel Home Office - KR Templates Corel Home Office - Launcher Corel Home Office - Templates RU Corel Home Office - Templates1 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Empire Earth Empire Earth Gold Energy Star Digital Logo Far Cry 2 Free Audio CD Burner version 1.4 Free NaturalReader Free Studio version 5.7.3.916 Free YouTube Download version 2.10.33.324 Free YouTube to MP3 Converter version 3.8 Grand Theft Auto San Andreas Grand Theft Auto Vice City HP Advisor HP Customer Experience Enhancements HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät HP Deskjet 3050 J610 series Hilfe HP Documentation HP ESU for Microsoft Windows 7 HP HotKey Support HP Photo Creations HP Setup HP SoftPaq Download Manager HP Software Framework HP Software Setup HP Update HP Web Camera HP Webcam HP Webcam Driver HP Wireless Assistant iCloud IDT Audio iTunes LightScribe System Software Microsoft .NET Framework 4 Client Profile Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office 2010 Language Pack Service Pack 1 (SP1) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Groove MUI (German) 2010 Microsoft Office InfoPath MUI (German) 2010 Microsoft Office Klick-und-Los 2010 Microsoft Office Language Pack 2010 - German/Deutsch Microsoft Office O MUI (German) 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office SharePoint Designer MUI (German) 2010 Microsoft Office Starter 2010 - Deutsch Microsoft Office Word 2010 Microsoft Office Word MUI (English) 2010 Microsoft Office Word MUI (German) 2010 Microsoft Office X MUI (German) 2010 Microsoft PowerPoint 2010 Microsoft PowerPoint Viewer Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Word 2010 Mozilla Firefox 16.0.2 (x86 de) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Need for Speed Underground 2 OpenAL PDF Complete Special Edition PunkBuster Services QuickTime Realtek Ethernet Controller All-In-One Windows Driver Remote Mouse version 1.50 RocketDock 1.3.5 Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Steamless Counter Strike Source Pack Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten Synaptics Pointing Device Driver System Explorer 3.2.1 Uninstall 1.0.0.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition USB PC Camera (SN9C101) VC80CRTRedist - 8.0.50727.6195 VirtualCloneDrive VLC media player 1.1.6 Vokabel Trainer 5 Windows 7 Default Setting Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mesh ActiveX control for remote connections Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.01 (32-Bit) WinZip 14.5 |
23.11.2012, 19:13 | #19 |
/// TB-Ausbilder | Internetseiten-Fehler Sieht gut aus, dann müssen wir jetzt noch ein paar Überreste entfernen: Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen Schritt 2: Kontrollscan mit OTL Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
23.11.2012, 19:49 | #20 |
| Internetseiten-FehlerCode:
ATTFilter OTL logfile created on: 11/23/2012 7:28:05 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robi\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 764.56 Mb Total Physical Memory | 135.64 Mb Available Physical Memory | 17.74% Memory free 1.75 Gb Paging File | 0.56 Gb Available in Paging File | 31.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 215.59 Gb Total Space | 83.14 Gb Free Space | 38.56% Space Free | Partition Type: NTFS Drive F: | 1.99 Gb Total Space | 0.00 Gb Free Space | 0.12% Space Free | Partition Type: FAT32 Computer Name: ROBI-HP | User Name: Robi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Robi\Downloads\OTL(1).exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Remote Mouse\server\server.exe () PRC - C:\Program Files\Remote Mouse\RemoteMouse.exe () PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Windows NT\Accessories\WORDPAD.EXE (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\lpksetup.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\RocketDock\RocketDock.exe () ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Remote Mouse\server\server.exe () MOD - C:\Program Files\Remote Mouse\RemoteMouse.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\Remote Mouse\server\win32gui.pyd () MOD - C:\Program Files\Remote Mouse\server\win32api.pyd () MOD - C:\Program Files\Remote Mouse\server\pywintypes26.dll () MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll () MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll () MOD - C:\Program Files\Remote Mouse\server\_ctypes.pyd () MOD - C:\Program Files\Remote Mouse\server\_ssl.pyd () MOD - C:\Program Files\Remote Mouse\server\_socket.pyd () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll () MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files\Remote Mouse\server\autopy.mouse.pyd () MOD - C:\Program Files\Remote Mouse\server\autopy.key.pyd () MOD - C:\Program Files\RocketDock\RocketDock.exe () MOD - C:\Program Files\RocketDock\RocketDock.dll () ========== Services (SafeList) ========== SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe File not found SRV - (SystemStoreService) -- C:\Program Files\Freetec\SystemStore\SystemStore.exe () SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (catchme) -- C:\Users\Robi\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (mv2) -- C:\Windows\System32\drivers\mv2.sys (UVNC BVBA) DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC) DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC) DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{7FA1E07F-182B-4840-8746-1D4F740CCBA3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=2eddcdec-482e-487e-b9d2-d337c083fa0c&apn_sauid=16503CEE-24EC-4F95-9BC2-30168582F901 IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 18:46:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/28 18:46:47 | 000,000,000 | ---D | M] [2012/11/23 17:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Extensions [2012/11/23 18:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Firefox\Profiles\e7qdcxpt.default\extensions [2012/11/20 22:21:19 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\extension@preispilot.com.xpi [2012/10/11 12:06:25 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012/11/23 18:38:46 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012/11/23 14:59:58 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/11/21 11:53:59 | 000,001,632 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\firefox-add-ons.xml [2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-4.xml [2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-5.xml [2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-6.xml [2012/10/28 18:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012/10/28 18:46:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/04/16 18:51:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/02/15 15:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012/11/21 18:14:00 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/11/21 18:14:00 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/11/21 18:14:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/11/21 18:14:00 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/12/25 19:11:09 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src [2012/11/20 12:32:01 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/11/21 18:14:00 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/11/23 17:37:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [Remote Mouse] C:\Program Files\Remote Mouse\RemoteMouse.exe () O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4FCF358-0D16-48CE-8144-1A6C7EBEBD6C}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/23 17:42:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/23 17:42:00 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/11/23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\temp [2012/11/23 17:22:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/11/23 17:22:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/11/23 17:22:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/11/23 17:09:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/23 17:09:09 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012/11/23 16:49:42 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2012/11/23 16:49:18 | 000,000,000 | ---D | C] -- C:\JRT [2012/11/22 12:16:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{56F4D31D-2F68-4B81-8FE6-4F6101085ECD} [2012/11/22 11:55:12 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{66E052C8-5437-413C-8AC1-0CB48B0DB0BA} [2012/11/21 18:14:00 | 000,000,000 | ---D | C] -- C:\windows\System32\IO [2012/11/21 16:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/11/20 12:32:34 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\windows\System32\dhRichClient3.dll [2012/11/20 12:32:11 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon [2012/11/20 12:32:01 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Opera [2012/11/20 12:31:51 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\OCS [2012/11/20 12:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\SelfUpdater [2012/11/20 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Bloson [2012/11/19 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\Robi\Desktop\päda filmr fotos [2012/11/09 06:36:20 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{23ABBB6E-6153-4E10-9C0F-8A4C7CFA2B33} [2012/11/08 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\Robi\Documents\GTA San Andreas User Files [2012/11/08 08:04:59 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{449D7202-ACCA-46FD-A049-6FA5561DDDE6} [2012/11/07 16:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [2012/10/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011/03/15 16:12:29 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Robi\JavaSetup6u24.exe [2011/02/17 19:45:10 | 008,417,616 | ---- | C] (Mozilla) -- C:\Users\Robi\Firefox_Setup_3.6.13.exe [2011/02/07 17:25:15 | 060,458,664 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeStudio.exe [2011/01/30 18:36:11 | 008,417,616 | ---- | C] (Mozilla) -- C:\Program Files\Firefox.exe [10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/23 19:33:57 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/23 19:33:57 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/23 19:23:26 | 000,000,314 | ---- | M] () -- C:\windows\tasks\asilfsat.job [2012/11/23 19:23:10 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl [2012/11/23 19:23:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/11/23 19:22:56 | 801,697,792 | -HS- | M] () -- C:\hiberfil.sys [2012/11/23 17:37:55 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2012/11/23 15:01:39 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012/11/22 13:21:13 | 000,007,250 | ---- | M] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp [2012/11/22 12:21:02 | 000,654,844 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/11/22 12:21:02 | 000,616,686 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/11/22 12:21:02 | 000,130,426 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/11/22 12:21:02 | 000,106,808 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/11/21 23:05:20 | 000,211,168 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg [2012/11/21 23:03:25 | 000,203,440 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg [2012/11/21 23:01:38 | 000,370,461 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg [2012/11/21 22:59:28 | 000,361,755 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg [2012/11/21 22:57:34 | 000,327,275 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg [2012/11/21 22:52:42 | 000,289,663 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg [2012/11/21 22:50:54 | 000,276,004 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg [2012/11/21 22:47:21 | 000,343,463 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg [2012/11/21 22:45:59 | 000,306,644 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg [2012/11/21 22:43:07 | 000,180,681 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg [2012/11/21 22:41:51 | 000,292,828 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg [2012/11/21 22:40:39 | 000,234,454 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg [2012/11/21 22:39:14 | 000,240,593 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg [2012/11/21 22:37:58 | 000,337,336 | ---- | M] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg [2012/11/21 16:27:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt [2012/11/18 19:23:40 | 000,339,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/11/09 08:38:08 | 000,000,316 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForRobi.job [2012/11/07 16:19:00 | 000,119,300 | -H-- | M] () -- C:\windows\System32\mlfcache.dat [2012/11/03 11:35:40 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat [10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/23 17:22:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/11/23 17:22:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/11/23 17:22:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/11/23 17:22:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/11/23 17:22:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/11/22 13:21:13 | 000,007,250 | ---- | C] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp [2012/11/21 23:05:20 | 000,211,168 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg [2012/11/21 23:03:25 | 000,203,440 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg [2012/11/21 23:01:37 | 000,370,461 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg [2012/11/21 22:59:28 | 000,361,755 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg [2012/11/21 22:57:34 | 000,327,275 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg [2012/11/21 22:52:41 | 000,289,663 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg [2012/11/21 22:50:54 | 000,276,004 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg [2012/11/21 22:47:21 | 000,343,463 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg [2012/11/21 22:45:59 | 000,306,644 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg [2012/11/21 22:43:07 | 000,180,681 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg [2012/11/21 22:41:50 | 000,292,828 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg [2012/11/21 22:40:39 | 000,234,454 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg [2012/11/21 22:39:13 | 000,240,593 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg [2012/11/21 22:37:57 | 000,337,336 | ---- | C] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg [2012/11/20 12:32:34 | 000,338,432 | ---- | C] () -- C:\windows\System32\sqlite36_engine.dll [2012/11/17 22:23:14 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/17 22:22:38 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/07 16:07:32 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012/11/03 11:35:40 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat [2012/09/17 21:02:28 | 000,001,652 | ---- | C] () -- C:\windows\System32\ASOROSet.bin [2012/09/03 20:25:13 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI [2012/07/22 19:46:16 | 000,000,000 | ---- | C] () -- C:\windows\appXYqt3.ini [2012/06/17 23:40:45 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r06 [2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r05 [2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r04 [2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r03 [2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r02 [2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r01 [2012/06/17 23:40:38 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r00 [2012/06/17 23:40:38 | 000,009,006 | ---- | C] () -- C:\Users\Robi\aoe-project.nfo [2012/05/13 18:11:07 | 000,119,300 | -H-- | C] () -- C:\windows\System32\mlfcache.dat [2012/04/27 17:19:28 | 000,027,969 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\UserTile.png [2012/04/24 10:12:02 | 000,139,264 | ---- | C] () -- C:\windows\System32\usbceipi.dll [2012/03/20 21:21:18 | 000,000,046 | ---- | C] () -- C:\windows\QTW.INI [2012/02/21 10:51:49 | 000,000,190 | ---- | C] () -- C:\windows\cncscore.ini [2012/02/17 18:30:29 | 000,286,720 | ---- | C] () -- C:\windows\vsnpstd.exe [2012/02/17 18:30:28 | 000,053,248 | ---- | C] () -- C:\windows\System32\dsnpstd.dll [2012/02/17 18:30:19 | 000,061,440 | ---- | C] ( ) -- C:\windows\System32\rsnpstd.dll [2012/01/29 21:29:47 | 000,000,109 | ---- | C] () -- C:\windows\disney.ini [2011/11/17 19:11:31 | 000,000,236 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E} [2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys [2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\PnkBstrK.sys [2011/10/26 16:04:32 | 000,111,928 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe [2011/10/26 16:04:14 | 002,793,768 | ---- | C] () -- C:\windows\System32\pbsvc.exe [2011/10/26 16:04:14 | 000,066,872 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe [2011/08/02 10:34:12 | 000,000,528 | R--- | C] () -- C:\Program Files\MediaID.bin [2011/07/27 19:48:14 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll [2011/07/27 19:48:14 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll [2011/07/27 19:48:14 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll [2011/07/27 19:46:30 | 000,000,228 | ---- | C] () -- C:\windows\SIERRA.INI [2011/07/21 21:18:46 | 000,000,236 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2011/06/23 21:02:37 | 000,137,216 | ---- | C] () -- C:\windows\epuninstall.exe [2011/04/24 17:21:37 | 000,000,032 | ---- | C] () -- C:\windows\Menu.INI [2011/04/09 20:30:55 | 000,001,849 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\GhostObjGAFix.xml [2011/03/14 15:18:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/01/30 19:14:14 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2011/01/28 23:32:28 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/08/17 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Ashampoo [2012/11/20 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Bloson [2012/04/30 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DAEMON Tools Lite [2011/11/17 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Degener [2012/11/21 18:15:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon [2011/06/23 14:49:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\GetRightToGo [2012/03/24 23:38:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Lazy 8 Studios [2011/10/14 16:23:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Leadertech [2012/11/20 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OCS [2012/04/16 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenOffice.org [2012/11/20 12:32:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Opera [2012/04/07 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Rovio [2012/04/24 18:48:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies [2012/04/24 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies Inc [2012/09/17 13:56:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SoftGrid Client [2011/10/01 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SpringLobby [2011/10/01 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\springsettings [2011/01/30 08:27:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\supertuxkart [2011/10/24 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Teeworlds [2012/10/14 14:02:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Tonido [2011/01/28 23:08:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\TP [2011/05/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Visan [2011/10/01 11:23:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows Live Writer [2012/03/25 22:34:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows SideBar ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Code:
ATTFilter Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! AntiVir Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.4.402.265 Mozilla Firefox (16.0.2) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` ein ganz ganz herzlichen dank von mir Du hast mir echt super geholfen!! lg Kevin Der fehler ist aber immer noch?( |
23.11.2012, 21:00 | #21 | |
/// TB-Ausbilder | Internetseiten-Fehler Schneller machen wir ihn am Schluß, wenn das BÖÖÖSE weg ist Schritt 1: Fix mit OTL Schritt 2: Deinstalliere den alten Flashplayer Schritt 3: Kontrollscan mit OTL Schritt 4: Scan mit SecurityCheck Downloade Dir bitte SecurityCheckSchritt 5: Besteht das Problem jetzt noch?
__________________ --> Internetseiten-Fehler |
23.11.2012, 21:46 | #22 |
| Internetseiten-FehlerCode:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7FA1E07F-182B-4840-8746-1D4F740CCBA3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FA1E07F-182B-4840-8746-1D4F740CCBA3}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//FWEvent.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ deleted successfully. Invalid CLSID key: * Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ not found. Invalid CLSID key: * Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found. ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Robi\Downloads\cmd.bat deleted successfully. C:\Users\Robi\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Robi ->Temp folder emptied: 1160905 bytes ->Temporary Internet Files folder emptied: 48630359 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 104509351 bytes ->Apple Safari cache emptied: 5618688 bytes ->Flash cache emptied: 3888361 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8842 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 156.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11232012_211545 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter OTL logfile created on: 11/23/2012 9:30:33 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robi\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 764.56 Mb Total Physical Memory | 121.01 Mb Available Physical Memory | 15.83% Memory free 1.75 Gb Paging File | 0.54 Gb Available in Paging File | 30.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 215.59 Gb Total Space | 82.96 Gb Free Space | 38.48% Space Free | Partition Type: NTFS Drive F: | 1.99 Gb Total Space | 0.00 Gb Free Space | 0.12% Space Free | Partition Type: FAT32 Computer Name: ROBI-HP | User Name: Robi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Robi\Downloads\OTL(2).exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Remote Mouse\server\server.exe () PRC - C:\Program Files\Remote Mouse\RemoteMouse.exe () PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\RocketDock\RocketDock.exe () ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Remote Mouse\server\server.exe () MOD - C:\Program Files\Remote Mouse\RemoteMouse.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\Remote Mouse\server\win32gui.pyd () MOD - C:\Program Files\Remote Mouse\server\win32api.pyd () MOD - C:\Program Files\Remote Mouse\server\pywintypes26.dll () MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll () MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll () MOD - C:\Program Files\Remote Mouse\server\_ctypes.pyd () MOD - C:\Program Files\Remote Mouse\server\_ssl.pyd () MOD - C:\Program Files\Remote Mouse\server\_socket.pyd () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll () MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files\Remote Mouse\server\autopy.mouse.pyd () MOD - C:\Program Files\Remote Mouse\server\autopy.key.pyd () MOD - C:\Program Files\RocketDock\RocketDock.exe () MOD - C:\Program Files\RocketDock\RocketDock.dll () ========== Services (SafeList) ========== SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe File not found SRV - (SystemStoreService) -- C:\Program Files\Freetec\SystemStore\SystemStore.exe () SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (catchme) -- C:\Users\Robi\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (mv2) -- C:\Windows\System32\drivers\mv2.sys (UVNC BVBA) DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC) DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC) DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 18:46:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/28 18:46:47 | 000,000,000 | ---D | M] [2012/11/23 17:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Extensions [2012/11/23 18:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Firefox\Profiles\e7qdcxpt.default\extensions [2012/11/20 22:21:19 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\extension@preispilot.com.xpi [2012/10/11 12:06:25 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012/11/23 18:38:46 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012/11/23 14:59:58 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/11/21 11:53:59 | 000,001,632 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\firefox-add-ons.xml [2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-4.xml [2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-5.xml [2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-6.xml [2012/10/28 18:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012/10/28 18:46:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/04/16 18:51:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/02/15 15:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012/11/21 18:14:00 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/11/21 18:14:00 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/11/21 18:14:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/11/21 18:14:00 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/12/25 19:11:09 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src [2012/11/20 12:32:01 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/11/21 18:14:00 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/11/23 17:37:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [Remote Mouse] C:\Program Files\Remote Mouse\RemoteMouse.exe () O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4FCF358-0D16-48CE-8144-1A6C7EBEBD6C}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/23 21:15:45 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/23 17:42:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/23 17:42:00 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/11/23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\temp [2012/11/23 17:22:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/11/23 17:22:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/11/23 17:22:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/11/23 17:09:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/23 17:09:09 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012/11/23 16:49:42 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2012/11/23 16:49:18 | 000,000,000 | ---D | C] -- C:\JRT [2012/11/22 12:16:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{56F4D31D-2F68-4B81-8FE6-4F6101085ECD} [2012/11/22 11:55:12 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{66E052C8-5437-413C-8AC1-0CB48B0DB0BA} [2012/11/21 18:14:00 | 000,000,000 | ---D | C] -- C:\windows\System32\IO [2012/11/21 16:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/11/20 12:32:34 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\windows\System32\dhRichClient3.dll [2012/11/20 12:32:11 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon [2012/11/20 12:32:01 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Opera [2012/11/20 12:31:51 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\OCS [2012/11/20 12:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\SelfUpdater [2012/11/20 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Bloson [2012/11/19 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\Robi\Desktop\päda filmr fotos [2012/11/09 06:36:20 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{23ABBB6E-6153-4E10-9C0F-8A4C7CFA2B33} [2012/11/08 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\Robi\Documents\GTA San Andreas User Files [2012/11/08 08:04:59 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{449D7202-ACCA-46FD-A049-6FA5561DDDE6} [2012/11/07 16:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [2012/10/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011/03/15 16:12:29 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Robi\JavaSetup6u24.exe [2011/02/17 19:45:10 | 008,417,616 | ---- | C] (Mozilla) -- C:\Users\Robi\Firefox_Setup_3.6.13.exe [2011/02/07 17:25:15 | 060,458,664 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeStudio.exe [2011/01/30 18:36:11 | 008,417,616 | ---- | C] (Mozilla) -- C:\Program Files\Firefox.exe ========== Files - Modified Within 30 Days ========== [2012/11/23 21:26:59 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/23 21:26:59 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/23 21:18:59 | 000,000,314 | ---- | M] () -- C:\windows\tasks\asilfsat.job [2012/11/23 21:18:44 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl [2012/11/23 21:18:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/11/23 21:18:30 | 801,697,792 | -HS- | M] () -- C:\hiberfil.sys [2012/11/23 17:37:55 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2012/11/23 15:01:39 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012/11/22 13:21:13 | 000,007,250 | ---- | M] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp [2012/11/22 12:21:02 | 000,654,844 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/11/22 12:21:02 | 000,616,686 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/11/22 12:21:02 | 000,130,426 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/11/22 12:21:02 | 000,106,808 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/11/21 23:05:20 | 000,211,168 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg [2012/11/21 23:03:25 | 000,203,440 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg [2012/11/21 23:01:38 | 000,370,461 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg [2012/11/21 22:59:28 | 000,361,755 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg [2012/11/21 22:57:34 | 000,327,275 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg [2012/11/21 22:52:42 | 000,289,663 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg [2012/11/21 22:50:54 | 000,276,004 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg [2012/11/21 22:47:21 | 000,343,463 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg [2012/11/21 22:45:59 | 000,306,644 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg [2012/11/21 22:43:07 | 000,180,681 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg [2012/11/21 22:41:51 | 000,292,828 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg [2012/11/21 22:40:39 | 000,234,454 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg [2012/11/21 22:39:14 | 000,240,593 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg [2012/11/21 22:37:58 | 000,337,336 | ---- | M] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg [2012/11/21 16:27:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt [2012/11/18 19:23:40 | 000,339,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/11/09 08:38:08 | 000,000,316 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForRobi.job [2012/11/07 16:19:00 | 000,119,300 | -H-- | M] () -- C:\windows\System32\mlfcache.dat [2012/11/03 11:35:40 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat ========== Files Created - No Company Name ========== [2012/11/23 17:22:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/11/23 17:22:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/11/23 17:22:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/11/23 17:22:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/11/23 17:22:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/11/22 13:21:13 | 000,007,250 | ---- | C] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp [2012/11/21 23:05:20 | 000,211,168 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg [2012/11/21 23:03:25 | 000,203,440 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg [2012/11/21 23:01:37 | 000,370,461 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg [2012/11/21 22:59:28 | 000,361,755 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg [2012/11/21 22:57:34 | 000,327,275 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg [2012/11/21 22:52:41 | 000,289,663 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg [2012/11/21 22:50:54 | 000,276,004 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg [2012/11/21 22:47:21 | 000,343,463 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg [2012/11/21 22:45:59 | 000,306,644 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg [2012/11/21 22:43:07 | 000,180,681 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg [2012/11/21 22:41:50 | 000,292,828 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg [2012/11/21 22:40:39 | 000,234,454 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg [2012/11/21 22:39:13 | 000,240,593 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg [2012/11/21 22:37:57 | 000,337,336 | ---- | C] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg [2012/11/20 12:32:34 | 000,338,432 | ---- | C] () -- C:\windows\System32\sqlite36_engine.dll [2012/11/17 22:23:14 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/17 22:22:38 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/07 16:07:32 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012/11/03 11:35:40 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat [2012/09/17 21:02:28 | 000,001,652 | ---- | C] () -- C:\windows\System32\ASOROSet.bin [2012/09/03 20:25:13 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI [2012/07/22 19:46:16 | 000,000,000 | ---- | C] () -- C:\windows\appXYqt3.ini [2012/06/17 23:40:45 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r06 [2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r05 [2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r04 [2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r03 [2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r02 [2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r01 [2012/06/17 23:40:38 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r00 [2012/06/17 23:40:38 | 000,009,006 | ---- | C] () -- C:\Users\Robi\aoe-project.nfo [2012/05/13 18:11:07 | 000,119,300 | -H-- | C] () -- C:\windows\System32\mlfcache.dat [2012/04/27 17:19:28 | 000,027,969 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\UserTile.png [2012/03/20 21:21:18 | 000,000,046 | ---- | C] () -- C:\windows\QTW.INI [2012/02/21 10:51:49 | 000,000,190 | ---- | C] () -- C:\windows\cncscore.ini [2012/02/17 18:30:29 | 000,286,720 | ---- | C] () -- C:\windows\vsnpstd.exe [2012/02/17 18:30:28 | 000,053,248 | ---- | C] () -- C:\windows\System32\dsnpstd.dll [2012/02/17 18:30:19 | 000,061,440 | ---- | C] ( ) -- C:\windows\System32\rsnpstd.dll [2012/01/29 21:29:47 | 000,000,109 | ---- | C] () -- C:\windows\disney.ini [2011/11/17 19:11:31 | 000,000,236 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E} [2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys [2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\PnkBstrK.sys [2011/10/26 16:04:32 | 000,111,928 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe [2011/10/26 16:04:14 | 002,793,768 | ---- | C] () -- C:\windows\System32\pbsvc.exe [2011/10/26 16:04:14 | 000,066,872 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe [2011/08/02 10:34:12 | 000,000,528 | R--- | C] () -- C:\Program Files\MediaID.bin [2011/07/27 19:48:14 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll [2011/07/27 19:48:14 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll [2011/07/27 19:48:14 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll [2011/07/27 19:46:30 | 000,000,228 | ---- | C] () -- C:\windows\SIERRA.INI [2011/07/21 21:18:46 | 000,000,236 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2011/06/23 21:02:37 | 000,137,216 | ---- | C] () -- C:\windows\epuninstall.exe [2011/04/24 17:21:37 | 000,000,032 | ---- | C] () -- C:\windows\Menu.INI [2011/04/09 20:30:55 | 000,001,849 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\GhostObjGAFix.xml [2011/03/14 15:18:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/01/30 19:14:14 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2011/01/28 23:32:28 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/08/17 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Ashampoo [2012/11/20 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Bloson [2012/04/30 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DAEMON Tools Lite [2011/11/17 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Degener [2012/11/21 18:15:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon [2011/06/23 14:49:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\GetRightToGo [2012/03/24 23:38:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Lazy 8 Studios [2011/10/14 16:23:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Leadertech [2012/11/20 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OCS [2012/04/16 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenOffice.org [2012/11/20 12:32:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Opera [2012/04/07 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Rovio [2012/04/24 18:48:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies [2012/04/24 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies Inc [2012/09/17 13:56:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SoftGrid Client [2011/10/01 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SpringLobby [2011/10/01 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\springsettings [2011/01/30 08:27:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\supertuxkart [2011/10/24 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Teeworlds [2012/10/14 14:02:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Tonido [2011/01/28 23:08:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\TP [2011/05/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Visan [2011/10/01 11:23:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows Live Writer [2012/03/25 22:34:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows SideBar ========== Purity Check ========== < End of report > Code:
ATTFilter Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x86 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! AntiVir Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Mozilla Firefox (16.0.2) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
23.11.2012, 21:50 | #23 | ||||
/// TB-Ausbilder | Internetseiten-Fehler YAY! Dann Avira-UPdate noch und ... dannn ... Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren
Schritt 2: ESET deinstallieren (Optional) Abschließend noch Tipps zu folgenden Themen:
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
23.11.2012, 22:18 | #24 |
| Internetseiten-FehlerCode:
ATTFilter # AdwCleaner v6.2 - Datei am 23/11/2012 um 22:17:23 erstellt # Aktualisiert am 11/11/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : Robi - ROBI-HP # Ausgeführt unter : C:\Users\Robi\Downloads\delfix.exe # Option [Löschen] ~~~~~~ Ordner ~~~~~~ Gelöscht : C:\JRT Gelöscht : C:\_OTL ~~~~~~ Datei(en) ~~~~~~ Gelöscht : C:\AdwCleaner[S1].txt Gelöscht : C:\Users\Robi\Desktop\JRT.txt Gelöscht : C:\Users\Robi\Downloads\adwcleaner.exe Gelöscht : C:\Users\Robi\Downloads\Extras.Txt Gelöscht : C:\Users\Robi\Downloads\JRT(1).exe Gelöscht : C:\Users\Robi\Downloads\JRT.exe Gelöscht : C:\Users\Robi\Downloads\OTL.Txt Gelöscht : C:\Users\Robi\Downloads\OTL(1).exe Gelöscht : C:\Users\Robi\Downloads\OTL(2).exe Gelöscht : C:\Users\Robi\Downloads\OTL.exe Gelöscht : C:\Users\Robi\Downloads\SecurityCheck(1).exe Gelöscht : C:\Users\Robi\Downloads\SecurityCheck.exe ~~~~~~ Registrierungsdatenbank ~~~~~~ Schlüssel gelöscht : HKLM\SOFTWARE\OldTimer Tools Schlüssel gelöscht : HKLM\SOFTWARE\AdwCleaner Schlüssel gelöscht : HKLM\SOFTWARE\Swearware ~~~~~~ Sonstiges ~~~~~~ -> Prefetch Geleert ************************* DelFix[S1].txt - [1199 octets] - [23/11/2012 22:17:23] ########## EOF - C:\DelFix[S1].txt - [1323 octets] ########## |
23.11.2012, 22:31 | #25 |
/// TB-Ausbilder | Internetseiten-Fehler Da steht "falls" und ESET haben wir irgendwie übersehen
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
23.11.2012, 22:32 | #26 |
| Internetseiten-Fehler Ich danke dir für diese nette und sehr hilfsreiche Hilfe!! Ich werde auf jeden fall etwas spenden! Die letzte frage die ich noch habe, ist wo ich den adobe flash player jetzt runterladen soll? Mit freundlichem gruß Kevin! |
23.11.2012, 22:35 | #27 |
/// TB-Ausbilder | Internetseiten-Fehler Der Link in meinem letzten Post müßte funktoinieren. Schön, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
Themen zu Internetseiten-Fehler |
als startseite, andere, dauert, firefox, google, inter, interne, internetseite, klicke, kurze, leitet, leute, links, mozilla, mozilla firefox, problem, richtig, schonmal, seite, startseite, werbeseite, werbeseiten |