| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: click to continue by savings sidekickWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.11.2012, 00:08
| #1 |
 |  click to continue by savings sidekick Hallo liebe Moderatoren, wie so viele habe auch ich immer gehofft Euch nicht zu benötigen. Leider war diese Vermutung ein Trugschluss. Ich habe vor wenigen Tagen im Firefox ein Add-On entdeckt welches sich "savings sidekick" nannte. Aufgefallen ist es mir am 22. November als ich in einem Forum unterstrichene Worte sah. Durch eine Telefongespräch mit dem Forumsbetreiber bekam ich den Hinweis dass ich wohl einen "Fehler" im Firefox hätte. Daraufhin schaute ich mir die Seite mit dem Browser Safari an, dort war nichts zu sehen. Also habe ich go**** bemüht und las den Hinweis mir einmal die Firefox Add-Ons genauer anzusehen. Ich sah dort das "es" sich am 16. November eingenistete. Ich entfernte "savings sidekick" als Add-On und starete den Rechner neu. Danach war "savings sidekick" aus Firefox entfernt. Jedoch glaubte ich nicht dass das alles gewesen sein soll, also schaute ich auf Eurer Seite nach. Und Bingo :-( ich sollte leider Recht behalten. Nach einem Scan mit Malwarebytes war es klar. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.27.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 xxxx :: xxxx-PC [Administrator] 27.11.2012 21:06:42 mbam-log-2012-11-27 (21-06-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 255915 Laufzeit: 5 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 9 HKCR\CLSID\{11111111-1111-1111-1111-110011501160} (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{44444444-4444-4444-4444-440044504460} (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{55555555-5555-5555-5555-550055505560} (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0005060.BHO.1 (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160} (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Daten: Savings Sidekick -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Savings Sidekick (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 10 C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Savings Sidekick\Savings SidekickInstaller.log (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Savings Sidekick\ButtonUtil.dll (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Savings Sidekick\Savings Sidekick-bg.exe (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.exe (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.ico (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.ini (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Savings Sidekick\Uninstall.exe (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xxxx\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende)  Code:
ATTFilter OTL logfile created on: 27.11.2012 22:59:42 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hele\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 3,84 Gb Available Physical Memory | 63,97% Memory free 12,00 Gb Paging File | 9,73 Gb Available in Paging File | 81,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 228,56 Gb Free Space | 24,54% Space Free | Partition Type: NTFS Computer Name: Hele-PC | User Name: Hele | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.27 22:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hele\Desktop\OTL.exe PRC - [2012.11.20 07:16:04 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.11.09 13:05:07 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe PRC - [2012.11.09 12:59:02 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012.11.09 12:59:02 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe PRC - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe PRC - [2012.10.10 04:51:06 | 010,415,008 | ---- | M] (NTeWORKS) -- C:\Program Files (x86)\PicPick\picpick.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.11.03 03:11:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE PRC - [2010.04.02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.11.20 07:16:18 | 002,400,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.09 13:05:06 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll MOD - [2012.11.09 12:59:03 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll MOD - [2012.11.09 12:59:02 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012.11.09 12:59:02 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll MOD - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe MOD - [2012.11.02 19:59:20 | 002,139,168 | ---- | M] () -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.11.24 15:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.11.20 07:16:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 13:05:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.09 12:59:02 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager) SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.08.02 12:42:04 | 008,786,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2012.08.02 12:42:04 | 000,565,152 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.11.03 03:11:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2010.12.10 16:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.09 12:59:03 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.06.21 14:12:00 | 000,068,512 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter) DRV:64bit: - [2012.06.21 14:12:00 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf) DRV:64bit: - [2012.05.22 13:07:18 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.05.18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.27 05:32:20 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.08.27 05:32:20 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd) DRV:64bit: - [2010.08.27 05:32:20 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2010.08.27 05:32:20 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2010.07.26 14:18:58 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2010.07.26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.11.24 15:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.18 11:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2010.07.26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [1999.10.13 14:19:20 | 000,012,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbscan.sys -- (usbscan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {699d7c86-b4fb-477b-b738-3d7a16439036} - C:\Program Files (x86)\Island-Forum\tbIsla.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4512_3&babsrc=HP_clro&mntrId=88f18f94000000000000406186292efb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={D74498D5-1FCC-4678-83DA-D662D8236DFB}&mid=a9eb25d8297147d092a49128c0cdc708-0f92206d30766c61a0e476dfd538e92fdc7dee00&lang=en&ds=bm013&pr=sa&d=2012-09-05 17:59:02&v=13.2.0.5&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A EF 97 98 72 FB CC 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {699d7c86-b4fb-477b-b738-3d7a16439036} - C:\Program Files (x86)\Island-Forum\tbIsla.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4512_3&babsrc=SP_clro&mntrId=88f18f94000000000000406186292efb IE - HKCU\..\SearchScopes\{482D0F30-8F15-4196-B9CC-FE1D26521EEC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={D74498D5-1FCC-4678-83DA-D662D8236DFB}&mid=a9eb25d8297147d092a49128c0cdc708-0f92206d30766c61a0e476dfd538e92fdc7dee00&lang=en&ds=bm013&pr=sa&d=2012-09-05 17:59:02&v=12.2.0.5&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{E4DD147D-1147-48C2-A882-262B75A206A9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-W1&o=100000080&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=JM&apn_dtid=YYYYYYYYDE&apn_uid=76caf8f0-cb63-4079-9288-35200330b8e1&apn_sauid=F72F764F-A2CF-4767-A9E4-5D9761D99B7F IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "Island und mehr... Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2693572&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bing.com/?cc=de" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: is%40dictionaries.addons.mozilla.org:1.3 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.3 FF - prefs.js..extensions.enabledAddons: %7B20cc25e2-48c9-45e1-9a1f-1ccc1882b81b%7D:1.9 FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.10 FF - prefs.js..extensions.enabledAddons: %7B699d7c86-b4fb-477b-b738-3d7a16439036%7D:3.16.0.3 FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.16.0.3 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.7 FF - prefs.js..extensions.enabledAddons: %7Bc36177c0-224a-11da-8cd6-0800200c9a91%7D:3.9.81 FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5 FF - prefs.js..extensions.enabledAddons: %7Bdfefbe51-ca52-484b-adf0-6b158b05262d%7D:2.4.897.175 FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.4.100015 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {699d7c86-b4fb-477b-b738-3d7a16439036}:3.4.1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2693572&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hele\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hele\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.09 13:00:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.27 18:26:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.17 19:49:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.17 19:49:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.11 17:30:46 | 000,000,000 | ---D | M] [2010.07.28 18:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\Extensions [2010.07.27 06:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.24 19:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions [2012.11.10 15:51:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.11.10 15:51:07 | 000,000,000 | ---D | M] (Island und mehr... Community Toolbar) -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{699d7c86-b4fb-477b-b738-3d7a16439036} [2012.11.09 13:00:30 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.11.22 19:36:08 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.16 18:09:08 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\ich@maltegoetz.de [2012.11.20 18:53:43 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\is@dictionaries.addons.mozilla.org [2012.08.26 12:47:38 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\toolbar@ask.com [2011.06.02 13:42:44 | 000,010,285 | ---- | M] () (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}.xpi [2012.10.11 08:11:03 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012.11.22 19:13:18 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.07.15 11:32:28 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2012.11.24 19:08:52 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.04.01 11:32:31 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012.04.01 11:32:41 | 000,002,411 | ---- | M] () -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\askcom.xml [2011.05.18 18:04:32 | 000,000,939 | ---- | M] () -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\conduit.xml [2012.11.26 19:39:22 | 000,001,610 | ---- | M] () -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\ixquick-https---deutsch.xml [2010.11.03 16:32:08 | 000,000,834 | ---- | M] () -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\lonely-planet-online.xml [2012.11.27 18:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.11 17:30:46 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.4.897.175\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION [2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.09 12:59:30 | 000,003,573 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.11.10 15:50:20 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4512_3&babsrc=HP_clro&mntrId=88f18f94000000000000406186292efb O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Island-Forum Toolbar) - {699d7c86-b4fb-477b-b738-3d7a16439036} - C:\Program Files (x86)\Island-Forum\tbIsla.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Island-Forum Toolbar) - {699d7c86-b4fb-477b-b738-3d7a16439036} - C:\Program Files (x86)\Island-Forum\tbIsla.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Island-Forum Toolbar) - {699D7C86-B4FB-477B-B738-3D7A16439036} - C:\Program Files (x86)\Island-Forum\tbIsla.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe (NTeWORKS) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Hele\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Hele\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.7.0_04) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236FDCB1-0D63-4919-8875-5408D003D4F9}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2df44f93-f587-11df-9530-406186292efb}\Shell - "" = AutoRun O33 - MountPoints2\{2df44f93-f587-11df-9530-406186292efb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.27 22:22:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hele\Desktop\OTL.exe [2012.11.27 21:05:42 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Roaming\Malwarebytes [2012.11.27 21:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.27 21:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.27 21:04:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.27 21:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.17 19:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.11.14 17:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\autostitch [2012.11.12 12:45:04 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Roaming\Media Player Classic [2012.11.10 17:46:00 | 000,000,000 | ---D | C] -- C:\Users\Hele\Documents\Videos [2012.11.10 16:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Vimeo Downloader [2012.11.10 16:14:05 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Roaming\KastorFreeVimeoDownloader [2012.11.10 16:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kastor Free Vimeo Downloader [2012.11.10 15:52:08 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Roaming\Claro [2012.11.10 15:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Claro LTD [2012.11.10 15:50:15 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Local\Savings Sidekick [2012.11.10 15:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.11.10 15:50:01 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Roaming\Babylon [2012.11.10 15:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.10 15:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012.11.10 15:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012.11.10 14:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.11.10 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Roaming\Leadertech [2012.10.29 23:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\EasyDownLight [2012.10.29 09:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.11.27 23:02:24 | 000,017,330 | ---- | M] () -- C:\Users\Hele\Desktop\Malwarebytes Scan 27112012.odt [2012.11.27 23:02:24 | 000,000,102 | -H-- | M] () -- C:\Users\Hele\Desktop\.~lock.Malwarebytes Scan 27112012.odt# [2012.11.27 22:57:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.27 22:54:46 | 000,021,698 | ---- | M] () -- C:\Users\Hele\Documents\TB anfrage.odt [2012.11.27 22:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.27 22:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hele\Desktop\OTL.exe [2012.11.27 22:20:23 | 000,000,000 | ---- | M] () -- C:\Users\Hele\defogger_reenable [2012.11.27 22:18:42 | 000,050,477 | ---- | M] () -- C:\Users\Hele\Desktop\Defogger.exe [2012.11.27 22:09:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320590840-971583442-1121360795-1004UA.job [2012.11.27 21:34:44 | 000,148,755 | ---- | M] () -- C:\Users\Hele\Desktop\Bild 3.png [2012.11.27 21:31:49 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 21:31:49 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 21:24:26 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.27 21:23:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.27 21:23:47 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys [2012.11.27 21:21:54 | 000,127,097 | ---- | M] () -- C:\Users\Hele\Desktop\Bild 2.png [2012.11.27 21:19:36 | 000,248,701 | ---- | M] () -- C:\Users\Hele\Desktop\Bild 1.png [2012.11.27 21:05:04 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.26 18:46:08 | 000,615,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.25 19:35:41 | 000,165,698 | ---- | M] () -- C:\Users\Hele\Desktop\Was guckst du.pdf [2012.11.25 15:28:10 | 010,058,285 | ---- | M] () -- C:\Users\Hele\Desktop\galileodesign_photoshop_elements_10_wolf.pdf [2012.11.25 15:09:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320590840-971583442-1121360795-1004Core.job [2012.11.22 18:20:14 | 000,001,331 | ---- | M] () -- C:\Users\Hele\Desktop\RouteConverterWindows64 - Verknüpfung.lnk [2012.11.22 18:18:41 | 000,001,150 | ---- | M] () -- C:\Users\Hele\Desktop\EasyDownLight - Verknüpfung.lnk [2012.11.22 18:18:03 | 000,001,123 | ---- | M] () -- C:\Users\Hele\Desktop\autostitch - Verknüpfung.lnk [2012.11.19 08:32:34 | 000,011,119 | ---- | M] () -- C:\Users\Hele\Documents\Widerspruch **** Sparkasse.odt [2012.11.19 08:30:53 | 001,657,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.19 08:30:53 | 000,715,260 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.19 08:30:53 | 000,666,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.19 08:30:53 | 000,155,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.19 08:30:53 | 000,125,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Hele\Desktop\Reflecta Scanner Reparatur 3 - Verknüpfung.lnk [2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Hele\Desktop\Reflecta Scanner Reparatur 2 - Verknüpfung.lnk [2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Hele\Desktop\Reflecta Scanner Reparatur 1 - Verknüpfung.lnk [2012.11.14 22:12:15 | 000,008,434 | ---- | M] () -- C:\Users\Hele\Desktop\316 - Verknüpfung.lnk [2012.11.14 22:12:11 | 000,008,434 | ---- | M] () -- C:\Users\Hele\Desktop\318 - Verknüpfung.lnk [2012.11.14 22:12:02 | 000,008,434 | ---- | M] () -- C:\Users\Hele\Desktop\304 - Verknüpfung.lnk [2012.11.14 22:11:34 | 000,008,434 | ---- | M] () -- C:\Users\Hele\Desktop\299 - Verknüpfung.lnk [2012.11.14 22:11:03 | 000,008,434 | ---- | M] () -- C:\Users\Hele\Desktop\291 - Verknüpfung.lnk [2012.11.14 22:10:41 | 000,008,434 | ---- | M] () -- C:\Users\Hele\Desktop\286 - Verknüpfung.lnk [2012.11.14 17:53:01 | 001,079,825 | ---- | M] () -- C:\Users\Hele\Desktop\autostitch.zip [2012.11.10 13:40:09 | 000,171,426 | ---- | M] () -- C:\Users\Hele\Desktop\Bild 3.jpg [2012.11.10 13:14:04 | 000,059,867 | ---- | M] () -- C:\Users\Hele\Documents\Die besten 50 Mitarbeiter des Unternehmens 2011_12 20121105134048.pdf [2012.11.09 12:59:03 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012.11.04 12:42:01 | 000,009,922 | ---- | M] () -- C:\Users\Hele\Documents\Euro NCAP Test und ADAC Bericht.ods [2012.10.29 23:48:58 | 000,000,205 | ---- | M] () -- C:\Users\Hele\AppData\Roaming\default.rss ========== Files Created - No Company Name ========== [2012.11.27 23:01:39 | 000,000,102 | -H-- | C] () -- C:\Users\Hele\Desktop\.~lock.Malwarebytes Scan 27112012.odt# [2012.11.27 22:54:44 | 000,021,698 | ---- | C] () -- C:\Users\Hele\Documents\TB anfrage.odt [2012.11.27 22:23:37 | 000,017,319 | ---- | C] () -- C:\Users\Hele\Desktop\Malwarebytes Scan 27112012.odt [2012.11.27 22:20:23 | 000,000,000 | ---- | C] () -- C:\Users\Hele\defogger_reenable [2012.11.27 22:18:41 | 000,050,477 | ---- | C] () -- C:\Users\Hele\Desktop\Defogger.exe [2012.11.27 21:34:44 | 000,148,755 | ---- | C] () -- C:\Users\Hele\Desktop\Bild 3.png [2012.11.27 21:21:54 | 000,127,097 | ---- | C] () -- C:\Users\Hele\Desktop\Bild 2.png [2012.11.27 21:19:36 | 000,248,701 | ---- | C] () -- C:\Users\Hele\Desktop\Bild 1.png [2012.11.27 21:05:04 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.25 19:35:41 | 000,165,698 | ---- | C] () -- C:\Users\Hele\Desktop\Was guckst du.pdf [2012.11.25 16:20:37 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.11.25 16:16:37 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk [2012.11.25 15:28:09 | 010,058,285 | ---- | C] () -- C:\Users\Hele\Desktop\galileodesign_photoshop_elements_10_wolf.pdf [2012.11.22 18:18:41 | 000,001,150 | ---- | C] () -- C:\Users\Hele\Desktop\EasyDownLight - Verknüpfung.lnk [2012.11.22 18:18:03 | 000,001,123 | ---- | C] () -- C:\Users\Hele\Desktop\autostitch - Verknüpfung.lnk [2012.11.19 08:32:32 | 000,011,119 | ---- | C] () -- C:\Users\Hele\Documents\Widerspruch **** Sparkasse.odt [2012.11.16 20:08:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 19:58:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.14 22:12:15 | 000,008,434 | ---- | C] () -- C:\Users\Hele\Desktop\316 - Verknüpfung.lnk [2012.11.14 22:12:11 | 000,008,434 | ---- | C] () -- C:\Users\Hele\Desktop\318 - Verknüpfung.lnk [2012.11.14 22:12:02 | 000,008,434 | ---- | C] () -- C:\Users\Hele\Desktop\304 - Verknüpfung.lnk [2012.11.14 22:11:34 | 000,008,434 | ---- | C] () -- C:\Users\Hele\Desktop\299 - Verknüpfung.lnk [2012.11.14 22:11:03 | 000,008,434 | ---- | C] () -- C:\Users\Hele\Desktop\291 - Verknüpfung.lnk [2012.11.14 22:10:41 | 000,008,434 | ---- | C] () -- C:\Users\Hele\Desktop\286 - Verknüpfung.lnk [2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Hele\Desktop\Reflecta Scanner Reparatur 3 - Verknüpfung.lnk [2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Hele\Desktop\Reflecta Scanner Reparatur 2 - Verknüpfung.lnk [2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Hele\Desktop\Reflecta Scanner Reparatur 1 - Verknüpfung.lnk [2012.11.14 17:52:41 | 001,079,825 | ---- | C] () -- C:\Users\Hele\Desktop\autostitch.zip [2012.11.10 15:45:26 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.11.10 13:14:04 | 000,059,867 | ---- | C] () -- C:\Users\Hele\Documents\Die besten 50 Mitarbeiter des Unternehmens 2011_12 20121105134048.pdf [2012.11.04 11:31:52 | 000,009,922 | ---- | C] () -- C:\Users\Hele\Documents\Euro NCAP Test und ADAC Bericht.ods [2012.11.01 12:49:31 | 000,171,426 | ---- | C] () -- C:\Users\Hele\Desktop\Bild 3.jpg [2012.09.03 12:12:09 | 007,339,099 | ---- | C] () -- C:\Program Files\RouteConverterWindows64.exe [2012.08.28 19:54:32 | 000,007,606 | ---- | C] () -- C:\Users\Hele\AppData\Local\Resmon.ResmonCfg [2012.07.15 15:14:06 | 000,001,049 | ---- | C] () -- C:\Users\Hele\AppData\Roaming\.ptbt0 [2012.05.19 13:33:50 | 000,001,158 | ---- | C] () -- C:\Users\Hele\AppData\Roaming\ShiftN.ini [2011.11.03 03:12:00 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll [2011.07.06 13:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.05.29 16:15:59 | 000,005,467 | ---- | C] () -- C:\Users\Hele\ESt2010_**********_********.elfo [2010.12.05 16:49:22 | 000,039,626 | ---- | C] () -- C:\Users\Hele\.recently-used.xbel [2010.09.18 18:46:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.12 16:04:16 | 000,021,062 | -H-- | C] () -- C:\ProgramData\M33KI [2010.08.28 16:17:16 | 000,000,205 | ---- | C] () -- C:\Users\Hele\AppData\Roaming\default.rss [2010.03.26 20:18:38 | 000,013,824 | ---- | C] () -- C:\Users\Hele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.10 15:50:01 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Babylon [2012.09.22 11:12:16 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Canon [2010.04.02 21:50:04 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\cerasus.media [2010.12.14 18:43:22 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.11.10 15:52:09 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Claro [2012.08.29 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Dropbox [2012.11.10 15:03:50 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\DVDVideoSoft [2012.05.29 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.15 18:59:57 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Engelmann Media [2012.07.02 22:41:58 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\EssentialPIM [2012.05.23 20:50:44 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1 [2010.08.08 17:35:08 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\FreeFLVConverter [2012.05.23 20:55:07 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\GeoSetter [2011.02.27 17:11:35 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\gnupg [2010.12.05 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\gtk-2.0 [2012.07.19 11:20:17 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\IrfanView [2012.11.10 17:45:58 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\KastorFreeVimeoDownloader [2012.10.07 08:44:08 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Lasersoft Imaging [2012.11.10 13:58:03 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Leadertech [2010.03.26 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\OpenOffice.org [2010.04.17 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Opera [2012.08.28 20:59:50 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Panasonic [2011.05.08 18:48:18 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\picpick [2010.09.12 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\PIE [2012.03.14 15:06:13 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Samsung [2010.03.27 12:28:53 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\streamripper [2012.07.02 23:37:16 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Temp [2010.07.27 06:48:13 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Thunderbird ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:20087FC5 < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.11.2012 22:24:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hele\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,11% Memory free
12,00 Gb Paging File | 9,89 Gb Available in Paging File | 82,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 228,56 Gb Free Space | 24,54% Space Free | Partition Type: NTFS
Computer Name: Hele-PC | User Name: Hele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B2F023-05A3-442B-8367-B86BBABDE918}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{09C579B9-4836-4086-B4B9-49901E8079A6}" = rport=445 | protocol=6 | dir=out | app=system |
"{1735236F-5AEF-4D8C-93A2-3229D70D51D1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23AF7E0A-3951-4EFC-B7A8-5983DA7072D2}" = rport=138 | protocol=17 | dir=out | app=system |
"{25458A2D-945E-436A-A7DD-2F646B6D3FEE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3404C93B-6990-4C4E-90D8-3A6ED3ECC333}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CF6E8FB-7024-4B5A-A8ED-7F1ADF5A79FE}" = lport=138 | protocol=17 | dir=in | app=system |
"{4E726678-1C06-4BB8-8272-61598E2E92FD}" = rport=139 | protocol=6 | dir=out | app=system |
"{53EB47AA-67F0-41E7-BA4D-C49D043722FA}" = rport=137 | protocol=17 | dir=out | app=system |
"{6FF3C7D9-470F-4158-A4BA-EF695ECE76D0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{72B9C408-FF8B-4166-9419-B79B9CD9A333}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{75F6EFF6-BA0F-467E-BE0A-78F4B8C24A6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D88B7F6-5A71-4F3D-9C19-AF68567153D9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B8F58512-3689-46C4-AC3D-3FE0F2BF9C13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA4159AA-01DB-4E16-9EC5-4D6F5BE44E96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA60CF5A-B446-4A9A-B71B-A225F9722312}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2041BE8-A597-49BA-9C33-1C954B746093}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5B142E6-E797-4A55-A04E-2B40D8E101B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD6DB3DC-29BF-4394-ADE9-A9CBC27BE059}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D5E1398A-D05C-4E78-8EEE-07838DD1D445}" = lport=139 | protocol=6 | dir=in | app=system |
"{E774093B-CD29-439F-89E9-17E131CD0047}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E80012FB-E37F-4837-B810-45AB355D348C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F16A858B-7E06-4566-A13C-77D6A1BD11E4}" = lport=137 | protocol=17 | dir=in | app=system |
"{F8DE3CD3-9090-412E-A9F7-D02F445FF6D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B7B320-DDE1-4AFE-85D0-ACCD027350BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0867FC36-E877-4C5E-8D64-8C10303D82D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0C7470DD-BEA5-4432-AE17-53AABF248AC0}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"{117A8FA1-FB22-4088-9E40-24AC1F65D228}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{124D93E9-D95E-4A31-AD5D-BFCD4241F931}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13B179D0-58AA-4DED-82A1-0A3961A8C08A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4CCF2788-8CCB-4F00-8F70-EC21A5FB0F23}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{53E86AED-C0D1-4E53-9FAD-733C48F45C47}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{61C8A993-BD72-4D6B-A09C-8376029EB92E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{62018C13-C70C-4479-938D-5438764D6F98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E694892-3631-486D-BDF7-7D7ACFA1BB77}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{82697B38-3236-4856-9CCA-7D82A2E75A65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{833A9EE3-0B0F-4D20-B765-A9E1684DD108}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{847D36A3-BAAF-412F-807C-F61177E20E37}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8ABCF4DC-1C7D-4172-B4C0-9E69FF9895BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B8D0749-E841-4D7A-B4EE-9768BF5DC02B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{910F3D99-DDA2-40C6-9273-BB1C6E30CC31}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{9551040C-CA6E-4393-A781-1669CE951ADE}" = protocol=6 | dir=in | app=c:\users\Hele\appdata\roaming\dropbox\bin\dropbox.exe |
"{99BFB7E2-8EEA-4FAC-BF14-5EF102E93DA2}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{9CD1694F-355D-4108-BA7F-B9391F226425}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D6B42FC-2D23-43A9-A1E8-3ABEC708619F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A0235D82-768F-44B0-9BB0-3FF8D1BD890F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{A681CDD2-9089-4112-A886-95F8833E6DAE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B01F9E35-61CC-4554-81A4-319C445898DA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{B215A7D8-1371-4BE5-8FD7-48C125FC6E73}" = protocol=6 | dir=out | app=system |
"{BCE949BA-8B7B-4430-B95D-A110ACF0C076}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C29EE8E3-42AE-4849-8674-CF5D84DFB5C0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CEB9C505-9963-4EDD-AD23-14EE2C1A5E8E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D7BE681E-DE3B-4893-9C6B-A430EA88A1F1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DB5CCB98-82AD-4335-A8C3-D6E667AC2803}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"{DCC7A46F-6C66-4113-ABA1-13FD1F000700}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E32E3FF9-D8DA-48E0-875A-EBD6AB246833}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E4A7880A-3684-4725-B46D-59CA0FAE8F1A}" = protocol=17 | dir=in | app=c:\users\hele\appdata\roaming\dropbox\bin\dropbox.exe |
"{E90C132B-92B6-4399-92B0-37BE0FC28F3C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0A2713B-A7B6-42A8-9BA1-81DDD74F2CF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F25BD402-9C88-4F9D-8DC3-299462F035A8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FE64F2EF-B5B5-48CA-A2B8-0792BE05E887}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0BED86B5-269B-46C2-804E-4823354B0200}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{3D440E17-C2F2-441B-9093-6F486C00E857}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{94AC24C2-5BD9-493E-B054-1128253C38E4}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{B6B2C7B4-35CC-4BE6-A30E-C9C8E9263F43}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{7905536C-953E-49D2-81BF-EFBBA927EA1D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{8E2C9B09-5D35-4380-97C8-BC94010FE25A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{9A7A2E9B-6954-4820-A9DC-C042A2D08D61}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{A2BE16CA-7686-491D-ACE6-333606099F3A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{15C6556B-7E19-1EB0-3DD2-EFBA6B89E988}" = ATI AVIVO64 Codecs
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{23170F69-40C1-2702-0912-000001000000}" = 7-Zip 9.12 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416032FF}" = Java(TM) 6 Update 32 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160320}" = Java(TM) SE Development Kit 6 Update 32 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft-Maus- und Tastatur-Center
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{B9C9B362-80B9-BE07-B0E7-7FEA1264612E}" = ATI Catalyst Install Manager
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E89E99D4-5ADD-6618-7C77-64DE0FDF8DD1}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Microsoft Security Client" = Microsoft Security Essentials
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar
"{06FEC0F9-D836-A627-C140-29D540A04F9B}" = CCC Help French
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{15ABFF4D-9BA5-A152-4634-826B24407F2D}" = Catalyst Control Center Localization All
"{1D50AAF6-E33E-C5E1-944E-93EE577A6106}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3C3A1CF5-A2A0-4D80-8808-609C87FB33FE}_is1" = Bildschutz Pro 3.01
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F88AADB-7B14-6ECF-29DD-A3373313CFFA}" = CCC Help Italian
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4C5E0D3E-C45A-4910-B359-719DCD1D80EC}_is1" = Mahjongg Dreams
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4E1D8C96-522A-C779-8176-31722F317AF3}" = Catalyst Control Center Graphics Previews Common
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{524c838e-a4b2-4a83-b18f-c718beb046b9}" = Nero 9 Essentials
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ACAF398-B948-6089-C27D-ED6028CD864E}" = CCC Help Swedish
"{8D1B1070-5CA9-9188-A14A-B59751493C3A}" = Catalyst Control Center Graphics Light
"{8E7165FC-5EF2-E3E0-25E9-ED4C650684F9}" = CCC Help Japanese
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9624F676-62ED-D881-6004-2B76676A81A5}" = Catalyst Control Center Graphics Previews Vista
"{96FB6F2F-8CCA-D4BD-EC06-815A4476D89B}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00F8237-F496-44D2-0001-E3CCF8CD58AE}" = Photomizer
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A142397C-14FE-9966-71A7-9F5DE2F211B0}" = Catalyst Control Center InstallProxy
"{A1748ECE-BFC9-42FF-026A-F983A606D2CC}" = Catalyst Control Center Graphics Full Existing
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0EC4494-075D-BBE3-930A-FFD1D40B89A7}" = Catalyst Control Center Core Implementation
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B79F9CEC-427E-E49D-DD14-63C19653CE67}" = CCC Help Danish
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BEC5D22B-A966-1D1C-0223-8187C07AC024}" = ccc-core-static
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5D40461-E655-89A5-6273-BBBE9D1F291A}" = CCC Help Chinese Standard
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DE470267-C671-2337-7D6F-15979539B9AE}" = CCC Help Norwegian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2401EA9-4EB4-74A3-4F87-1DB5D7BC7A3A}" = CCC Help Finnish
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F10E67C1-25FA-61A7-A25C-84AD96BF833F}" = CCC Help Dutch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5622E83-86B5-4C03-BA6B-26028F83D2B6}" = Catalyst Control Center - Branding
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9299907-26DA-0237-159E-80BE4060400D}" = Catalyst Control Center Graphics Full New
"{FBBBCD0A-111B-3DE7-048B-A99C1C4FBCA2}" = CCC Help German
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FBD7A67D-D700-4043-B54F-DD106D00F308}" = LameXP
"{FC55F354-E88F-0311-FA49-26AE81F89A80}" = CCC Help Chinese Traditional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign 1.5" = Adobe InDesign 1.5
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"claro" = Claro LTD toolbar
"Color Efex Pro 4" = Color Efex Pro 4
"Digital Editions" = Adobe Digital Editions
"Doro_is1" = Doro 1.64
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EssentialPIM" = EssentialPIM
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Studio_is1" = Free Studio version 5.7.7.1031
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Island-Forum Toolbar" = Island-Forum Toolbar
"Kastor Free Vimeo Downloader_is1" = Kastor Free Vimeo Downloader V 1.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.4.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Opera 12.02.1578" = Opera 12.02
"PicPick" = PicPick
"PROHYBRIDR" = 2007 Microsoft Office system
"SilverFast AFL" = SilverFast AFL 6.6.2r5
"SilverFast Ai CD Dokumentation_is1" = SilverFast Ai CD Dokumentation 6.4.0
"Streamripper" = Streamripper (Remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.01.2012 15:21:21 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 20.01.2012 07:59:40 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 20.01.2012 07:59:40 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 20.01.2012 09:44:38 | Computer Name = Hele-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop Elements 9.0.exe, Version:
9.0.0.0, Zeitstempel: 0x4c83dbdb Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x25282064
ID
des fehlerhaften Prozesses: 0x1190 Startzeit der fehlerhaften Anwendung: 0x01ccd7799c287e59
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Elements 9 Organizer\Photoshop
Elements 9.0.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: e4d56bba-436c-11e1-8a2c-406186292efb
Error - 22.01.2012 10:11:49 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.01.2012 10:11:49 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.01.2012 03:41:35 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.01.2012 03:41:35 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.01.2012 03:42:14 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 24.01.2012 03:42:14 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ OSession Events ]
Error - 09.01.2011 14:05:16 | Computer Name = Hele-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.12.2011 04:32:23 | Computer Name = Hele-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1667
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.05.2012 15:34:41 | Computer Name = Hele-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.11.2012 13:46:27 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Active File Monitor" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 26.11.2012 13:46:31 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Photoshop Elements Device Connect" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 27.11.2012 13:03:26 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Active File Monitor" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 27.11.2012 13:03:32 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Photoshop Elements Device Connect" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 27.11.2012 13:42:36 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Active File Monitor" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 27.11.2012 13:42:41 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Photoshop Elements Device Connect" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 27.11.2012 14:45:07 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Active File Monitor" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 27.11.2012 14:45:11 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Photoshop Elements Device Connect" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 27.11.2012 16:24:04 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Active File Monitor" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 27.11.2012 16:24:18 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Photoshop Elements Device Connect" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
< End of report >
Und jetzt raucht mir der Kopf. Ich mag garnicht daran denken wieviel Arbeit ich dem jenigen mache, der sich meiner erbarmt.  Ganz liebe Grüße an meinen heldenhaften Retter Hele |
|
28.11.2012, 14:40
| #2 | |
| /// TB-Ausbilder  | click to continue by savings sidekick So, dann bin ich jetzt dein Held
__________________  Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen Schritt 2: Kontrollscan mit OTL
__________________ |
|
28.11.2012, 17:55
| #3 |
| | click to continue by savings sidekick Hallo Ryder,
__________________vielen Dank für Deine Bereitschaft mir zu helfen! AdwCleaner hat geklappt. OTL Scan „Alle Benutzer“ auch. Code:
ATTFilter OTL logfile created on: 28.11.2012 17:28:07 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michi2\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 3,82 Gb Available Physical Memory | 63,69% Memory free 12,00 Gb Paging File | 9,83 Gb Available in Paging File | 81,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 228,26 Gb Free Space | 24,51% Space Free | Partition Type: NTFS Computer Name: MICHI2-PC | User Name: Michi2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.27 22:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi2\Desktop\OTL.exe PRC - [2012.11.20 07:16:04 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.11.09 13:05:07 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe PRC - [2012.11.09 12:59:02 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe PRC - [2012.10.10 04:51:06 | 010,415,008 | ---- | M] (NTeWORKS) -- C:\Program Files (x86)\PicPick\picpick.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.11.03 03:11:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2011.01.17 17:50:34 | 000,307,200 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe PRC - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE PRC - [2010.04.02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.11.20 07:16:18 | 002,400,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.09 13:05:06 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll MOD - [2012.11.02 19:59:20 | 002,139,168 | ---- | M] () -- c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.04.24 16:05:19 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011.04.24 16:05:19 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.11.24 15:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.11.20 07:16:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 13:05:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.09 12:59:02 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.08.02 12:42:04 | 008,786,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2012.08.02 12:42:04 | 000,565,152 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.11.03 03:11:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2010.12.10 16:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.09 12:59:03 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.06.21 14:12:00 | 000,068,512 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter) DRV:64bit: - [2012.06.21 14:12:00 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf) DRV:64bit: - [2012.05.22 13:07:18 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.05.18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.27 05:32:20 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.08.27 05:32:20 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd) DRV:64bit: - [2010.08.27 05:32:20 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2010.08.27 05:32:20 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2010.07.26 14:18:58 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2010.07.26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.11.24 15:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.18 11:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2010.07.26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [1999.10.13 14:19:20 | 000,012,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbscan.sys -- (usbscan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A EF 97 98 72 FB CC 01 [binary data] IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4512_3&babsrc=SP_clro&mntrId=88f18f94000000000000406186292efb IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{482D0F30-8F15-4196-B9CC-FE1D26521EEC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={D74498D5-1FCC-4678-83DA-D662D8236DFB}&mid=a9eb25d8297147d092a49128c0cdc708-0f92206d30766c61a0e476dfd538e92fdc7dee00&lang=en&ds=bm013&pr=sa&d=2012-09-05 17:59:02&v=12.2.0.5&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{E4DD147D-1147-48C2-A882-262B75A206A9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-W1&o=100000080&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=JM&apn_dtid=YYYYYYYYDE&apn_uid=76caf8f0-cb63-4079-9288-35200330b8e1&apn_sauid=F72F764F-A2CF-4767-A9E4-5D9761D99B7F IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bing.com/?cc=de" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.3 FF - prefs.js..extensions.enabledAddons: %7B20cc25e2-48c9-45e1-9a1f-1ccc1882b81b%7D:1.9 FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.10 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.7 FF - prefs.js..extensions.enabledAddons: %7Bc36177c0-224a-11da-8cd6-0800200c9a91%7D:3.9.81 FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {699d7c86-b4fb-477b-b738-3d7a16439036}:3.4.1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michi2\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michi2\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.27 18:26:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.17 19:49:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.17 19:49:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2010.07.28 18:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\Extensions [2010.07.27 06:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.28 17:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions [2012.11.10 15:51:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.11.22 19:36:08 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.16 18:09:08 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\ich@maltegoetz.de [2012.11.20 18:53:43 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\is@dictionaries.addons.mozilla.org [2011.06.02 13:42:44 | 000,010,285 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}.xpi [2012.10.11 08:11:03 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012.11.22 19:13:18 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.07.15 11:32:28 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2012.11.24 19:08:52 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.04.01 11:32:31 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012.11.26 19:39:22 | 000,001,610 | ---- | M] () -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\ixquick-https---deutsch.xml [2010.11.03 16:32:08 | 000,000,834 | ---- | M] () -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\lonely-planet-online.xml [2012.11.27 18:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4512_3&babsrc=HP_clro&mntrId=88f18f94000000000000406186292efb O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll File not found O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll File not found O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroTlbr.dll File not found O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O3 - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3320590840-971583442-1121360795-1004..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe (NTeWORKS) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Michi 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.7.0_04) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236FDCB1-0D63-4919-8875-5408D003D4F9}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2df44f93-f587-11df-9530-406186292efb}\Shell - "" = AutoRun O33 - MountPoints2\{2df44f93-f587-11df-9530-406186292efb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.27 22:22:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michi2\Desktop\OTL.exe [2012.11.27 21:05:42 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\Malwarebytes [2012.11.27 21:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.27 21:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.27 21:04:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.27 21:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.17 19:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.11.14 17:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\autostitch [2012.11.12 12:45:04 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\Media Player Classic [2012.11.10 17:46:00 | 000,000,000 | ---D | C] -- C:\Users\Michi2\Documents\Videos [2012.11.10 16:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Vimeo Downloader [2012.11.10 16:14:05 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\KastorFreeVimeoDownloader [2012.11.10 16:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kastor Free Vimeo Downloader [2012.11.10 15:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.10 15:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012.11.10 15:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012.11.10 14:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.11.10 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\Leadertech [2012.10.29 23:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\EasyDownLight ========== Files - Modified Within 30 Days ========== [2012.11.28 17:26:57 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 17:26:57 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 17:19:58 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.28 17:19:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.28 17:19:14 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys [2012.11.28 17:16:32 | 000,480,125 | ---- | M] () -- C:\Users\Michi2\Desktop\adwcleaner.exe [2012.11.28 17:09:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320590840-971583442-1121360795-1004UA.job [2012.11.28 08:57:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.28 08:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.28 08:45:28 | 001,657,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.28 08:45:28 | 000,715,260 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.28 08:45:28 | 000,666,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.28 08:45:28 | 000,155,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.28 08:45:28 | 000,125,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.28 00:08:53 | 000,048,551 | ---- | M] () -- C:\Users\Michi2\Desktop\TB anfrage.odt [2012.11.27 23:02:24 | 000,017,330 | ---- | M] () -- C:\Users\Michi2\Desktop\Malwarebytes Scan 27112012.odt [2012.11.27 22:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi2\Desktop\OTL.exe [2012.11.27 22:20:23 | 000,000,000 | ---- | M] () -- C:\Users\Michi2\defogger_reenable [2012.11.27 22:18:42 | 000,050,477 | ---- | M] () -- C:\Users\Michi2\Desktop\Defogger.exe [2012.11.27 21:34:44 | 000,148,755 | ---- | M] () -- C:\Users\Michi2\Desktop\Bild 3.png [2012.11.27 21:21:54 | 000,127,097 | ---- | M] () -- C:\Users\Michi2\Desktop\Bild 2.png [2012.11.27 21:19:36 | 000,248,701 | ---- | M] () -- C:\Users\Michi2\Desktop\Bild 1.png [2012.11.27 21:05:04 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.26 18:46:08 | 000,615,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.25 19:35:41 | 000,165,698 | ---- | M] () -- C:\Users\Michi2\Desktop\Was guckst du.pdf [2012.11.25 15:28:10 | 010,058,285 | ---- | M] () -- C:\Users\Michi2\Desktop\galileodesign_photoshop_elements_10_wolf.pdf [2012.11.25 15:09:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320590840-971583442-1121360795-1004Core.job [2012.11.22 18:20:14 | 000,001,331 | ---- | M] () -- C:\Users\Michi2\Desktop\RouteConverterWindows64 - Verknüpfung.lnk [2012.11.22 18:18:41 | 000,001,150 | ---- | M] () -- C:\Users\Michi2\Desktop\EasyDownLight - Verknüpfung.lnk [2012.11.22 18:18:03 | 000,001,123 | ---- | M] () -- C:\Users\Michi2\Desktop\autostitch - Verknüpfung.lnk [2012.11.19 08:32:34 | 000,011,119 | ---- | M] () -- C:\Users\Michi2\Documents\Widerspruch **** Sparkasse.odt [2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 3 - Verknüpfung.lnk [2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 2 - Verknüpfung.lnk [2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 1 - Verknüpfung.lnk [2012.11.14 22:12:15 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\316 - Verknüpfung.lnk [2012.11.14 22:12:11 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\318 - Verknüpfung.lnk [2012.11.14 22:12:02 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\304 - Verknüpfung.lnk [2012.11.14 22:11:34 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\299 - Verknüpfung.lnk [2012.11.14 22:11:03 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\291 - Verknüpfung.lnk [2012.11.14 22:10:41 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\286 - Verknüpfung.lnk [2012.11.14 17:53:01 | 001,079,825 | ---- | M] () -- C:\Users\Michi2\Desktop\autostitch.zip [2012.11.10 13:40:09 | 000,171,426 | ---- | M] () -- C:\Users\Michi2\Desktop\D L.jpg [2012.11.10 13:14:04 | 000,059,867 | ---- | M] () -- C:\Users\Michi2\Documents\Die besten 50 Mitarbeiter des Unternehmens 2011_12 20121105134048.pdf [2012.11.09 12:59:03 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012.11.04 12:42:01 | 000,009,922 | ---- | M] () -- C:\Users\Michi2\Documents\Euro NCAP Test und ADAC Bericht.ods [2012.10.29 23:48:58 | 000,000,205 | ---- | M] () -- C:\Users\Michi2\AppData\Roaming\default.rss ========== Files Created - No Company Name ========== [2012.11.28 17:16:26 | 000,480,125 | ---- | C] () -- C:\Users\Michi2\Desktop\adwcleaner.exe [2012.11.27 22:54:44 | 000,048,551 | ---- | C] () -- C:\Users\Michi2\Desktop\TB anfrage.odt [2012.11.27 22:23:37 | 000,017,330 | ---- | C] () -- C:\Users\Michi2\Desktop\Malwarebytes Scan 27112012.odt [2012.11.27 22:20:23 | 000,000,000 | ---- | C] () -- C:\Users\Michi2\defogger_reenable [2012.11.27 22:18:41 | 000,050,477 | ---- | C] () -- C:\Users\Michi2\Desktop\Defogger.exe [2012.11.27 21:34:44 | 000,148,755 | ---- | C] () -- C:\Users\Michi2\Desktop\Bild 3.png [2012.11.27 21:21:54 | 000,127,097 | ---- | C] () -- C:\Users\Michi2\Desktop\Bild 2.png [2012.11.27 21:19:36 | 000,248,701 | ---- | C] () -- C:\Users\Michi2\Desktop\Bild 1.png [2012.11.27 21:05:04 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.25 19:35:41 | 000,165,698 | ---- | C] () -- C:\Users\Michi2\Desktop\Was guckst du.pdf [2012.11.25 16:20:37 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.11.25 16:16:37 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk [2012.11.25 15:28:09 | 010,058,285 | ---- | C] () -- C:\Users\Michi2\Desktop\galileodesign_photoshop_elements_10_wolf.pdf [2012.11.22 18:18:41 | 000,001,150 | ---- | C] () -- C:\Users\Michi2\Desktop\EasyDownLight - Verknüpfung.lnk [2012.11.22 18:18:03 | 000,001,123 | ---- | C] () -- C:\Users\Michi2\Desktop\autostitch - Verknüpfung.lnk [2012.11.19 08:32:32 | 000,011,119 | ---- | C] () -- C:\Users\Michi2\Documents\Widerspruch **** Sparkasse.odt [2012.11.16 20:08:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 19:58:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.14 22:12:15 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\316 - Verknüpfung.lnk [2012.11.14 22:12:11 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\318 - Verknüpfung.lnk [2012.11.14 22:12:02 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\304 - Verknüpfung.lnk [2012.11.14 22:11:34 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\299 - Verknüpfung.lnk [2012.11.14 22:11:03 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\291 - Verknüpfung.lnk [2012.11.14 22:10:41 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\286 - Verknüpfung.lnk [2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 3 - Verknüpfung.lnk [2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 2 - Verknüpfung.lnk [2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 1 - Verknüpfung.lnk [2012.11.14 17:52:41 | 001,079,825 | ---- | C] () -- C:\Users\Michi2\Desktop\autostitch.zip [2012.11.10 15:45:26 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.11.10 13:14:04 | 000,059,867 | ---- | C] () -- C:\Users\Michi2\Documents\Die besten 50 Mitarbeiter des Unternehmens 2011_12 20121105134048.pdf [2012.11.04 11:31:52 | 000,009,922 | ---- | C] () -- C:\Users\Michi2\Documents\Euro NCAP Test und ADAC Bericht.ods [2012.11.01 12:49:31 | 000,171,426 | ---- | C] () -- C:\Users\Michi2\Desktop\D L.jpg [2012.09.03 12:12:09 | 007,339,099 | ---- | C] () -- C:\Program Files\RouteConverterWindows64.exe [2012.08.28 19:54:32 | 000,007,606 | ---- | C] () -- C:\Users\Michi2\AppData\Local\Resmon.ResmonCfg [2012.07.15 15:14:06 | 000,001,049 | ---- | C] () -- C:\Users\Michi2\AppData\Roaming\.ptbt0 [2012.05.19 13:33:50 | 000,001,158 | ---- | C] () -- C:\Users\Michi2\AppData\Roaming\ShiftN.ini [2011.11.03 03:12:00 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll [2011.07.06 13:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.05.29 16:15:59 | 000,005,467 | ---- | C] () -- C:\Users\Michi2\ESt2010_****_****.elfo [2010.12.05 16:49:22 | 000,039,626 | ---- | C] () -- C:\Users\Michi2\.recently-used.xbel [2010.09.18 18:46:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.12 16:04:16 | 000,021,062 | -H-- | C] () -- C:\ProgramData\M33KI [2010.08.28 16:17:16 | 000,000,205 | ---- | C] () -- C:\Users\Michi2\AppData\Roaming\default.rss [2010.03.26 20:18:38 | 000,013,824 | ---- | C] () -- C:\Users\Michi2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.08.11 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\OpenOffice.org [2010.08.12 18:21:11 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Opera [2010.08.08 17:35:17 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\FreeFLVConverter [2010.08.08 19:02:24 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\OpenOffice.org [2010.07.21 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\Opera [2010.07.26 20:46:17 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\Thunderbird [2012.09.22 11:12:16 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Canon [2010.04.02 21:50:04 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\cerasus.media [2010.12.14 18:43:22 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.08.29 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Dropbox [2012.11.10 15:03:50 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\DVDVideoSoft [2012.05.29 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.15 18:59:57 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Engelmann Media [2012.07.02 22:41:58 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\EssentialPIM [2012.05.23 20:50:44 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1 [2010.08.08 17:35:08 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\FreeFLVConverter [2012.05.23 20:55:07 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\GeoSetter [2011.02.27 17:11:35 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\gnupg [2010.12.05 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\gtk-2.0 [2012.07.19 11:20:17 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\IrfanView [2012.11.10 17:45:58 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\KastorFreeVimeoDownloader [2012.10.07 08:44:08 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Lasersoft Imaging [2012.11.10 13:58:03 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Leadertech [2010.03.26 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\OpenOffice.org [2010.04.17 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Opera [2012.08.28 20:59:50 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Panasonic [2011.05.08 18:48:18 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\picpick [2010.09.12 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\PIE [2012.03.14 15:06:13 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Samsung [2010.03.27 12:28:53 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\streamripper [2012.07.02 23:37:16 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Temp [2010.07.27 06:48:13 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Thunderbird ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:20087FC5 < End of report > |
|
28.11.2012, 18:10
| #4 | |
| /// TB-Ausbilder | click to continue by savings sidekick Bei den ganzen Müll-Add-Ons die du dir so installierst a la "Downloader" brauchst du dich über unerwünschte Werbung natürlich nicht zu wundern. Schritt 1: Fix mit OTL Schritt 2: Kontrollscan mit OTL Schritt 3: Hast du noch Probleme mit den Sidekicks?
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
28.11.2012, 18:58
| #5 |
| | click to continue by savings sidekick Nicht schimpfen, ich zeige mich einsichtig und gelobe Besserung.  Schritt 1: OTL Scan mit Fix Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll deleted successfully.
c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll moved successfully.
ADS C:\ProgramData\TEMP:20087FC5 deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\Claro LTD not found.
Folder move failed. c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73} scheduled to be moved on reboot.
Folder move failed. c:\ProgramData\Browser Manager\2.4.897.175 scheduled to be moved on reboot.
Folder move failed. c:\ProgramData\Browser Manager scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 168655 bytes
->Temporary Internet Files folder emptied: 688716 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54160593 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 434 bytes
User: Michi 1
->Temp folder emptied: 2446997 bytes
->Temporary Internet Files folder emptied: 737868 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 100941905 bytes
->Opera cache emptied: 20100392 bytes
->Flash cache emptied: 4204 bytes
User: Michi2
->Temp folder emptied: 9202 bytes
->Temporary Internet Files folder emptied: 190460665 bytes
->Java cache emptied: 7700233 bytes
->FireFox cache emptied: 85048028 bytes
->Google Chrome cache emptied: 16825741 bytes
->Apple Safari cache emptied: 4037632 bytes
->Opera cache emptied: 13296410 bytes
->Flash cache emptied: 177470 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89137938 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 1951558275 bytes
Total Files Cleaned = 2.420,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11282012_182741
Files\Folders moved on Reboot...
c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73} folder moved successfully.
c:\ProgramData\Browser Manager\2.4.897.175 folder moved successfully.
c:\ProgramData\Browser Manager folder moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL Scan alle Benutzer Code:
ATTFilter OTL logfile created on: 28.11.2012 18:37:16 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michi2\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,17 Gb Available Physical Memory | 69,46% Memory free 12,00 Gb Paging File | 10,10 Gb Available in Paging File | 84,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 230,45 Gb Free Space | 24,74% Space Free | Partition Type: NTFS Computer Name: MICHI2-PC | User Name: Michi2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.27 22:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi2\Desktop\OTL.exe PRC - [2012.11.20 07:16:04 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.11.09 13:05:07 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe PRC - [2012.11.09 12:59:02 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe PRC - [2012.10.10 04:51:06 | 010,415,008 | ---- | M] (NTeWORKS) -- C:\Program Files (x86)\PicPick\picpick.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.11.03 03:11:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2011.01.17 17:50:34 | 000,307,200 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe PRC - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE PRC - [2010.04.02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.11.20 07:16:18 | 002,400,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.09 13:05:06 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.04.24 16:05:19 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011.04.24 16:05:19 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.11.24 15:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.11.20 07:16:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 13:05:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.09 12:59:02 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.08.02 12:42:04 | 008,786,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2012.08.02 12:42:04 | 000,565,152 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.11.03 03:11:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2010.12.10 16:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.09 12:59:03 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.06.21 14:12:00 | 000,068,512 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter) DRV:64bit: - [2012.06.21 14:12:00 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf) DRV:64bit: - [2012.05.22 13:07:18 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.05.18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.27 05:32:20 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.08.27 05:32:20 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd) DRV:64bit: - [2010.08.27 05:32:20 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2010.08.27 05:32:20 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2010.07.26 14:18:58 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2010.07.26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.11.24 15:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.18 11:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2010.07.26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [1999.10.13 14:19:20 | 000,012,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbscan.sys -- (usbscan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A EF 97 98 72 FB CC 01 [binary data] IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4512_3&babsrc=SP_clro&mntrId=88f18f94000000000000406186292efb IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{482D0F30-8F15-4196-B9CC-FE1D26521EEC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={D74498D5-1FCC-4678-83DA-D662D8236DFB}&mid=a9eb25d8297147d092a49128c0cdc708-0f92206d30766c61a0e476dfd538e92fdc7dee00&lang=en&ds=bm013&pr=sa&d=2012-09-05 17:59:02&v=12.2.0.5&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{E4DD147D-1147-48C2-A882-262B75A206A9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-W1&o=100000080&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=JM&apn_dtid=YYYYYYYYDE&apn_uid=76caf8f0-cb63-4079-9288-35200330b8e1&apn_sauid=F72F764F-A2CF-4767-A9E4-5D9761D99B7F IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bing.com/?cc=de" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.3 FF - prefs.js..extensions.enabledAddons: %7B20cc25e2-48c9-45e1-9a1f-1ccc1882b81b%7D:1.9 FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.10 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.7 FF - prefs.js..extensions.enabledAddons: %7Bc36177c0-224a-11da-8cd6-0800200c9a91%7D:3.9.81 FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {699d7c86-b4fb-477b-b738-3d7a16439036}:3.4.1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michi2\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michi2\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.27 18:26:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.17 19:49:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.17 19:49:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2010.07.28 18:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\Extensions [2010.07.27 06:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.28 17:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions [2012.11.10 15:51:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.11.22 19:36:08 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.16 18:09:08 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\ich@maltegoetz.de [2012.11.20 18:53:43 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\is@dictionaries.addons.mozilla.org [2011.06.02 13:42:44 | 000,010,285 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}.xpi [2012.10.11 08:11:03 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012.11.22 19:13:18 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.07.15 11:32:28 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2012.11.24 19:08:52 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.04.01 11:32:31 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012.11.26 19:39:22 | 000,001,610 | ---- | M] () -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\ixquick-https---deutsch.xml [2010.11.03 16:32:08 | 000,000,834 | ---- | M] () -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\lonely-planet-online.xml [2012.11.27 18:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4512_3&babsrc=HP_clro&mntrId=88f18f94000000000000406186292efb O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll File not found O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll File not found O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O3 - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3320590840-971583442-1121360795-1004..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe (NTeWORKS) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Michi 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.7.0_04) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236FDCB1-0D63-4919-8875-5408D003D4F9}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2df44f93-f587-11df-9530-406186292efb}\Shell - "" = AutoRun O33 - MountPoints2\{2df44f93-f587-11df-9530-406186292efb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.28 18:27:41 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.27 22:22:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michi2\Desktop\OTL.exe [2012.11.27 21:05:42 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\Malwarebytes [2012.11.27 21:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.27 21:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.27 21:04:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.27 21:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.17 19:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.11.14 17:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\autostitch [2012.11.12 12:45:04 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\Media Player Classic [2012.11.10 17:46:00 | 000,000,000 | ---D | C] -- C:\Users\Michi2\Documents\Videos [2012.11.10 16:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Vimeo Downloader [2012.11.10 16:14:05 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\KastorFreeVimeoDownloader [2012.11.10 16:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kastor Free Vimeo Downloader [2012.11.10 15:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012.11.10 15:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012.11.10 14:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.11.10 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\Leadertech [2012.10.29 23:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\EasyDownLight ========== Files - Modified Within 30 Days ========== [2012.11.28 18:39:30 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 18:39:30 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 18:30:57 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.28 18:30:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.28 18:30:26 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys [2012.11.28 18:09:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320590840-971583442-1121360795-1004UA.job [2012.11.28 17:57:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.28 17:54:29 | 000,036,435 | ---- | M] () -- C:\Users\Michi2\Desktop\TB Antwort 28.11.2012.odt [2012.11.28 17:51:49 | 000,037,158 | ---- | M] () -- C:\Users\Michi2\Desktop\OTL 28.11.2012.odt [2012.11.28 17:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.28 17:16:32 | 000,480,125 | ---- | M] () -- C:\Users\Michi2\Desktop\adwcleaner.exe [2012.11.28 08:45:28 | 001,657,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.28 08:45:28 | 000,715,260 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.28 08:45:28 | 000,666,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.28 08:45:28 | 000,155,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.28 08:45:28 | 000,125,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.28 00:08:53 | 000,048,551 | ---- | M] () -- C:\Users\Michi2\Desktop\TB anfrage.odt [2012.11.27 23:02:24 | 000,017,330 | ---- | M] () -- C:\Users\Michi2\Desktop\Malwarebytes Scan 27112012.odt [2012.11.27 22:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi2\Desktop\OTL.exe [2012.11.27 22:20:23 | 000,000,000 | ---- | M] () -- C:\Users\Michi2\defogger_reenable [2012.11.27 22:18:42 | 000,050,477 | ---- | M] () -- C:\Users\Michi2\Desktop\Defogger.exe [2012.11.27 21:34:44 | 000,148,755 | ---- | M] () -- C:\Users\Michi2\Desktop\Bild 3.png [2012.11.27 21:21:54 | 000,127,097 | ---- | M] () -- C:\Users\Michi2\Desktop\Bild 2.png [2012.11.27 21:19:36 | 000,248,701 | ---- | M] () -- C:\Users\Michi2\Desktop\Bild 1.png [2012.11.27 21:05:04 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.26 18:46:08 | 000,615,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.25 19:35:41 | 000,165,698 | ---- | M] () -- C:\Users\Michi2\Desktop\Was guckst du.pdf [2012.11.25 15:28:10 | 010,058,285 | ---- | M] () -- C:\Users\Michi2\Desktop\galileodesign_photoshop_elements_10_wolf.pdf [2012.11.25 15:09:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320590840-971583442-1121360795-1004Core.job [2012.11.22 18:20:14 | 000,001,331 | ---- | M] () -- C:\Users\Michi2\Desktop\RouteConverterWindows64 - Verknüpfung.lnk [2012.11.22 18:18:41 | 000,001,150 | ---- | M] () -- C:\Users\Michi2\Desktop\EasyDownLight - Verknüpfung.lnk [2012.11.22 18:18:03 | 000,001,123 | ---- | M] () -- C:\Users\Michi2\Desktop\autostitch - Verknüpfung.lnk [2012.11.19 08:32:34 | 000,011,119 | ---- | M] () -- C:\Users\Michi2\Documents\Widerspruch **** Sparkasse.odt [2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 3 - Verknüpfung.lnk [2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 2 - Verknüpfung.lnk [2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 1 - Verknüpfung.lnk [2012.11.14 22:12:15 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\316 - Verknüpfung.lnk [2012.11.14 22:12:11 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\318 - Verknüpfung.lnk [2012.11.14 22:12:02 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\304 - Verknüpfung.lnk [2012.11.14 22:11:34 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\299 - Verknüpfung.lnk [2012.11.14 22:11:03 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\291 - Verknüpfung.lnk [2012.11.14 22:10:41 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\286 - Verknüpfung.lnk [2012.11.14 17:53:01 | 001,079,825 | ---- | M] () -- C:\Users\Michi2\Desktop\autostitch.zip [2012.11.10 13:40:09 | 000,171,426 | ---- | M] () -- C:\Users\Michi2\Desktop\D L.jpg [2012.11.10 13:14:04 | 000,059,867 | ---- | M] () -- C:\Users\Michi2\Documents\Die besten 50 Mitarbeiter des Unternehmens 2011_12 20121105134048.pdf [2012.11.09 12:59:03 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012.11.04 12:42:01 | 000,009,922 | ---- | M] () -- C:\Users\Michi2\Documents\Euro NCAP Test und ADAC Bericht.ods [2012.10.29 23:48:58 | 000,000,205 | ---- | M] () -- C:\Users\Michi2\AppData\Roaming\default.rss ========== Files Created - No Company Name ========== [2012.11.28 17:51:47 | 000,037,158 | ---- | C] () -- C:\Users\Michi2\Desktop\OTL 28.11.2012.odt [2012.11.28 17:49:47 | 000,036,435 | ---- | C] () -- C:\Users\Michi2\Desktop\TB Antwort 28.11.2012.odt [2012.11.28 17:16:26 | 000,480,125 | ---- | C] () -- C:\Users\Michi2\Desktop\adwcleaner.exe [2012.11.27 22:54:44 | 000,048,551 | ---- | C] () -- C:\Users\Michi2\Desktop\TB anfrage.odt [2012.11.27 22:23:37 | 000,017,330 | ---- | C] () -- C:\Users\Michi2\Desktop\Malwarebytes Scan 27112012.odt [2012.11.27 22:20:23 | 000,000,000 | ---- | C] () -- C:\Users\Michi2\defogger_reenable [2012.11.27 22:18:41 | 000,050,477 | ---- | C] () -- C:\Users\Michi2\Desktop\Defogger.exe [2012.11.27 21:34:44 | 000,148,755 | ---- | C] () -- C:\Users\Michi2\Desktop\Bild 3.png [2012.11.27 21:21:54 | 000,127,097 | ---- | C] () -- C:\Users\Michi2\Desktop\Bild 2.png [2012.11.27 21:19:36 | 000,248,701 | ---- | C] () -- C:\Users\Michi2\Desktop\Bild 1.png [2012.11.27 21:05:04 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.25 19:35:41 | 000,165,698 | ---- | C] () -- C:\Users\Michi2\Desktop\Was guckst du.pdf [2012.11.25 16:20:37 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.11.25 16:16:37 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk [2012.11.25 15:28:09 | 010,058,285 | ---- | C] () -- C:\Users\Michi2\Desktop\galileodesign_photoshop_elements_10_wolf.pdf [2012.11.22 18:18:41 | 000,001,150 | ---- | C] () -- C:\Users\Michi2\Desktop\EasyDownLight - Verknüpfung.lnk [2012.11.22 18:18:03 | 000,001,123 | ---- | C] () -- C:\Users\Michi2\Desktop\autostitch - Verknüpfung.lnk [2012.11.19 08:32:32 | 000,011,119 | ---- | C] () -- C:\Users\Michi2\Documents\Widerspruch **** Sparkasse.odt [2012.11.16 20:08:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 19:58:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.14 22:12:15 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\316 - Verknüpfung.lnk [2012.11.14 22:12:11 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\318 - Verknüpfung.lnk [2012.11.14 22:12:02 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\304 - Verknüpfung.lnk [2012.11.14 22:11:34 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\299 - Verknüpfung.lnk [2012.11.14 22:11:03 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\291 - Verknüpfung.lnk [2012.11.14 22:10:41 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\286 - Verknüpfung.lnk [2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 3 - Verknüpfung.lnk [2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 2 - Verknüpfung.lnk [2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 1 - Verknüpfung.lnk [2012.11.14 17:52:41 | 001,079,825 | ---- | C] () -- C:\Users\Michi2\Desktop\autostitch.zip [2012.11.10 15:45:26 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.11.10 13:14:04 | 000,059,867 | ---- | C] () -- C:\Users\Michi2\Documents\Die besten 50 Mitarbeiter des Unternehmens 2011_12 20121105134048.pdf [2012.11.04 11:31:52 | 000,009,922 | ---- | C] () -- C:\Users\Michi2\Documents\Euro NCAP Test und ADAC Bericht.ods [2012.11.01 12:49:31 | 000,171,426 | ---- | C] () -- C:\Users\Michi2\Desktop\D L.jpg [2012.09.03 12:12:09 | 007,339,099 | ---- | C] () -- C:\Program Files\RouteConverterWindows64.exe [2012.08.28 19:54:32 | 000,007,606 | ---- | C] () -- C:\Users\Michi2\AppData\Local\Resmon.ResmonCfg [2012.07.15 15:14:06 | 000,001,049 | ---- | C] () -- C:\Users\Michi2\AppData\Roaming\.ptbt0 [2012.05.19 13:33:50 | 000,001,158 | ---- | C] () -- C:\Users\Michi2\AppData\Roaming\ShiftN.ini [2011.11.03 03:12:00 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll [2011.07.06 13:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.05.29 16:15:59 | 000,005,467 | ---- | C] () -- C:\Users\Michi2\ESt2010_****_****.elfo [2010.12.05 16:49:22 | 000,039,626 | ---- | C] () -- C:\Users\Michi2\.recently-used.xbel [2010.09.18 18:46:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.12 16:04:16 | 000,021,062 | -H-- | C] () -- C:\ProgramData\M33KI [2010.08.28 16:17:16 | 000,000,205 | ---- | C] () -- C:\Users\Michi2\AppData\Roaming\default.rss [2010.03.26 20:18:38 | 000,013,824 | ---- | C] () -- C:\Users\Michi2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.08.11 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\OpenOffice.org [2010.08.12 18:21:11 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Opera [2010.08.08 17:35:17 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\FreeFLVConverter [2010.08.08 19:02:24 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\OpenOffice.org [2010.07.21 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\Opera [2010.07.26 20:46:17 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\Thunderbird [2012.09.22 11:12:16 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Canon [2010.04.02 21:50:04 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\cerasus.media [2010.12.14 18:43:22 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.08.29 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Dropbox [2012.11.10 15:03:50 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\DVDVideoSoft [2012.05.29 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.15 18:59:57 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Engelmann Media [2012.07.02 22:41:58 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\EssentialPIM [2012.05.23 20:50:44 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1 [2010.08.08 17:35:08 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\FreeFLVConverter [2012.05.23 20:55:07 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\GeoSetter [2011.02.27 17:11:35 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\gnupg [2010.12.05 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\gtk-2.0 [2012.07.19 11:20:17 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\IrfanView [2012.11.10 17:45:58 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\KastorFreeVimeoDownloader [2012.10.07 08:44:08 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Lasersoft Imaging [2012.11.10 13:58:03 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Leadertech [2010.03.26 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\OpenOffice.org [2010.04.17 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Opera [2012.08.28 20:59:50 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Panasonic [2011.05.08 18:48:18 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\picpick [2010.09.12 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\PIE [2012.03.14 15:06:13 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Samsung [2010.03.27 12:28:53 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\streamripper [2012.07.02 23:37:16 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Temp [2010.07.27 06:48:13 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Schon mal ein herzliches  für deinen Gleichmut. |
|
28.11.2012, 19:02
| #6 | |
| /// TB-Ausbilder | click to continue by savings sidekick Gut!  Wir müssen jetzt noch ein paar Kontrollen machen. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.Schritt 4: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck
__________________ --> click to continue by savings sidekick |
|
28.11.2012, 21:14
| #7 |
| | click to continue by savings sidekick Schritt 1: Der Suchlauf wurde erfolgreich abgeschlossen. Es wurden keine infizierten Objekte gefunden. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.28.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Michi2 :: MICHI2-PC [Administrator] 28.11.2012 19:07:59 mbam-log-2012-11-28 (19-07-59).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 255320 Laufzeit: 3 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Schritt 2: Dauert wirklich sehr lange!!! Läuft bei mir schon fast 2 Std. und hat gerade mal 21% erreicht.  Ich weiss nicht ob ich heute noch das Ergebnis posten kann. |
|
28.11.2012, 21:15
| #8 |
| /// TB-Ausbilder | click to continue by savings sidekick Das dauert auch lange ... einfach laufen lassen.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
29.11.2012, 07:44
| #9 |
| | click to continue by savings sidekick Fortsetzung Schritt 2: Nach 10:39 Std. war der Scan fertig, es dauert wirklich sehr lange.  Code:
ATTFilter C:\Users\Michi2\AppData\Local\Temp\13F62CEB-BAB0-7891-8DCB-136BF6F78E14\Latest\BrowserManagerSetup.exe multiple threats
C:\Users\Michi2\AppData\Local\Temp\13F62CEB-BAB0-7891-8DCB-136BF6F78E14\Latest\MyBabylonTB.exe Win32/Toolbar.Funmoods application
C:\Users\Michi2\Documents\Computer Fotografie Technik\Winamp\Winamp_Streamripper Info\ps_radio2014.exe a variant of Win32/Adware.ADON application
C:\Users\Michi2\Downloads\SoftonicDownloader_fuer_inkscape.exe a variant of Win32/SoftonicDownloader.E application
C:\_OTL\MovedFiles\11282012_182741\c_ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll a variant of Win32/bProtector.A application
K:\Eigene Dateien\Winamp\Winamp_Streamripper Info\ps_radio2014.exe a variant of Win32/Adware.ADON application
Schritt 4: SecurityCheck Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.5.502.110 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (17.0) Mozilla Thunderbird 13.0.1 Thunderbird out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Zwischendurch mal wieder ein Gehe gleich zur Arbeit, bis später (ca. 20:30Uhr) |
|
29.11.2012, 09:38
| #10 | |||
| /// TB-Ausbilder | click to continue by savings sidekickZitat:
Schritt 1: Warnung: Mehrere Anti-Virus-Programme Schritt 2: Thunderbird update machen Schritt 3: Update: Adobe Reader
Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:
Schritt 4: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
29.11.2012, 22:46
| #11 | |
| | click to continue by savings sidekick Ich war unwissend  Danke für den Hinweis zu den Softwaredownloadern . Schritt 1: Avira entfernt. MSE entfernt. Zitat:
Windows Security Essentials hxxp://support.microsoft.com/kb/2435760 Avast installiert. Bekomme im Firefox die Meldung: Code:
ATTFilter Ein anderes Program auf Ihrem Computer möchte Firefox durch folgendes Add-on modifizieren:
avast! WebRep 7.0.1474
Von AVAST Software
Ort:C:\Program Files\AVAST Software\Avast\WebPep\FF
u.s.w.
Diese Installation erlauben
Weiter
Schritt 2: Thunderbird update erledigt. Schritt 3: Adobe Reader entfernt. Foxit Reader installiert. Schritt4: Scan mit SecurityCheck Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.5.502.110 Mozilla Firefox (17.0) Mozilla Thunderbird (17.0.) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 ````````Process Check: objlist.exe by Laurent```````` Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
29.11.2012, 22:53
| #12 | ||||
| /// TB-Ausbilder | click to continue by savings sidekick Wirklich gut mitgemacht! Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren
Schritt 2: ESET deinstallieren (Optional) Abschließend noch Tipps zu folgenden Themen:
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
29.11.2012, 23:20
| #13 | |
| | click to continue by savings sidekick Schritt1: erledigt. Schritt 2: ESET würde ich gerne behalten, finde aber nur den OnlineScannerUninstaller unter C:\Program Files (x86)\ESET\ESET Online Scanner\Online Systemupdates (Automatische Updates aktivieren) war aktiviert. Danke für den restlichen Lesestoff, ich werde Deine Ratschläge beherzigen. Habe gerade bei den installierten Programmen noch eine Claro Chrome Toolbar entdeckt. Es ist sicher sinnvoll diese zu deinstallieren. Browser Check: Habe Schwierigkeiten mit Java. Im Firefox bei den Add-ons Java Deployment Toolkit 7.0.70.10 10.7.2.10 (deaktiviert) Java (TM) Platform SE 7 U9 10.9.2.5 (deaktiviert) habe beides aktiviert, war das richtig? Folgende Fehlermeldung kommt sowohl im aktivierten als auch deaktivierten Zustand. Zitat:
Unter Start --> Systemsteuerung --> Programme --> finde ich nur Java (32-Bit) ist das richtig so? Im "Java Control Panel" ist unter "Erweitert" eine Haken bei "Standard-Java für Browser" im Kästchen "Mozilla-Familie".  |
|
30.11.2012, 15:44
| #14 |
| /// TB-Ausbilder | click to continue by savings sidekick Systemsteuerung > Java (oft unterhalb von Programme)
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
30.11.2012, 21:16
| #15 |
| | click to continue by savings sidekick Ja, hatte ich schon gefunden. Ich habe ja diese Version installiert: Windows 7 Service Pack 1 x64 NTFS Es befindet sich nur die Java (32-Bit) Version unter Start --> Systemsteuerung --> Programme --> Geändert von Hele (30.11.2012 um 22:15 Uhr) |
|
| Themen zu click to continue by savings sidekick |
| 7-zip, antivir, avg secure search, avg security toolbar, avira, avira searchfree toolbar, bonjour, browser, browser manager, canon, cid, continue, converter, error, euro, fehler, firefox, flash player, format, helper, home, ibupdaterservice, install.exe, logfile, microsoft office 2003, mozilla, mp3, office 2007, plug-in, realtek, registry, rundll, savings, scan, secure search, security, server, sidekick, software, svchost.exe, tablet, vtoolbarupdater, wrapper |
Textbox.
Button.
und dann 
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
