Beim Öffnen eines neuen Tabs in Firefox erscheint permanent Claro Search

cucho · 15.01.2013, 20:51

Liebes Trojaner-Board-Team !

Ich habe das Problem, dass beim Öffnen eines neuen Tabs in Firefox immer die Seite von Claro Search erscheint. Dies ist nunmehr seit ca. 2 Wochen so. Trotz diverser Bemühungen gelingt es mir nicht, das Erscheinungsbild - wie es früher war - wieder herzustellen.

Mir scheint, dass es sich hierbei um eine Art Malware handelt.
Ich bin dankbar für jede Art von Hilfe.

Unten habe ich die erforderlichen Logs angehängt.
(Hinweis: OTL hat zwar eine OTL.txt generiert, jedoch keine Extra.txt. Sorry.)

Viele Grüße aus München

Steve

Log file von Defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:30 on 15/01/2013 (Lutz)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Log file von OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 2013/01/15 19:51:15 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Lutz\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: yyyy/MM/dd
 
2,00 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,08% Memory free
4,91 Gb Paging File | 3,83 Gb Available in Paging File | 77,89% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 15,98 Gb Free Space | 5,36% Space Free | Partition Type: NTFS
Drive W: | 4,00 Gb Total Space | 3,65 Gb Free Space | 91,32% Space Free | Partition Type: FAT
 
Computer Name: PC | User Name: Lutz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/01/15 19:31:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lutz\desktop\OTL.exe
PRC - [2013/01/05 04:43:57 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012/12/20 19:34:28 | 000,167,048 | ---- | M] (Soluto) -- C:\Programme\Soluto\SolutoLauncherService.exe
PRC - [2012/12/20 19:34:26 | 000,542,344 | ---- | M] (Soluto) -- C:\Programme\Soluto\SolutoService.exe
PRC - [2012/12/20 19:34:24 | 001,229,448 | ---- | M] (Soluto) -- c:\Programme\Soluto\Soluto.exe
PRC - [2012/12/14 15:05:23 | 002,469,992 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2012/11/27 16:19:33 | 000,142,336 | ---- | M] () -- C:\Programme\simfy\simfy.exe
PRC - [2012/09/17 11:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012/08/11 15:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012/08/08 09:16:59 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/14 15:14:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/14 15:14:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/05/14 15:14:51 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/05/14 15:14:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/14 15:14:51 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/11/21 12:07:36 | 001,259,624 | ---- | M] (1&1 Mail & Media GmbH) -- C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
PRC - [2011/08/05 11:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Zune\ZuneLauncher.exe
PRC - [2011/08/05 11:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) -- c:\Programme\Zune\ZuneBusEnum.exe
PRC - [2011/02/23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2011/01/11 16:25:38 | 001,051,264 | ---- | M] (Genie-soft) -- C:\Programme\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe
PRC - [2011/01/11 16:25:38 | 000,362,624 | ---- | M] (Genie-Soft) -- C:\Programme\Genie-Soft\Genie Timeline\GenieTimelineService.exe
PRC - [2010/06/15 09:55:52 | 000,039,936 | ---- | M] (The PHP Group) -- C:\Programme\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe
PRC - [2010/06/15 09:53:48 | 001,417,216 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
PRC - [2009/09/19 10:18:06 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2009/09/06 17:02:19 | 000,067,128 | ---- | M] (Logitech Inc.) -- c:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 06:52:46 | 001,544,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2006/12/12 09:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 09:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2006/05/24 05:20:44 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/01/21 12:41:56 | 000,118,784 | ---- | M] () -- C:\Programme\Vista Rainbar\Rainmeter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/15 18:38:23 | 004,774,392 | ---- | M] () -- c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2013/01/12 09:56:39 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3283b562a391db4f3f6dcee754de15a8\CustomMarshalers.ni.dll
MOD - [2013/01/12 09:56:36 | 000,706,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\3d0b27de75b28beaf98b427c6b67f334\SolutoCleanup.ni.dll
MOD - [2013/01/12 09:56:35 | 000,681,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\9f0cc486883fc506b3686eed98fc140a\PCGDataAggregation.ni.dll
MOD - [2013/01/12 09:56:33 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\43fc2391299232275192519aa8cd19fd\PCGBootVisualizingCore.ni.dll
MOD - [2013/01/12 09:56:32 | 000,295,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\03c6202169b06e116c418561306cbf06\PCGCatalogItemFootprint.ni.dll
MOD - [2013/01/12 09:56:32 | 000,050,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\390acf731584ffad0d81d6805a639034\Interop.NetFwTypeLib.ni.dll
MOD - [2013/01/12 09:56:31 | 000,732,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\196d0eaa20d35ae9973d1d60c42e191a\PCGBrowsersProbe.ni.dll
MOD - [2013/01/12 09:56:29 | 000,261,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\253ec113e136761c7a353fb95e6ae37f\PCGSAProbe.ni.dll
MOD - [2013/01/12 09:56:28 | 000,087,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\be60393f5952bcb40ed69dfb750c2859\PCGCatalogItemCache.ni.dll
MOD - [2013/01/12 09:56:27 | 000,041,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\d77585c10bd85f35debb24448ccebba8\PCGEntities.ni.dll
MOD - [2013/01/12 09:56:26 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\f4fc109f6a4c38444b7fcd9e15afdeda\PCGClientCommunication.ni.dll
MOD - [2013/01/12 09:56:25 | 000,107,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\9febe3e4812fdfa34ef2aadcd8564c77\SolutoUpdateService.ni.dll
MOD - [2013/01/12 09:56:24 | 000,142,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\1d1b49da9e9eca8d118dea561280c116\PCGUpgrader.ni.dll
MOD - [2013/01/12 09:56:23 | 002,030,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\ce507d374cd591046dc734db10ccc494\SolutoService.ni.exe
MOD - [2013/01/12 09:56:10 | 000,881,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a7723c772080980a7997c17d634c60b8\System.DirectoryServices.AccountManagement.ni.dll
MOD - [2013/01/12 09:56:09 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\8520173161fe643061893f07da896fbf\PCGPostBootResources.ni.dll
MOD - [2013/01/12 09:56:09 | 000,052,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\fbc847b714ecd02e1f489c572e278665\PCGHIDProbe.ni.dll
MOD - [2013/01/12 09:56:08 | 000,039,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\de30b0ad2d7ab7b6f2a61135b146a93b\PCGRSPProbe.ni.dll
MOD - [2013/01/12 09:56:05 | 002,327,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\00f38b15d16d6ad381168e519ea983f1\Community.CsharpSqlite.ni.dll
MOD - [2013/01/12 09:56:04 | 000,202,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\86e2a54dc3b16cf4b5b390a00d01f3a3\PCGWuInfo.ni.dll
MOD - [2013/01/12 09:56:03 | 000,100,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\b6ff0fbefd7a0f4bb037e2707c8a6d55\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2013/01/12 09:56:03 | 000,055,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\f1de77360379ebc3bd7abfd347114ba6\PCGUsersCenter.ni.dll
MOD - [2013/01/12 09:56:02 | 003,521,536 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\2f82e0f3848aaf9e627d6b9f90b6da98\PCGClientCommon.ni.dll
MOD - [2013/01/12 09:56:02 | 000,156,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\1304e374d9d975a923ff470ddd828a92\PCGAppControlPluginLoader.ni.dll
MOD - [2013/01/12 09:55:58 | 000,157,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\ecd05900462dcee3b7191d8c7ce5dc82\PCGBootVisualizingCommon.ni.dll
MOD - [2013/01/12 09:55:57 | 000,222,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\7e8b7aa2b4b1f248fc73844d16f75911\PCGDriverProbe.ni.dll
MOD - [2013/01/12 09:55:56 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\5a9d1bf10779792e8499e880669bee0a\PCGConfiguration.ni.dll
MOD - [2013/01/12 09:55:55 | 000,766,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\4e84a5dfc087a12d4eb47b5aff14c5c2\System.Data.SqlServerCe.ni.dll
MOD - [2013/01/12 09:55:54 | 002,617,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\e1cccd36589cd0e908d659f5b8c34a7a\PCGDatabase.ni.dll
MOD - [2013/01/12 09:55:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\9e2cd3874886663026d0f365c75e8ec3\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2013/01/12 09:55:51 | 000,046,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\5310d4fa10ef91380f9c2014460ec191\PCGAzureEntityFramework.ni.dll
MOD - [2013/01/12 09:55:50 | 001,523,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\7fe7b1f9a2b33e36ccef1efcce0503a7\PCGAzureShared.ni.dll
MOD - [2013/01/12 09:55:49 | 001,196,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\abd113dc843a2656b09bbce877860da2\PCGCommunication.ni.dll
MOD - [2013/01/12 09:55:47 | 001,707,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\b2710a882b678ca69c5130ced0983bc3\PCGPreCompiled.ni.dll
MOD - [2013/01/12 09:55:45 | 000,596,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\5c6b942dcbd2aa931663ded8abff71f3\Ionic.Zip.Reduced.ni.dll
MOD - [2013/01/12 09:55:45 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\a46ba7c85d466661d634155a1617ec39\PCGPrestoSerializer.ni.dll
MOD - [2013/01/12 09:55:44 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll
MOD - [2013/01/12 09:55:39 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\33ff7d73f01be8329a95c6e03f1dd555\System.Web.ni.dll
MOD - [2013/01/12 09:55:30 | 001,116,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\0ce6b74fddd392d58cb1b0afde82d22b\System.DirectoryServices.ni.dll
MOD - [2013/01/12 09:55:29 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll
MOD - [2013/01/12 09:55:29 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.Wrapper.dll
MOD - [2013/01/12 09:55:28 | 002,128,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\da969ae738943f30ea7e1efe01dc7e34\Newtonsoft.Json.Net35.ni.dll
MOD - [2013/01/12 09:55:28 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll
MOD - [2013/01/12 09:55:26 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\38d7801308f456f03608b4355bf78961\System.Xml.Linq.ni.dll
MOD - [2013/01/12 09:55:25 | 000,939,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e8dc1eea54962aa61652ad3eacd87bbc\System.Data.Services.Client.ni.dll
MOD - [2013/01/12 09:55:24 | 002,719,744 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\52b6310aa2bcd95de115eff924eb86dd\PCGFramework.ni.dll
MOD - [2013/01/12 09:55:20 | 001,622,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\96a4b735849b70d247e9680401bbbd8d\Soluto.ni.exe
MOD - [2013/01/12 09:54:49 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/12 09:54:33 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\64bfc7fc01a4a79ce6b2c433c2e6e1a9\SMDiagnostics.ni.dll
MOD - [2013/01/12 09:54:26 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\58ee03cb0f505b226bfe97c0e879005f\System.ServiceModel.ni.dll
MOD - [2013/01/12 09:54:04 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\51e7151c1420690c754d7f986c4b1c42\System.Runtime.Serialization.ni.dll
MOD - [2013/01/10 17:12:34 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 17:12:30 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
MOD - [2013/01/10 17:12:20 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/10 17:12:11 | 002,516,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\327ac5b3c1dd2109a4eda92ecacd855b\System.Data.Linq.ni.dll
MOD - [2013/01/10 17:12:08 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll
MOD - [2013/01/10 17:12:04 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll
MOD - [2013/01/10 17:11:12 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 17:11:01 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/10 17:10:15 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/01/10 17:10:03 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2013/01/10 17:10:02 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013/01/10 17:09:53 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2013/01/05 04:44:13 | 003,021,872 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012/12/20 19:19:56 | 000,077,880 | ---- | M] () -- C:\Programme\Soluto\PCGDllExportInspector.dll
MOD - [2012/12/20 19:19:56 | 000,049,720 | R--- | M] () -- C:\Programme\Soluto\PCGDeviceScanLib.dll
MOD - [2012/12/14 15:05:23 | 002,469,992 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2012/12/14 15:04:01 | 002,162,280 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012/11/27 16:19:33 | 000,142,336 | ---- | M] () -- C:\Programme\simfy\simfy.exe
MOD - [2012/09/07 16:57:26 | 000,452,592 | ---- | M] () -- C:\Programme\ASCOMP Software\Secure Eraser\SecEraser32.dll
MOD - [2012/06/18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Programme\Notepad++\NppShell_05.dll
MOD - [2012/05/14 15:14:52 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/29 17:10:12 | 000,396,288 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSBackupManager.dll
MOD - [2011/01/31 16:21:46 | 000,342,528 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSIndexDB.dll
MOD - [2011/01/11 16:25:38 | 000,467,968 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSWatcher4.dll
MOD - [2011/01/11 16:25:38 | 000,048,128 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSLogManager.dll
MOD - [2011/01/09 16:00:42 | 000,051,712 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\QueueManager.dll
MOD - [2011/01/09 16:00:42 | 000,043,008 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSLibrariesManager.dll
MOD - [2011/01/09 16:00:42 | 000,038,400 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSLogging.dll
MOD - [2011/01/09 16:00:42 | 000,009,728 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\VSSEngine_Proxy.dll
MOD - [2011/01/09 16:00:40 | 000,144,384 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\Settings.dll
MOD - [2011/01/09 16:00:40 | 000,111,616 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\BlockLevel2.dll
MOD - [2010/11/21 15:54:34 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010/08/31 11:43:58 | 000,080,384 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSEncryption.dll
MOD - [2010/08/31 11:43:58 | 000,072,192 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSCurl.dll
MOD - [2010/08/31 11:42:12 | 000,023,040 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\WebServer\PHP\ext\php_gstl_interface.dll
MOD - [2010/06/15 11:00:28 | 000,921,088 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\sqlite3.dll
MOD - [2010/06/15 09:53:48 | 001,417,216 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
MOD - [2010/06/15 09:50:50 | 001,024,000 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSTimelineShellRes.dll
MOD - [2009/09/06 17:02:11 | 000,061,496 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2008/04/14 06:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/02/25 21:23:10 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2006/01/21 12:41:56 | 000,118,784 | ---- | M] () -- C:\Programme\Vista Rainbar\Rainmeter.exe
MOD - [2006/01/21 09:57:54 | 000,245,760 | ---- | M] () -- C:\Programme\Vista Rainbar\Rainmeter.dll
MOD - [2005/02/17 10:22:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\CTXFIGER.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/09 09:34:59 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/05 04:44:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/20 19:34:28 | 000,167,048 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV - [2012/12/20 19:34:26 | 000,542,344 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2012/12/20 19:27:04 | 001,246,344 | ---- | M] (Soluto) [On_Demand | Stopped] -- C:\Programme\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV - [2012/12/14 15:05:23 | 002,469,992 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012/08/11 15:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/05/14 15:14:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/14 15:14:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/05/14 15:14:51 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/05/14 15:14:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/08/05 11:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/01/11 16:25:38 | 000,362,624 | ---- | M] (Genie-Soft) [On_Demand | Running] -- C:\Programme\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/07/30 21:17:20 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Disabled | Stopped] -- C:\Programme\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012/12/20 19:19:42 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2012/06/03 09:45:50 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2012/05/14 15:14:52 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/14 15:14:52 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/11/21 12:02:36 | 000,148,992 | ---- | M] (1&1 Mail & Media GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\uiwbrdr.SYS -- (uiwbrdr)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/23 09:38:50 | 000,056,320 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\DualCoreCenter\RushTop.sys -- (RushTopDevice2)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/27 07:08:04 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter)
DRV - [2008/02/14 10:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/01/03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/03/05 12:08:36 | 000,079,649 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rdwm1009.sys -- (RDID1009)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/05/24 04:41:07 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/05/24 04:41:04 | 000,499,584 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2006/05/24 04:40:21 | 001,110,016 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/05/24 04:38:30 | 000,116,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/05/24 04:38:08 | 000,143,872 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/05/24 04:38:01 | 000,078,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/05/24 04:37:44 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/04/21 05:26:42 | 000,024,192 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM851X.SYS -- (ADM851X)
DRV - [2005/11/10 10:06:03 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {EBCEEC28-9373-400C-B420-7A47C14B26DB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{EBCEEC28-9373-400C-B420-7A47C14B26DB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=117423&tt=5112_3&babsrc=HP_ss&mntrId=54285660000000000000001d92f40c1c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=117423&tt=5112_3&babsrc=HP_ss&mntrId=54285660000000000000001d92f40c1c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 11 85 66 B0 2F CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {EBCEEC28-9373-400C-B420-7A47C14B26DB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=5112_3&babsrc=SP_ss&mntrId=54285660000000000000001d92f40c1c
IE - HKCU\..\SearchScopes\{3A6CE8D6-4378-4163-82AE-AB0FB8486811}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{B52B82D4-3107-4D0F-B25E-677FA0CCF2D9}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{FE459AD1-0C34-4936-86E1-A48C71F6C584}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1205
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B58bd07eb-0ee0-4df0-8121-dc9b693373df%7D:2.5.1005.80
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.5.1
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.backup.ftp: "94.23.192.21"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "94.23.192.21"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "94.23.192.21"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "94.23.192.21"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "94.23.192.21"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "94.23.192.21"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "94.23.192.21"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "94.23.192.21"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "94.23.192.21"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search Results"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Programme\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/07 10:46:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013/01/10 23:34:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013/01/09 09:37:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012/12/21 23:58:00 | 000,000,000 | ---D | M]
 
[2012/01/02 11:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Extensions
[2012/11/01 22:11:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2013/01/11 12:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\extensions
[2012/10/16 10:29:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/12/06 11:11:52 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\extensions\donottrackplus@abine.com
[2013/01/11 12:35:44 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\extensions\toolbar@web.de
[2012/12/04 13:06:45 | 000,213,444 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\extensions\torntv@torntv.com.xpi
[2012/12/05 16:11:56 | 000,007,919 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js
[2011/11/05 17:15:50 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\11-suche.xml
[2012/12/21 23:57:32 | 000,006,520 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\BrowserProtect.xml
[2011/11/05 17:15:50 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\englische-ergebnisse.xml
[2011/11/05 17:15:50 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\gmx-suche.xml
[2011/11/05 17:15:50 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\lastminute.xml
[2012/01/02 11:08:40 | 000,002,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\Search_Results.xml
[2012/01/03 16:31:42 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\sweetim.xml
[2011/08/30 15:50:17 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\webde-suche.xml
[2013/01/10 23:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/12/06 14:34:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/12/06 14:34:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/12/06 14:34:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/01/10 23:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2013/01/10 23:34:27 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012/12/21 23:58:00 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSERPROTECT\2.5.1005.80\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2012/06/16 11:50:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/06 15:49:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/01/05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2005/04/27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\mozilla firefox\plugins\npracplug.dll
[2011/03/22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2010/03/31 09:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 11:36:02 | 000,107,760 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2013/01/05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/12/21 23:57:32 | 000,006,520 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2013/01/05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013/01/05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2013/01/05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/02 11:08:40 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml
[2013/01/05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/01/05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={069A84CF-3620-11E1-AD94-001D92F40C1C}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.searchqu.com/406
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Programme\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npracplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPSibelius.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: PriceGong = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.4_0\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/03/20 22:17:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Programme\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Programme\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (ST-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\Webbrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\Webbrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\Webbrowser: (ST-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Programme\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WEB.DE_WEB.DE SmartDrive Manager] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE (1&1 Mail & Media GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Lutz\Startmenü\Programme\Autostart\Vista Rainbar.lnk = C:\Programme\Vista Rainbar\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0129280-5559-48B9-BB12-40CFA1794BCC}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\programme\soluto\soluto.exe /userinit) - c:\programme\soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/17 17:33:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/15 19:31:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lutz\Desktop\OTL.exe
[2013/01/15 16:41:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Startmenü\Programme\BrowserPlus
[2013/01/15 16:41:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Yahoo!
[2012/12/27 21:48:44 | 000,051,144 | ---- | C] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys
[2012/12/27 21:48:39 | 000,000,000 | ---D | C] -- C:\Programme\Soluto
[2012/12/27 21:48:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Soluto
[2012/12/22 11:36:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\ASCOMP Software
[2012/12/22 11:31:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ASCOMP Software
[2012/12/22 11:31:34 | 000,000,000 | ---D | C] -- C:\Programme\ASCOMP Software
[2012/12/22 10:59:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\dvd
[2012/12/22 10:57:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\DVD Flick
[2012/12/22 10:57:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DVD Flick
[2012/12/22 10:57:40 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2012/12/22 10:57:40 | 000,000,000 | ---D | C] -- C:\Programme\DVD Flick
[2012/12/22 10:56:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\My Documents
[2012/12/22 10:44:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Canneverbe Limited
[2012/12/22 10:44:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012/12/22 10:44:00 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP
[2012/12/22 06:15:52 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2012/12/22 06:15:52 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2012/12/22 05:31:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\DeepBurner
[2012/12/22 05:31:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DeepBurner
[2012/12/22 05:31:04 | 000,000,000 | ---D | C] -- C:\Programme\Astonsoft
[2012/12/22 05:24:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Wondershare
[2012/12/22 05:23:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files
[2012/12/22 05:23:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Eigene Dateien\Wondershare DVD Creator
[2012/12/22 00:08:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2012/12/22 00:01:43 | 000,000,000 | ---D | C] -- C:\Programme\pazera-software
[2012/12/22 00:01:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MP4 to AVI Converter
[2012/12/21 23:58:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Startmenü\Programme\BrowserProtect
[2012/12/21 23:58:03 | 000,000,000 | ---D | C] -- C:\Programme\Claro LTD
[2012/12/21 23:57:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect
[2012/12/21 23:57:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Claro
[2012/12/21 23:57:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Babylon
[2012/12/21 23:57:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012/12/21 23:56:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\TuneUp Software
[2012/12/21 23:56:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012/12/21 23:55:51 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012/12/21 23:55:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012/12/21 22:16:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files
[2012/12/19 20:29:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
[2012/12/19 19:43:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012/12/19 19:42:37 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012/12/19 19:42:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/09/19 10:28:08 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll
[2009/08/18 17:58:22 | 003,076,096 | ---- | C] (Jeffrey Harris) -- C:\Programme\SharePod.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/15 19:48:32 | 000,365,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\gmer-2.0.18444.exe
[2013/01/15 19:43:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/15 19:34:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/15 19:31:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lutz\Desktop\OTL.exe
[2013/01/15 19:28:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\defogger_reenable
[2013/01/15 19:27:29 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Defogger.exe
[2013/01/15 18:59:14 | 000,166,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/01/15 18:58:51 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2013/01/15 18:58:41 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/15 18:58:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/15 18:57:28 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2013/01/15 18:57:28 | 000,054,800 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2013/01/15 18:57:28 | 000,054,800 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2013/01/15 18:57:28 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2013/01/15 18:57:28 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2013/01/15 18:56:54 | 000,000,345 | RHS- | M] () -- C:\boot.ini
[2013/01/14 19:16:44 | 002,200,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Dika Golubovic.jpg
[2013/01/13 13:45:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/10 17:10:27 | 000,485,070 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/01/10 17:10:27 | 000,463,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/10 17:10:27 | 000,095,916 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/01/10 17:10:27 | 000,080,088 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/10 17:04:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/08 20:40:13 | 000,378,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Weihnachten.jpg
[2013/01/05 01:08:00 | 000,072,780 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Unser Sohn - 03.png
[2013/01/05 00:58:56 | 000,094,260 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Unsere Tochter - 02.png
[2013/01/05 00:52:09 | 000,053,095 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Unser Sohn - 01.png
[2013/01/05 00:50:10 | 000,077,852 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Unsere Tochter - 01.png
[2013/01/05 00:41:01 | 000,060,863 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Unser Sohn - 02.png
[2012/12/27 21:18:49 | 000,120,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Johanna und ihre Besatzung.jpg
[2012/12/22 04:36:09 | 000,218,624 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/21 17:52:45 | 000,247,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/20 19:19:42 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys
[2012/12/19 14:56:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/15 19:48:31 | 000,365,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\gmer-2.0.18444.exe
[2013/01/15 19:28:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\defogger_reenable
[2013/01/15 19:27:28 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Defogger.exe
[2013/01/10 18:36:03 | 002,546,640 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2013/01/08 20:40:12 | 000,378,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Weihnachten.jpg
[2013/01/05 01:07:59 | 000,072,780 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Unser Sohn - 03.png
[2013/01/05 00:58:56 | 000,094,260 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Unsere Tochter - 02.png
[2013/01/05 00:52:09 | 000,053,095 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Unser Sohn - 01.png
[2013/01/05 00:50:10 | 000,077,852 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Unsere Tochter - 01.png
[2013/01/05 00:41:00 | 000,060,863 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Unser Sohn - 02.png
[2013/01/03 14:00:41 | 002,200,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Dika Golubovic.jpg
[2012/12/27 21:18:49 | 000,120,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Desktop\Johanna und ihre Besatzung.jpg
[2012/12/22 10:44:01 | 000,001,520 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CDBurnerXP.lnk
[2012/12/22 10:44:00 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/12/21 22:15:18 | 000,000,668 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Startmenü\Programme\Movie Maker.lnk
[2012/12/19 20:27:03 | 000,002,347 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2012/11/01 21:19:09 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\.rnd
[2012/11/01 21:18:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2012/03/20 22:03:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/20 22:03:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/16 14:11:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/10 22:05:21 | 000,000,185 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/12 11:21:55 | 000,000,015 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\dlex.ini
[2011/12/01 11:31:04 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\.simfy
[2011/09/08 13:30:09 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/09/08 13:30:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/09/08 13:30:07 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/09/08 13:30:07 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/09/08 13:30:05 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/26 09:03:49 | 000,504,706 | ---- | C] () -- C:\Programme\aicon121.zip
[2011/05/05 15:39:31 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2011/05/05 15:39:30 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2011/05/05 15:39:30 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2011/04/25 21:55:24 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2011/01/03 11:33:56 | 000,000,001 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\.SIG_PINSTATUS_VOREINSTELLUNG
[2011/01/03 11:33:56 | 000,000,001 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\.SIG_DIALOG_VOREINSTELLUNG
[2009/08/18 20:17:48 | 000,006,414 | ---- | C] () -- C:\Programme\SharePodSettings.xml
[2008/11/07 12:16:35 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\default.pls
[2008/07/22 23:37:07 | 000,000,604 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T2
[2008/07/22 23:37:07 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier
[2008/07/18 20:59:19 | 000,218,624 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/18 20:59:19 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/10/26 16:05:04 | 000,000,022 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\60a7806a-0eea-424c-a464-20f4730cd631
 
========== ZeroAccess Check ==========
 
[2008/07/17 18:14:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/12/19 19:43:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/09/01 14:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon
[2010/05/04 09:52:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2012/12/21 23:57:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012/01/02 11:22:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2012/12/21 23:57:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect
[2012/12/22 10:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012/12/21 23:55:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011/09/01 14:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons
[2012/11/01 21:59:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010/01/04 13:56:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2011/09/09 12:23:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2010/01/04 12:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OviInstallerCache
[2009/02/01 11:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009/09/19 10:40:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst
[2011/12/09 11:32:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2008/10/28 10:56:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RoboForm
[2012/04/30 09:47:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soluto
[2012/12/21 23:56:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008/08/31 16:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEB.DE
[2009/09/06 21:01:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X-Setup Pro
[2009/03/28 11:34:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/09/01 15:26:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2010/04/08 18:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/19 12:01:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 14:15:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/01/02 11:09:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B49A644A-1076-4A3D-B124-DAA7862F2318}
[2012/12/21 23:55:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2011/05/26 09:04:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\aicon
[2011/04/22 12:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Amazon
[2012/12/22 11:36:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\ASCOMP Software
[2010/05/11 10:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Ashampoo
[2012/01/03 16:28:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\atunes
[2012/12/21 23:57:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Babylon
[2012/12/22 10:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Canneverbe Limited
[2011/03/17 22:30:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Chess Tutor
[2012/12/21 23:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Claro
[2012/02/15 09:42:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\DDMSettings
[2012/12/22 05:45:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\DeepBurner
[2012/11/01 17:32:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Dropbox
[2012/10/02 17:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\EAC
[2010/05/05 23:08:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Facebook
[2011/07/18 09:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\FileZilla
[2012/01/03 15:07:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Genie-Soft
[2012/11/01 18:45:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\GlarySoft
[2010/08/23 11:59:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\letstunes
[2012/11/01 21:31:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Neuratron
[2012/11/01 21:43:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Notepad++
[2011/04/08 13:22:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\OpenOffice.org
[2008/07/18 21:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\PC Suite
[2012/11/01 22:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\PriceGong
[2012/01/02 11:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\searchqutoolbar
[2009/08/18 18:10:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\SharePod
[2012/04/24 19:26:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\ShredderChess
[2011/07/19 14:29:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Simfy
[2012/01/10 22:43:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Soluto
[2012/11/01 22:10:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Songbird2
[2009/05/21 12:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\SoundSpectrum
[2012/12/21 23:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\TuneUp Software
[2011/09/08 13:31:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Video DVD Maker FREE
[2009/05/08 11:24:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\WEB.DE
[2009/09/07 23:50:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\X-Setup Pro
 
========== Purity Check ==========
 
< End of report >

--- --- ---

Log file von Gmer:

Code:

ATTFilter

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-15 20:07:15
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 SAMSUNG_HD321KJ rev.CP100-12 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\DOKUME~1\Lutz\LOKALE~1\Temp\pxtdapow.sys


---- System - GMER 2.0 ----

SSDT      F6CB38AC                                                                                           ZwClose
SSDT      F6CB3866                                                                                           ZwCreateKey
SSDT      F6CB38B6                                                                                           ZwCreateSection
SSDT      F6CB388E                                                                                           ZwCreateSymbolicLinkObject
SSDT      F6CB385C                                                                                           ZwCreateThread
SSDT      F6CB386B                                                                                           ZwDeleteKey
SSDT      F6CB3875                                                                                           ZwDeleteValueKey
SSDT      F6CB38A7                                                                                           ZwDuplicateObject
SSDT      F6CB3893                                                                                           ZwLoadDriver
SSDT      F6CB387A                                                                                           ZwLoadKey
SSDT      F6CB3848                                                                                           ZwOpenProcess
SSDT      F6CB3889                                                                                           ZwOpenSection
SSDT      F6CB384D                                                                                           ZwOpenThread
SSDT      F6CB38CF                                                                                           ZwQueryValueKey
SSDT      F6CB3884                                                                                           ZwReplaceKey
SSDT      F6CB38C0                                                                                           ZwRequestWaitReplyPort
SSDT      F6CB387F                                                                                           ZwRestoreKey
SSDT      F6CB38BB                                                                                           ZwSetContextThread
SSDT      F6CB38C5                                                                                           ZwSetSecurityObject
SSDT      F6CB3898                                                                                           ZwSetSystemInformation
SSDT      F6CB3870                                                                                           ZwSetValueKey
SSDT      F6CB38CA                                                                                           ZwSystemDebugControl
SSDT      F6CB3857                                                                                           ZwTerminateProcess
SSDT      F6CB3852                                                                                           ZwWriteVirtualMemory

INT 0x63  ?                                                                                                  FAD10BBC
INT 0x73  ?                                                                                                  F8D42E54
INT 0x83  ?                                                                                                  FACC8AFC
INT 0x84  ?                                                                                                  FA994AA4
INT 0x92  ?                                                                                                  F8E3A2AC
INT 0x94  ?                                                                                                  FA1EB644
INT 0xA4  ?                                                                                                  FA203644
INT 0xB1  ?                                                                                                  FADD02AC
INT 0xB4  ?                                                                                                  FA776B74

---- Kernel code sections - GMER 2.0 ----

.text     C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                           section is writeable [0xF54C7360, 0x372FAD, 0xE8000020]
?         C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys                                                            Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 2.0 ----

.text     c:\Programme\Zune\ZuneBusEnum.exe[144] USER32.dll!DialogBoxParamW                                  7E3747AB 5 Bytes  JMP 10004620 c:\dokume~1\alluse~1\anwend~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll
.text     C:\WINDOWS\System32\svchost.exe[448] USER32.dll!DialogBoxParamW                                    7E3747AB 5 Bytes  JMP 10004620 c:\dokume~1\alluse~1\anwend~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll
.text     C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[516] USER32.dll!DialogBoxParamW       7E3747AB 5 Bytes  JMP 10004620 c:\dokume~1\alluse~1\anwend~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll
.text     C:\WINDOWS\System32\svchost.exe[560] USER32.dll!DialogBoxParamW                                    7E3747AB 5 Bytes  JMP 10004620 c:\dokume~1\alluse~1\anwend~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll
.text     C:\WINDOWS\system32\winlogon.exe[800] USER32.dll!DialogBoxParamW                                   7E3747AB 5 Bytes  JMP 10004620 c:\dokume~1\alluse~1\anwend~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll
.text     ...                                                                                                
.text     C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2452] USER32.dll!GetSysColor              7E368E78 5 Bytes  JMP 1002059F C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text     C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2452] USER32.dll!GetSysColorBrush         7E368EAB 5 Bytes  JMP 100205DE C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text     C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2452] USER32.dll!SetScrollInfo            7E369056 7 Bytes  JMP 10020533 C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text     C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2452] USER32.dll!DialogBoxParamW          7E3747AB 5 Bytes  JMP 00A34620 c:\dokume~1\alluse~1\anwend~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll
.text     C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2452] USER32.dll!GetScrollInfo            7E37DFE2 7 Bytes  JMP 100204E2 C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text     C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2452] USER32.dll!ShowScrollBar            7E37F2F2 2 Bytes  JMP 10020584 C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text     C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2452] USER32.dll!ShowScrollBar + 3        7E37F2F5 2 Bytes  [CA, 91]
.text     C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2452] USER32.dll!GetScrollPos             7E37F704 5 Bytes  JMP 100204FD C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text     C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2452] USER32.dll!SetScrollPos             7E37F750 5 Bytes  JMP 1002054E C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text     C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2452] USER32.dll!GetScrollRange           7E37F787 5 Bytes  JMP 10020518 C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text     C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2452] USER32.dll!SetScrollRange           7E37F99B 5 Bytes  JMP 10020569 C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text     C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2452] USER32.dll!EnableScrollBar          7E3B8005 7 Bytes  JMP 100204C7 C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll (SkinMagic Toolkit/Appspeed Inc.)
.text     C:\WINDOWS\system32\ctfmon.exe[2472] USER32.dll!DialogBoxParamW                                    7E3747AB 5 Bytes  JMP 10004620 c:\dokume~1\alluse~1\anwend~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll
.text     C:\WINDOWS\SYSTEM32\CTXFISPI.EXE[2672] USER32.dll!DialogBoxParamW                                  7E3747AB 5 Bytes  JMP 10004620 c:\dokume~1\alluse~1\anwend~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll
.text     C:\WINDOWS\system32\wbem\wmiapsrv.exe[2724] USER32.dll!DialogBoxParamW                             7E3747AB 5 Bytes  JMP 10004620 c:\dokume~1\alluse~1\anwend~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll
.text     C:\Programme\Logitech\SetPoint\SetPoint.exe[2852] USER32.dll!DialogBoxParamW                       7E3747AB 5 Bytes  JMP 009B4620 c:\dokume~1\alluse~1\anwend~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll
.text     C:\Programme\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe[2908] USER32.dll!DialogBoxParamW  7E3747AB 5 Bytes  JMP 01024620 c:\dokume~1\alluse~1\anwend~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll
.text     ...                                                                                                

---- EOF - GMER 2.0 ----

Beim Öffnen eines neuen Tabs in Firefox erscheint permanent Claro Search

Plagegeister aller Art und deren Bekämpfung: Beim Öffnen eines neuen Tabs in Firefox erscheint permanent Claro Search

Beim Öffnen eines neuen Tabs in Firefox erscheint permanent Claro Search

Ähnliche Themen: Beim Öffnen eines neuen Tabs in Firefox erscheint permanent Claro Search