![]() |
|
Plagegeister aller Art und deren Bekämpfung: Ungültiges Bild - Windows 7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() ![]() | ![]() Ungültiges Bild - Windows 7 Hallo Zusammen, habe leider Töchterlein schon lange nicht mehr auf die Finger geschaut... Beim Start von Chrome oder Firefox und mittlerweile von anderen Programmen kommt immer diese Meldung. Ungültiges Bild - xxx.dll ist entweder nicht für die Ausführung unter Windows vorgesehen oder enthält einen Fehler ... Darauf hin habe ich den Malwarebytes Anti-Malware laufen lassen und dort kamen dann (PUP.Funmoods) und 2 Rootviren zum Vorschein. Habe anschliessend OTL und GERM geladen und die Logfiles erstellt. Könnt ihr bitte mal drüberschauen und sagen, ob noch was zu retten ist? Ich habe zwar eine Recovery-CD, aber ich habe noch kein System neu aufgesetzt. Vielen Dank und viele Grüße Uli OTL Code:
ATTFilter OTL logfile created on: 12.02.2013 00:22:45 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxx\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 74,96% Memory free 7,73 Gb Paging File | 6,85 Gb Available in Paging File | 88,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581,42 Gb Total Space | 493,16 Gb Free Space | 84,82% Space Free | Partition Type: NTFS Computer Name: xxxx-PC | User Name: xxxx| Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxxx\Downloads\OTL.com (OldTimer Tools) ========== Modules (No Company Name) ========== MOD - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll () MOD - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll () MOD - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll () ========== Services (SafeList) ========== SRV:64bit: - (WebOptimizer) -- C:\Windows\SysNative\dmwu.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.) SRV - (vToolbarUpdater14.1.7) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (FSORSPClient) -- C:\Program Files (x86)\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (FSMA) -- C:\Program Files (x86)\M-net\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- C:\Program Files (x86)\M-net\Sicherheitspaket\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (Maxtor Sync Service) -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC) SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (avmaura) -- C:\Windows\SysNative\drivers\avmaura.sys (AVM Berlin) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (fsbts) -- C:\Windows\SysNative\drivers\fsbts.sys () DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (acedrv09) -- C:\Windows\SysNative\drivers\acedrv09.sys (Protect Software GmbH) DRV:64bit: - (acehlp09) -- C:\Windows\SysNative\drivers\acehlp09.sys (Protect Software GmbH) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\Windows\SysWOW64\drivers\fsbts.sys () DRV - (F-Secure HIPS) -- C:\Program Files (x86)\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (fsvista) -- C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6DC0B2DD-0FDB-82BC-95BE-6D953C4BB2C2}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10016&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED} IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=114347&tt=090812_ppc_3212_7&babsrc=HP_ss&mntrId=7c4e86d4000000000000c0cb3813afb0 IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=2&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED} IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114347&tt=090812_ppc_3212_7&babsrc=SP_ss&mntrId=7c4e86d4000000000000c0cb3813afb0 IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes\{6DC0B2DD-0FDB-82BC-95BE-6D953C4BB2C2}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10016&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED} IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={48937519-2FCF-4CF4-8832-64F200E9A0AA}&mid=454a7ff0d5e247d0b7632104e47e881e-d3af78b1fd4e46e4f1cc12e6e04a0accfc389ce4&lang=de&ds=AVG&pr=pr&d=2012-08-11 20:18:59&v=12.2.0.5&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6R8BKlqZkq&i=26 IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000.10016&st=1&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED}&q={searchTerms}&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED} IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED}" FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "SearchTheWeb" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.iminent.com/?appId=C7BBB885-60DD-411D-A3EA-677FCF3E14B1" FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:5.30.4 FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledAddons: litmus-ff@f-secure.com:1.10 FF - prefs.js..extensions.enabledAddons: webbooster@iminent.com:5.49.4.0 FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0 FF - prefs.js..extensions.enabledAddons: avg@toolbar:14.1.0.10 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bfd9495a9-7b09-46a2-bbab-d7c3d5f196f7%7D&mid=454a7ff0d5e247d0b7632104e47e881e-d3af78b1fd4e46e4f1cc12e6e04a0accfc389ce4&ds=AVG&v=13.2.0.5&lang=de&pr=pr&d=2012-08-11%2020%3A18%3A59&sap=ku&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114347&tt=090812_ppc_3212_7&babsrc=HP_ss&mntrId=7c4e86d4000000000000c0cb3813afb0" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.defaultenginename: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\xxxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.29 14:31:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2013.01.03 18:40:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.29 14:31:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.1.0.10 [2013.02.08 20:46:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.04 20:55:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.04 20:55:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.04 20:55:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.01 13:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions [2011.05.01 13:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.02.11 23:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\g2jbo56y.default\extensions [2013.02.06 20:33:50 | 000,224,945 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\g2jbo56y.default\extensions\gophoto@gophoto.it.xpi [2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\g2jbo56y.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013.02.11 20:36:16 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\g2jbo56y.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.12.10 18:15:30 | 000,003,978 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\g2jbo56y.default\searchplugins\sweetim.xml [2012.08.11 11:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.09 09:14:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.11 11:38:27 | 000,000,000 | ---D | M] (DealPly) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} File not found (No name found) -- C:\PROGRAM FILES (X86)\IMINENT\WEBBOOSTER@IMINENT.COM [2013.01.03 18:40:41 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- C:\PROGRAM FILES (X86)\M-NET\SICHERHEITSPAKET\NRS\LITMUS-FF@F-SECURE.COM [2013.02.08 20:46:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.1.0.10 File not found (No name found) -- C:\USERS\xxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2JBO56Y.DEFAULT\EXTENSIONS\{C9B68337-E93A-44EA-94DC-CB300EC06444} File not found (No name found) -- C:\USERS\xxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2JBO56Y.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM [2012.07.31 10:27:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.05.16 13:34:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.08 20:46:02 | 000,003,592 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.08.11 11:32:20 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.05.16 13:34:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.05.16 13:34:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.05.16 13:34:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.16 13:34:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.16 13:34:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxxx\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\xxxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\xxxx\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\xxxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Funmoods = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.0.1_0\ CHR - Extension: SpeedDial = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: Babylon Toolbar = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: Web Assistant = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.478_0\ CHR - Extension: DealPly = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: DealPly = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.3.7.2_0\ CHR - Extension: AVG Security Toolbar = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.1.0.10_0\ CHR - Extension: GoPhoto.it = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (DivX) - {1E37A1FF-843E-4627-A8C4-00279C4ACDC2} - C:\Users\xxxx\AppData\Roaming\DivX\IE\DivX.dll (DivX, LLC. Rovi Corporation) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (NoScript) - {601369AE-97AF-4402-807D-7516155B484B} - C:\Users\xxxx\AppData\Roaming\NoScript\IE\NoScript.dll (Giorgio Maone) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll () O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O3 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\M-net\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [mxomssmenu] C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\Run: [{E334E162-0A31-688C-E341-BBAE31151EFC}] C:\Users\xxxx\AppData\Roaming\Reymd\ebza.exe File not found O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\Run: [AVMUSBFernanschluss] C:\Users\xxxx\AppData\Local\Apps\2.0\J678VH6P.L93\MYPC1L0P.HW7\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin) O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\Run: [Facebook Update] C:\Users\xxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\Run: [Spotify] C:\Users\xxxx\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\Run: [Spotify Web Helper] C:\Users\xxxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKLM..\RunOnce: [Del2199551] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\RunOnce: [Del2199551] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.13.2) O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02732CE3-ACE5-414B-AB9E-60A0EB2C3EA2}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C39A436-F746-4C31-99A0-2B839CAE794B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll () O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\BROWSE~1.DLL () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.12 00:20:33 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\DealPly [2013.02.12 00:19:27 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\Virus [2013.02.12 00:07:48 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes [2013.02.12 00:07:39 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.12 00:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.12 00:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.12 00:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.12 00:07:19 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Programs [2013.02.11 20:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.11 20:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.02.11 20:53:26 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.02.11 20:53:26 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.11 20:52:39 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.11 20:52:39 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.11 20:52:39 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.11 20:25:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.02.08 20:48:09 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\Simkarte [2013.02.06 20:27:44 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte [2013.02.05 19:35:07 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\vlc [2013.02.05 19:35:06 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Local Settings [2013.02.05 19:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.02.05 19:33:25 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker [2013.02.05 19:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FilesFrog Update Checker [2013.02.05 19:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it [2013.01.31 17:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.01.17 18:32:58 | 000,116,480 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmaura.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.12 00:07:39 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.11 23:49:08 | 001,522,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.11 23:49:08 | 000,661,834 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.11 23:49:08 | 000,623,716 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.11 23:49:08 | 000,133,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.11 23:49:08 | 000,109,954 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.11 23:44:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.11 23:44:10 | 3113,238,528 | -HS- | M] () -- C:\hiberfil.sys [2013.02.11 23:30:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job [2013.02.11 23:29:43 | 000,298,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.11 23:11:07 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3354740022-1682059011-2982652592-1001UA.job [2013.02.11 23:09:14 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.02.11 23:02:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.11 22:58:28 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3354740022-1682059011-2982652592-1001Core.job [2013.02.11 22:53:05 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3354740022-1682059011-2982652592-1001UA.job [2013.02.11 22:48:05 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.11 22:48:04 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.11 21:31:40 | 109,675,590 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2013.02.11 21:16:09 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2013.02.11 21:16:08 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2013.02.11 20:52:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.11 20:52:22 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.02.11 20:52:22 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.11 20:52:22 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.11 20:52:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.11 20:52:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.08 20:45:23 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013.02.04 14:46:49 | 000,072,507 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2013.02.03 13:59:07 | 000,002,366 | ---- | M] () -- C:\Users\xxxx\Desktop\Google Chrome.lnk [2013.01.28 18:43:32 | 422,348,078 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.17 18:32:42 | 000,116,480 | ---- | M] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmaura.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.12 00:07:39 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.22 18:43:05 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job [2012.08.11 11:38:16 | 000,384,844 | ---- | C] () -- C:\Users\xxxx\AppData\Local\funmoods-speeddial.crx [2012.08.11 11:38:16 | 000,031,465 | ---- | C] () -- C:\Users\xxxx\AppData\Local\funmoods.crx [2011.11.03 16:57:35 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2011.05.23 17:18:58 | 000,027,648 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.01 08:49:25 | 001,550,100 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.30 16:49:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.31 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013.01.31 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2012.08.11 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\AVG2012 [2012.08.11 11:32:08 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Babylon [2012.08.11 11:33:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\BabylonToolbar [2013.02.12 00:20:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DealPly [2012.06.17 09:50:36 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\EssentialPIM Pro [2012.10.12 13:34:27 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\F-Secure [2011.12.22 14:37:41 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\FRITZ! [2011.09.16 18:09:30 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\go [2012.02.16 15:46:24 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Idegun [2012.05.13 11:55:21 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Klett [2012.04.05 19:49:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Kytoih [2012.07.14 09:49:31 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Nvu [2011.07.03 12:57:50 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\OpenOffice.org [2012.02.16 15:42:15 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Oxcu [2011.05.01 18:50:36 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Phase6 [2012.02.18 12:59:36 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Reymd [2012.12.22 19:38:38 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SoftGrid Client [2013.02.11 23:34:02 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Spotify [2013.02.11 23:16:34 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Systweak [2011.05.01 13:33:53 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Thunderbird [2011.05.01 08:50:13 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TP [2011.07.02 16:34:22 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\WildTangent [2011.04.30 16:53:47 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.02.2013 00:22:45 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vali\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 74,96% Memory free 7,73 Gb Paging File | 6,85 Gb Available in Paging File | 88,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581,42 Gb Total Space | 493,16 Gb Free Space | 84,82% Space Free | Partition Type: NTFS Computer Name: xxxxPC | User Name: xxxx| Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F251030-5F36-46A2-A851-3A36248EE846}" = lport=139 | protocol=6 | dir=in | app=system | "{111B9EE6-D497-4937-99DB-2D9D9EC0326B}" = rport=10243 | protocol=6 | dir=out | app=system | "{2D1988C8-C0E3-4F59-90B4-AEFFE64B0336}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2E984FFB-CABD-481A-B077-9D37562E1691}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{33D81A77-53A8-4DFB-B67E-D93BEE6E741D}" = lport=2869 | protocol=6 | dir=in | app=system | "{41FB7B46-6573-45FC-B687-EE68F8719435}" = rport=137 | protocol=17 | dir=out | app=system | "{460C1118-D497-4823-AC3F-EBCDBFBFC347}" = lport=445 | protocol=6 | dir=in | app=system | "{578F4F8B-5544-4E52-918E-1AAC402E8D40}" = lport=138 | protocol=17 | dir=in | app=system | "{59FD3F55-27C2-4025-81D6-811B1DE7CFA0}" = rport=445 | protocol=6 | dir=out | app=system | "{5BAD54CD-629B-4BAA-9E6A-B546E9701E3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7C6A125A-ABF0-4D54-9110-2AFA134BD108}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8415A67F-6C06-4867-95B3-9BD522B72F23}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{84DC0458-6B96-4640-A7EF-AEA8680B26BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A28C0DB0-84FE-4B51-AC9C-ACE732565D10}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B7E6AD2C-176B-4C3E-813F-5581FF221A7A}" = lport=137 | protocol=17 | dir=in | app=system | "{B825A56C-50CD-4B88-AC8F-829A39681106}" = rport=139 | protocol=6 | dir=out | app=system | "{BC292893-3CCF-4D1C-8E40-ED002B2A2FB1}" = rport=138 | protocol=17 | dir=out | app=system | "{BE54001E-0AF9-4C76-B754-1C4E66A3DAA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C5A59292-97B4-40D8-8221-E72640D4D6EB}" = lport=10243 | protocol=6 | dir=in | app=system | "{D08E7550-A04A-4C15-8525-4CCB4C71FE5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DA8274E5-F393-43BD-AE2C-0B81784FCC66}" = lport=2869 | protocol=6 | dir=in | app=system | "{E23DA732-BCE3-4430-B4D9-D5B44BF39690}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EE0DAD39-5E69-4876-9D3C-9E6690A1B016}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EF5C2752-5778-4978-B3D3-D2660DED4D2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F9FB1C55-FB4A-4C11-B958-3BDF8F879412}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02A4FC99-5968-4159-AD9E-6401AF8A386A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{050388FA-4372-4D8C-9E31-CC091207287A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{07E1C365-0920-4F0A-BE36-54E3E30093D8}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe | "{098AFC7F-C50A-43BB-930E-EBE611040CCB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0A93B689-619E-418E-AB75-5C1C8912DA4A}" = dir=in | app=c:\users\vali\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{120BF98B-63C3-4D83-B33E-7BA481782884}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{177170DD-0467-4FF6-8C73-31FCCD31E9AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1820A0E0-553D-4795-B2C0-A0C2C2F41E46}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{18456809-6293-430A-9B2A-6964C668664E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{18A8BFD7-FADA-4E9F-9B36-6F983367A684}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{1CD9058E-1E7A-4C43-9467-B7E607EAC49B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1D16D2B0-C282-4A8B-A75C-273DDBEDF42F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1DC132F7-C2D8-4464-B859-4B16A4B6BA76}" = protocol=6 | dir=out | app=system | "{204A27DF-E692-4504-A769-E03D6DC3CFD8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{232DECA5-551C-4764-8775-97E7B53F1254}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe | "{277327E9-C882-4F95-B955-0339217114F0}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{2874D7D5-F998-4FF1-A4E3-535DC4033083}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{36F8FA22-9174-43DC-A861-7404DE5435E8}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{39936E84-2360-4CE8-B0D1-45996B43DB0A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{3BCD9199-5C3F-443A-9477-83644462C4B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{40079DE9-3741-45C2-AB47-25E9382519D2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{426DC2BE-B4FB-405C-A906-14773FBD9BF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{48194BFC-8187-4507-8B1A-9DE1D8E9FAF9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{4969171C-35D3-414B-A5DA-C04E15B62817}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4EECDB24-C79E-4C2F-9DFD-77B80BD63355}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe | "{5B5F3FDA-C766-4560-BDD4-1FF5CF70B8C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5D87D3FE-520C-4072-A158-9FC84E3E2979}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5FFFEB69-FB55-47F5-8402-2BAAD15D36A4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{61F445AA-E09F-49E0-84D1-B97874DF9FF7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{632638D0-7E09-4B16-B842-5F5FBE9DE286}" = protocol=6 | dir=in | app=c:\users\vali\appdata\local\apps\2.0\j678vh6p.l93\mypc1l0p.hw7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{634B6336-6B75-4CF0-87D5-D27DC78EBEBA}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{67D6FDA9-EFE5-44D1-84F4-6D36C967AF87}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{68883797-1F7A-43DD-8F50-6D387141B4BB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{78F8489C-51B8-4284-BDB9-D8ADC52C15DB}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{7B8C371D-0202-4CCF-AF58-5A955FC58EF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7CDB6E09-81CE-4578-9273-FC7A7253F665}" = protocol=17 | dir=in | app=c:\users\vali\appdata\local\apps\2.0\j678vh6p.l93\mypc1l0p.hw7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{879B2610-26DE-41BA-ABE5-E53E32D2D6EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8B4B4826-1B32-4B03-8FB5-BBE175616B14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8CFB812A-8B9F-4E6E-AA58-C5B27DEFD8FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8D357124-4CD3-49F8-8E90-64B507B698ED}" = protocol=6 | dir=in | app=c:\users\vali\appdata\local\apps\2.0\j678vh6p.l93\mypc1l0p.hw7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{8E0DBA75-7466-44FB-AF1E-D97CC4BE69E2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{8FF6413D-BDB3-435D-B03C-718FCC3CF2D5}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe | "{9655123F-CD2A-469C-BC24-6C99E085058C}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe | "{97EC672A-AE99-4380-8831-ED25B4F5699B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{982D33C7-49F5-4628-93F9-EF9486EF6F4D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{98CFFFC8-8849-4155-9125-B27541AC8738}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9AE4D6F0-D91E-4CA3-96E8-9307A84166DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9C085D26-9669-41FF-BC66-37297558D334}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{9CA34BE2-9B2C-43FB-8782-98B48CC00AC1}" = protocol=6 | dir=in | app=c:\users\vali\appdata\local\apps\2.0\j678vh6p.l93\mypc1l0p.hw7\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe | "{A50F0FF8-5CD4-4C50-B768-82128A1AE780}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{A60CC92F-5EF0-4BFD-86EB-861550986018}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{A917DC36-E8DD-4566-B39A-6D0F203B4F1F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{B6345A83-2870-439F-86A9-F7EAE79E39EF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{BC1C5B64-F88F-4486-83C5-5B5C240FF6EB}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{BC977599-F79F-49EA-98C3-3B522DF115E0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{BE5310DE-60DE-4FE1-8090-8D8F5EAFD55F}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{BEAC434E-FC89-4A7C-9782-F7CBC9BBFD97}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{C2D29DD9-9079-424A-A1DB-73A52D75F41C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{CF9B1058-604C-42DE-9B4D-DF7074CC5733}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{DB09CB2D-468A-42A7-B9B4-A26DD06B72BB}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe | "{DBD80052-152D-4A5A-8846-10542AEA6525}" = protocol=17 | dir=in | app=c:\users\vali\appdata\local\apps\2.0\j678vh6p.l93\mypc1l0p.hw7\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe | "{F01C4BD9-4CE9-4555-A3D6-FDB2EB613996}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F3528BBD-8B9E-4540-A8FE-2BE3C097DBDF}" = protocol=17 | dir=in | app=c:\users\vali\appdata\local\apps\2.0\j678vh6p.l93\mypc1l0p.hw7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "TCP Query User{85DBCF08-24C0-4998-A583-FC44474066C2}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{91F93724-BF04-49E4-9449-7E7824096468}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{43B54C9B-1B7C-47FD-9E16-8EAF1CCEB746}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{AD91508B-BB41-4B8B-A34D-4531A17B50EE}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety "{26A24AE4-039D-4CA4-87B4-2F86416018F0}" = Java(TM) 6 Update 18 (64-bit) "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{70AD2848-D236-459A-BF18-BF8E063D7BB2}" = AVG 2012 "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F59A8AC-1D7B-8578-38F7-8F5166FA8580}" = ccc-utility64 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock "{EF5745D9-C0A7-4D40-2900-AD093F232827}" = ATI Catalyst Install Manager "{F2A13695-0BD3-47E2-91E0-2F5DB86FA439}" = AVG 2012 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501) "AVG" = AVG 2012 "DW WLAN Card Utility" = DW WLAN Card Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver "WNLT" = Web Optimizer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1B2BDFB3-3786-A62F-F498-83F9EE3FBD0F}" = CCC Help Japanese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20068980-5702-5CA7-F335-6592852F7F59}" = CCC Help Italian "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3D6F16CA-13B8-6425-A71A-B91DB3E14F51}" = CCC Help Danish "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DE43CB4-9FB5-82E1-780C-9D38E2F1391E}" = CCC Help Dutch "{4E92EA05-3171-42DA-91BF-88F96440B180}" = Découvertes 1 Sprachtrainer Kommunikation "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{597BBBD5-8A69-CF88-2DE3-67194CE5C071}" = Catalyst Control Center Graphics Previews Common "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding "{7677040A-E5AA-998C-8810-59F0B5D3E0A8}" = Catalyst Control Center InstallProxy "{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7CC90569-A7DB-5EA0-A9FE-0C5799A28B11}" = CCC Help Chinese Traditional "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8DEB7DD7-FC6D-76C6-712D-40968A736963}" = CCC Help Swedish "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92531F24-21E5-C8EC-30E6-D56536FD61C7}" = CCC Help Finnish "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9BC422FB-175A-0191-C141-B8B453DAF06E}" = Catalyst Control Center Graphics Previews Vista "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1C21906-351B-685E-7263-A4C30DF381E0}" = CCC Help German "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AB6EE148-B13E-C19D-2732-CD0EB23C39B8}" = CCC Help Portuguese "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}" = ccc-core-static "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D11D2A79-78FA-EA15-CC16-8F24817EAED2}" = CCC Help Korean "{D165A6B1-6985-072E-969E-333D759D6777}" = CCC Help Spanish "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{DF28B648-9636-5DE8-A072-54A5323B0CDA}" = CCC Help Norwegian "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E8DEB138-8DAC-EB25-87CE-D38A2C1C35CE}" = CCC Help French "{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F393B7C2-136F-2956-30A3-1099C8394B51}" = CCC Help Chinese Standard "{F6F4AF75-109A-638B-80D5-87283B00CD5E}" = Catalyst Control Center Localization All "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FB46EFDE-44F4-83F1-3044-68F5E95E3D4E}" = CCC Help English "{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0 "{FBCCCFB0-D89D-C91F-B9B1-8AB1760C1DD0}" = CCC Help Russian "{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Advanced Audio FX Engine" = Advanced Audio FX Engine "AVG Secure Search" = AVG Security Toolbar "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "BabylonToolbar" = Babylon toolbar on IE "bi_uninstaller" = Bundled software uninstaller "DealPly" = DealPly "Dell Dock" = Dell Dock "Dell Webcam Central" = Dell Webcam Central "EADM" = EA Download Manager "EssentialPIM Pro" = EssentialPIM Pro "FilesFrog Update Checker" = FilesFrog Update Checker "F-Secure Product 444" = M-net Sicherheitspaket "funmoods" = Funmoods Web Search "incredibar" = Incredibar Toolbar on IE "InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nvu_is1" = Nvu 1.0 "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "phase-6" = phase-6 2.1.2.3a "phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.4 "ProtectDisc Driver" = ProtectDisc Helper Driver "Video Downloader" = Video Downloader "WildTangent dell Master Uninstall" = WildTangent-Spiele "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3354740022-1682059011-2982652592-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DealPly" = unnm=Version Checker for Dealply "f018cf21c0452c64" = FRITZ!Box USB-Fernanschluss "Game Organizer" = EasyBits GO "Google Chrome" = Google Chrome "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.07.2012 10:39:19 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 315 2012-07-15 16:39:18+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume3\Program Files (x86)\Electronic Arts\Die Sims 3\Game\Bin\Sims3Launcher.exe Error - 15.07.2012 10:40:16 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 316 2012-07-15 16:40:15+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume3\Windows\System32\uxtheme.dll \Device\HarddiskVolume3\Program Files (x86)\M-net\Sicherheitspaket\Spam Control\fsscoepl_x64.dll Error - 15.07.2012 10:55:13 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 317 2012-07-15 16:55:12+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume3\Windows\System32\shell32.dll Error - 15.07.2012 10:55:23 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 318 2012-07-15 16:55:22+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume3\Program Files (x86)\OpenOffice.org 3\program\soffice.bin Error - 15.07.2012 10:57:04 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 319 2012-07-15 16:57:03+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume3\Windows\System32\charmap.exe Error - 15.07.2012 10:57:10 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 320 2012-07-15 16:57:09+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume3\Windows\System32\Dism.exe Error - 15.07.2012 10:57:19 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 321 2012-07-15 16:57:18+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume3\Windows\System32\ie4uinit.exe Error - 15.07.2012 10:57:47 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 322 2012-07-15 16:57:46+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume3\Windows\System32\poqexec.exe Error - 15.07.2012 10:57:52 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 323 2012-07-15 16:57:51+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume3\Windows\System32\regsvr32.exe Error - 15.07.2012 10:58:18 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 324 2012-07-15 16:58:17+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume3\Program Files\Windows Media Player\WMPDMCCore.dll Error - 15.07.2012 10:58:23 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = 325 2012-07-15 16:58:22+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus Crash detected. \Device\HarddiskVolume3\Program Files\Windows Mail\msoe.dll [ Media Center Events ] Error - 23.04.2012 09:08:39 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0 Description = 15:08:39 - Fehler beim Herstellen der Internetverbindung. 15:08:39 - Serververbindung konnte nicht hergestellt werden.. Error - 07.05.2012 10:20:40 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0 Description = 16:17:42 - Fehler beim Herstellen der Internetverbindung. 16:17:58 - Serververbindung konnte nicht hergestellt werden.. Error - 07.05.2012 11:21:05 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0 Description = 17:21:02 - Fehler beim Herstellen der Internetverbindung. 17:21:02 - Serververbindung konnte nicht hergestellt werden.. Error - 08.05.2012 09:49:49 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0 Description = 15:48:08 - Fehler beim Herstellen der Internetverbindung. 15:48:16 - Serververbindung konnte nicht hergestellt werden.. Error - 09.05.2012 08:14:17 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0 Description = 14:13:42 - Fehler beim Herstellen der Internetverbindung. 14:13:57 - Serververbindung konnte nicht hergestellt werden.. Error - 14.05.2012 10:39:46 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0 Description = 16:39:25 - Fehler beim Herstellen der Internetverbindung. 16:39:29 - Serververbindung konnte nicht hergestellt werden.. Error - 14.05.2012 17:36:06 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0 Description = 23:36:06 - Fehler beim Herstellen der Internetverbindung. 23:36:06 - Serververbindung konnte nicht hergestellt werden.. Error - 21.05.2012 18:28:08 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0 Description = 00:28:08 - Fehler beim Herstellen der Internetverbindung. 00:28:08 - Serververbindung konnte nicht hergestellt werden.. Error - 22.05.2012 09:17:20 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0 Description = 15:14:43 - Fehler beim Herstellen der Internetverbindung. 15:14:43 - Serververbindung konnte nicht hergestellt werden.. Error - 08.06.2012 17:48:53 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0 Description = 23:48:40 - Fehler beim Herstellen der Internetverbindung. 23:48:40 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 11.02.2013 18:45:19 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.02.2013 18:45:19 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.02.2013 18:45:19 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.02.2013 18:45:19 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.02.2013 18:45:21 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.02.2013 18:45:21 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.02.2013 18:45:21 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.02.2013 18:45:23 | Computer Name = Vali-PC | Source = DCOM | ID = 10005 Description = Error - 11.02.2013 18:45:23 | Computer Name = Vali-PC | Source = DCOM | ID = 10005 Description = Error - 11.02.2013 18:45:23 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.11.10 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Vali :: VALI-PC [Administrator] 12.02.2013 00:08:41 MBAM-log-2013-02-12 (00-15-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215186 Laufzeit: 3 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 33 HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{E334E162-0A31-688C-E341-BBAE31151EFC} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Vali\AppData\Roaming\Reymd\ebza.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 5 C:\Users\Vali\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Users\Vali\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Keine Aktion durchgeführt. Infizierte Dateien: 18 C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Vali\AppData\Local\Temp\R1tv_gBa.exe.part (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\Vali\Downloads\the_vampire_diaries_staffel_1_folge1.exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\Vali\Downloads\video_downloader (1).exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\Vali\Downloads\video_downloader (2).exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\Vali\Downloads\video_downloader (3).exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\Vali\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Vali\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Vali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.9183528705332796.exe.lnk (Backdoor.Agent) -> Keine Aktion durchgeführt. C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Keine Aktion durchgeführt. (Ende) |
Themen zu Ungültiges Bild - Windows 7 |
autorun, avg secure search, avg security toolbar, babylontoolbar, bho, bingbar, bonjour, browser manager, cid, dealply, desktop, dsl, error, fehler, firefox, flash player, format, google, gophoto, helper, home, install.exe, intranet, limited.com/facebook, microsoft office starter 2010, msiexec.exe, object, plug-in, realtek, registry, rundll, scan, search the web, secure search, security, somoto, spam, spotify web helper, svchost.exe, sweetpacks, system, system neu, ungültiges, ungültiges bild, viren, visual studio, vtoolbarupdater, windows |