| |  Weiterleitung über andere Adresse im Browser
 Hallo zusammen! 
Ich habe folgendes Problem:
Wenn ich z.B. auf Amazon.de gehe oder auch auf videogameszone.de werde teilweise erst andere Adressen angezeigt und ich lande dann auf der gewünschten Seite oder ich werde auf eine andere Seite weitergeleietet auf die ich gar nicht wollte.
Sowas taucht z.B. auf wenn ich auf Amazon gehen will:
hxxp://search.gutscheinfilter.de/?PHPSESSID=003265380064ca700064ca70ffcd9ac7
oder sowas
hxxp://www.pricerunner.de/track/scripts/transition.php?bt=b2ZmZXI%3D&if=1&mi=29454&ca=223&cn=Computer%3A+Desktop&cp=U3RydWN0dXJlZA%3D%3D&hp=SW5mb3JtYXRpcXVlKDIpLT5PcmRpbmF0ZXVycygyMik%3D&cy= &pi=2721358&pn=HP+Compaq+6200+Pro+Intel+Core+i3-2100+3.1GHz+%2F+2GB+%2F+250GB+%2F+DVDRW+%2F+Win+7+Pro&cc=q-s&du=aHR0cDovL3d3dy5paHJlaXQuZGUvcHJvZHVjdF9pbmZvLnBocD9wcm9kdWN0c19pZD0xNDM2OQ%3D%3D
das leitet mich dann auf diese Seite weiter:
hxxp://www.ihreit.de/?XTCsid=5g7othnf641digrdf6p65tuqg1
Ab und an taucht auch diese Adresse auf:
hxxp://parking.supernova-advertising.com/?PHPSESSID=000e6103001cc206001cc206fff19efc
oder diese
Ich hoffe ihr könnt mir helfen
Habe alles nach Anleitung durchgeführt und als erstes Defogger benutzt und hier folgen die verschiedenen Logfiles:
OTL Log Zitat:
OTL logfile created on: 10.03.2013 14:44:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ash\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 57,72% Memory free
3,99 Gb Paging File | 3,08 Gb Available in Paging File | 77,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 126,52 Gb Free Space | 44,38% Space Free | Partition Type: NTFS
Computer Name: ASH-PC | User Name: Ash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.03.10 14:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ash\Desktop\OTL.exe
PRC - [2013.02.17 08:04:12 | 000,067,584 | ---- | M] () -- C:\Windows\System32\mtdtcprx.exe
PRC - [2013.02.17 08:03:40 | 000,896,512 | ---- | M] () -- C:\Users\Ash\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
PRC - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\ccsvchst.exe
PRC - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.08.03 02:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012.08.03 02:12:18 | 000,387,440 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
PRC - [2012.08.03 02:10:40 | 000,476,016 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.07.19 14:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.11 10:18:30 | 000,024,576 | ---- | M] () -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll
MOD - [2011.11.11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011.11.11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011.11.11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.11.11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.11.11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
========== Services (SafeList) ==========
SRV - [2013.03.08 13:08:42 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 05:07:24 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.17 08:04:12 | 000,067,584 | ---- | M] () [Auto | Running] -- C:\Windows\System32\mtdtcprx.exe -- (dqapimig)
SRV - [2013.02.17 08:03:40 | 000,896,512 | ---- | M] () [Auto | Running] -- C:\Users\Ash\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper)
SRV - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.08.03 02:20:24 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2012.08.03 02:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012.08.03 02:12:18 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.08.03 02:10:40 | 000,476,016 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.07.19 14:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 13:30:21 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008.06.11 10:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.05.05 23:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2013.01.31 04:18:18 | 000,350,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\symtdiv.sys -- (SYMTDIv)
DRV - [2013.01.31 04:18:06 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\symefa.sys -- (SymEFA)
DRV - [2013.01.29 02:45:18 | 000,602,712 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.sys -- (SRTSP)
DRV - [2013.01.29 02:45:18 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.sys -- (SRTSPX)
DRV - [2013.01.26 04:54:59 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130309.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.26 04:54:59 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.01.26 04:54:59 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130309.003\NAVENG.SYS -- (NAVENG)
DRV - [2013.01.22 03:15:32 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\symds.sys -- (SymDS)
DRV - [2013.01.20 09:17:38 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013.01.18 16:43:10 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130308.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.11.16 03:22:01 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\ironx86.sys -- (SymIRON)
DRV - [2012.11.16 03:18:04 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.08.09 03:49:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.01 19:13:42 | 000,035,560 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2012.01.18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.03.26 20:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2008.07.19 02:22:49 | 001,032,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.07.19 02:22:23 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.06.11 10:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=1&o=vp32&d=0809&m=et1300
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=ds2hp&d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
IE - HKCU\..\SearchScopes\{FFCF1B73-CB48-445D-9D70-F9594D75F8DF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE378
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.order.2: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "OFDb - Alles"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.movie-infos.net"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: EscCloseTab%40Simplest.Ever:1.2
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ash\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.20 17:03:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.03.10 13:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2013.01.20 09:24:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\Ash\AppData\Roaming\Helper
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 13:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 13:08:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.23 17:18:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.24 10:57:19 | 000,000,000 | ---D | M]
[2010.05.08 11:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\Extensions
[2010.05.08 11:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.03.09 17:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions
[2013.01.31 04:31:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.24 10:03:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.09 17:51:45 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.05.08 11:33:45 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\add-to-searchbox@maltekraus.de
[2013.02.17 08:09:10 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Ash\AppData\Roaming\mozilla\Firefox\Profiles\ukqv6mwg.default\extensions\foxyproxy@eric.h.jung
[2012.03.16 18:47:13 | 000,001,253 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\EscCloseTab@Simplest.Ever.xpi
[2013.03.04 19:20:12 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.03.24 10:25:31 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2013.02.09 04:36:02 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013.02.14 07:07:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.29 15:17:40 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.03.01 05:22:49 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.02.17 08:19:54 | 000,002,243 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\amazon-decouk.xml
[2013.02.17 08:19:54 | 000,012,770 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\imdb.xml
[2013.02.17 08:19:54 | 000,005,455 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\ofdb---alles.xml
[2013.02.22 13:39:37 | 000,001,328 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\wikipedia-de.xml
[2013.02.17 08:19:54 | 000,002,168 | ---- | M] () -- C:\Users\Ash\AppData\Roaming\mozilla\firefox\profiles\ukqv6mwg.default\searchplugins\youtube-videosuche.xml
[2013.03.08 13:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 13:08:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013.03.08 13:08:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.03.08 13:08:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.03.08 13:08:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.17 08:19:54 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.17 08:19:54 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.17 08:19:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.17 08:19:54 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.17 08:19:54 | 000,001,876 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\privatesearch.xml
[2013.02.17 08:04:04 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.17 08:19:54 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.11.24 13:38:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKCU..\Run: [Wallpaper4U] C:\Program Files\Wallpaper4U\Wallpaper4U.exe -w File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15B3D8A5-804A-43E3-A3CB-8DFA9BF9C9FC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ash\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ash\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.10 14:43:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ash\Desktop\OTL.exe
[2013.03.09 17:51:52 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\QuickScan
[2013.03.08 13:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.06 06:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013.03.06 06:39:04 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.03.06 06:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013.03.05 19:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.02.24 12:22:47 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\ActivePresenter
[2013.02.24 12:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePresenter
[2013.02.24 12:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\ATOMI
[2013.02.24 11:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013.02.24 11:20:40 | 000,000,000 | ---D | C] -- C:\Fraps
[2013.02.23 17:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.02.22 17:09:10 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013.02.22 14:52:36 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Broad Intelligence
[2013.02.22 14:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2013.02.17 08:27:46 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\IObit
[2013.02.17 08:19:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2013.02.17 08:04:04 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Opera
[2013.02.17 08:03:57 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2013.02.17 08:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper
[2013.02.17 08:03:43 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\DesktopIconForAmazon
[2013.02.17 08:03:39 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\OCS
[2013.02.16 09:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2013.02.16 09:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013.02.15 13:54:29 | 000,000,000 | ---D | C] -- C:\Users\Ash\Documents\MAGIX
[2013.02.15 13:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2013.02.15 13:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2013.02.15 13:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2013.02.15 13:47:35 | 000,000,000 | ---D | C] -- C:\Users\Ash\Documents\MAGIX Downloads
[2013.02.15 13:47:34 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\MAGIX
[2013.02.15 12:54:55 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\Logitech® Webcam-Software
[2013.02.15 12:50:35 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Roaming\Leadertech
[2013.02.15 12:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2013.02.15 12:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2013.02.15 12:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.02.15 12:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2013.02.15 12:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.02.15 12:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013.02.09 15:59:27 | 000,000,000 | ---D | C] -- C:\Users\Ash\AppData\Local\Unity
========== Files - Modified Within 30 Days ==========
[2013.03.10 14:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ash\Desktop\OTL.exe
[2013.03.10 14:42:25 | 000,000,000 | ---- | M] () -- C:\Users\Ash\defogger_reenable
[2013.03.10 14:40:54 | 000,050,477 | ---- | M] () -- C:\Users\Ash\Desktop\Defogger.exe
[2013.03.10 14:33:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.10 14:20:16 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{18774119-C679-4AA5-B698-E5A37E721850}.job
[2013.03.10 14:07:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.10 13:35:04 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013.03.10 13:34:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.10 13:34:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.03.10 13:34:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 13:34:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 13:34:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.10 13:34:27 | 2011,566,080 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.08 15:21:39 | 000,215,040 | ---- | M] () -- C:\Users\Ash\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.07 07:35:11 | 055,996,697 | ---- | M] () -- C:\Users\Ash\Desktop\PC vs. Konsole Cut.mp3
[2013.03.06 06:30:16 | 002,037,347 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\Cat.DB
[2013.03.04 07:35:00 | 000,633,342 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.04 07:35:00 | 000,599,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.04 07:35:00 | 000,128,784 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.04 07:35:00 | 000,105,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.03 09:45:34 | 000,372,026 | ---- | M] () -- C:\Users\Ash\Desktop\doc(1).pdf
[2013.02.28 18:08:41 | 110,547,293 | ---- | M] () -- C:\Users\Ash\Desktop\PC vs. Konsole.mp3
[2013.02.27 16:44:15 | 040,701,114 | ---- | M] () -- C:\Users\Ash\Desktop\P3_Podcast_102.mp3
[2013.02.17 08:04:12 | 000,067,584 | ---- | M] () -- C:\Windows\System32\mtdtcprx.exe
[2013.02.15 06:13:21 | 000,323,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.14 20:59:51 | 000,005,241 | ---- | M] () -- C:\Users\Ash\.recently-used.xbel
[2013.02.14 18:39:41 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\isolate.ini
[2013.02.09 13:13:34 | 050,069,252 | ---- | M] () -- C:\Users\Ash\Desktop\P3_Podcast_101.mp3
========== Files Created - No Company Name ==========
[2013.03.10 14:42:25 | 000,000,000 | ---- | C] () -- C:\Users\Ash\defogger_reenable
[2013.03.10 14:40:51 | 000,050,477 | ---- | C] () -- C:\Users\Ash\Desktop\Defogger.exe
[2013.03.10 13:35:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013.03.07 07:26:53 | 055,996,697 | ---- | C] () -- C:\Users\Ash\Desktop\PC vs. Konsole Cut.mp3
[2013.03.03 09:45:34 | 000,372,026 | ---- | C] () -- C:\Users\Ash\Desktop\doc(1).pdf
[2013.02.28 18:07:03 | 110,547,293 | ---- | C] () -- C:\Users\Ash\Desktop\PC vs. Konsole.mp3
[2013.02.27 16:39:51 | 040,701,114 | ---- | C] () -- C:\Users\Ash\Desktop\P3_Podcast_102.mp3
[2013.02.17 08:04:12 | 000,067,584 | ---- | C] () -- C:\Windows\System32\mtdtcprx.exe
[2013.02.17 08:03:57 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2013.02.14 20:59:51 | 000,005,241 | ---- | C] () -- C:\Users\Ash\.recently-used.xbel
[2013.02.09 13:07:52 | 050,069,252 | ---- | C] () -- C:\Users\Ash\Desktop\P3_Podcast_101.mp3
[2012.04.06 14:55:09 | 000,380,928 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.11.17 02:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.06.07 09:15:57 | 000,604,160 | ---- | C] () -- C:\Windows\System32\SetupExt.dll
[2010.07.24 13:11:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.11 15:19:11 | 000,215,040 | ---- | C] () -- C:\Users\Ash\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.08 16:14:58 | 000,008,698 | ---- | C] () -- C:\Users\Ash\clearance.wav
[2010.05.08 16:10:30 | 000,027,498 | ---- | C] () -- C:\Users\Ash\alertsnd.wav
[2010.05.08 16:03:54 | 000,030,517 | ---- | C] () -- C:\Users\Ash\avatar-15609.png
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.02.24 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\ActivePresenter
[2010.05.09 16:45:01 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Amazon
[2010.12.19 10:51:09 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Boomzap
[2013.02.22 15:11:32 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Broad Intelligence
[2012.12.14 15:06:59 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2012.12.14 13:40:21 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\com.wb.DC2
[2013.02.17 08:03:44 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\DesktopIconForAmazon
[2013.02.14 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\gtk-2.0
[2012.11.27 07:08:53 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\ICQ
[2013.02.17 08:27:46 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\IObit
[2013.02.15 12:50:35 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Leadertech
[2013.02.15 13:54:28 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\MAGIX
[2013.02.17 08:03:39 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\OCS
[2010.05.15 09:31:45 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\OpenOffice.org
[2013.02.17 08:04:04 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Opera
[2010.12.19 10:56:07 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\PlayFirst
[2013.03.09 17:51:56 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\QuickScan
[2010.10.23 14:09:41 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\SanDisk
[2010.05.08 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Thunderbird
[2010.07.18 16:42:28 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\Warsow 0.5
[2010.12.19 10:28:49 | 000,000,000 | ---D | M] -- C:\Users\Ash\AppData\Roaming\WildTangent
========== Purity Check ==========
< End of report >
| Extras Log Zitat:
OTL Extras logfile created on: 10.03.2013 14:44:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ash\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 57,72% Memory free
3,99 Gb Paging File | 3,08 Gb Available in Paging File | 77,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 126,52 Gb Free Space | 44,38% Space Free | Partition Type: NTFS
Computer Name: ASH-PC | User Name: Ash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{226E7B6F-B201-4DC3-9D04-64E132332EE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{31121D26-AC3E-4A49-A8DA-77B5D23AFFD7}" = rport=138 | protocol=17 | dir=out | app=system |
"{3B65471E-D5B6-4133-B0C5-C5EAA1898212}" = lport=2869 | protocol=6 | dir=in | app=system |
"{45003CE0-CD5B-4F29-A1C8-22D8D7D005DB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{9D63B296-CE71-4427-A5B6-8F9AF753709B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A54C109D-F0B6-4DCB-953D-6000DB90F8E6}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7FB3953-CA0C-42BE-B2A5-0AAD45937F62}" = lport=138 | protocol=17 | dir=in | app=system |
"{B807494E-6575-4C56-A782-F4FE6A375DAB}" = lport=137 | protocol=17 | dir=in | app=system |
"{B921C124-F4B6-43B6-AF1A-9754733F83E8}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0D294A4-AB56-4F7C-98E7-7B02AEAC2D5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EBD79618-23C0-4F70-A532-5DF3E4EF7B5B}" = rport=445 | protocol=6 | dir=out | app=system |
"{F5F5B347-BD4A-4E2F-8104-FD9087AD885D}" = rport=137 | protocol=17 | dir=out | app=system |
"{FFB4F871-188A-4BE8-984A-1E05806B74E4}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D3B0B8-D2C3-4383-A63C-68713271B3F6}" = dir=out | app=c:\program files\atomi\activepresenter\rlactivator.exe |
"{0358B9CF-E43A-4672-985D-5AF0D5D58EB1}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{0910446B-0E4C-4F13-9389-1A4CBEA04FE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0BA25DA5-5394-410A-AB6B-F184441C2D6B}" = dir=out | app=c:\program files\atomi\activepresenter\activepresenter.exe |
"{0F487081-ADD3-430A-8F0A-E6208FB86781}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{18904E82-FBFB-4C13-855F-E106DF5A74A4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2747C3E9-A73E-44A5-86DB-FC43007DEEE3}" = dir=out | app=c:\program files\atomi\activepresenter\rlupdater.exe |
"{354E4271-3276-4E25-86F2-24615D342AA9}" = dir=in | app=c:\program files\atomi\activepresenter\activepresenter.exe |
"{3AF706B2-B671-47DB-A708-2BA8D787B6FB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{3B5C933B-ED98-45EC-A5E0-D799003F6941}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{44632013-250B-4EFF-92DF-CEBC5A12E706}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{4B38D425-6E93-40A8-93E2-D762F32722C9}" = dir=in | app=c:\program files\atomi\activepresenter\rlactivator.exe |
"{564D7B6C-D752-43CD-AB6E-702E608A4E02}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5D015A0D-E30C-43C1-A195-508EE2DF7360}" = dir=in | app=c:\program files\atomi\activepresenter\rlupdater.exe |
"{61DE506D-ECB7-436A-99E3-D8146CF6C620}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{61FD1D47-ED4A-4BAF-B265-79B43277A411}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{74ECE3D3-EB1E-4624-B416-CB5FE8B5775F}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{84DF2D96-4B64-4356-A6B4-A80D049FCD19}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{92A25B97-96AF-4AB4-A470-FE7106E3D7C1}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{A11DA26B-6C59-40FD-B8B5-31834D1761AD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B4B35A1A-A5D3-4AE7-A2BC-C3C659221BE4}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{C07A38CE-8AA1-4615-9E24-9D42F778C717}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C0FD9C45-84D1-4A11-A7DD-13B40783885A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C3CE635A-9C02-455A-A884-E674DEA2B632}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D10F4455-2314-4CBE-AB67-7E329D2D771B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D976E55F-A827-4C31-9DA5-83FC087E9BFA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E7699D2A-9FE4-4DEF-B0C4-8C51AAC7D8E1}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{E8A4D729-DC7C-4716-918B-1EC63BB44703}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{EB9E387D-0A00-4032-905C-7FC41F19FEDC}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{F5EACE9C-6CAF-4E02-BCFC-B531FE9D4968}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{F83544EA-B906-496D-8ADF-7B489D2827A8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1" = ActivePresenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}" = NWZ-B170 WALKMAN Guide
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9370463-B35E-473F-BB0D-4FC572A1F9DF}" = MAGIX Video easy SE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"dcmsvc_is1" = dcmsvc 1.0
"DivX Setup" = DivX-Setup
"Episode 1" = Back to the Future The Game - Episode 1
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.45
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 2.67
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Recover My Files v5_is1" = Recover My Files
"Red Dead Redemption" = Red Dead Redemption Screen Saver
"Steam App 400" = Portal
"VLC media player" = VLC media player 2.0.5
"WildTangent emachines Master Uninstall" = eMachines Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.08.2012 05:09:06 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.08.2012 10:14:57 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2012 01:24:14 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2012 04:55:27 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2012 09:18:56 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.08.2012 01:30:01 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.08.2012 09:11:52 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.08.2012 12:09:16 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.08.2012 00:30:25 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.08.2012 13:30:37 | Computer Name = Ash-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 30.07.2010 12:36:51 | Computer Name = Ash-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 527
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 07.03.2013 13:06:47 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =
Error - 07.03.2013 14:41:12 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =
Error - 07.03.2013 23:28:53 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =
Error - 08.03.2013 07:50:48 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =
Error - 08.03.2013 14:05:39 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =
Error - 08.03.2013 23:29:46 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =
Error - 09.03.2013 07:27:27 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =
Error - 09.03.2013 11:20:51 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =
Error - 10.03.2013 02:26:25 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =
Error - 10.03.2013 08:34:39 | Computer Name = Ash-PC | Source = HTTP | ID = 15016
Description =
< End of report >
| Gmer Log Zitat:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-10 15:29:11
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000059 Hitachi_ rev.ST2O 298,09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Ash\AppData\Local\Temp\pwldrpow.sys
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 83F96C10
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
10.03.2013, 15:44
Baum-Darstellung