| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.03.2013, 21:47
| #1 |
 |  Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Hallo Leute, ich bin neu in diesem Forum und habe folgendes Problem. Seit ungefähr 1-2 Wochen habe ich mir einen Trojaner eingefangen (ich habe von Chip.de einen mp3-Konvertierer runtergeladen, und irgendwie ist das schief gegangen). Dieser Trojaner macht sich bisher nur dadurch bemerkbar, dass ich, wenn ich einen neuen Tab öffne, folgendes in der Adressleiste stehen habe: Search Ansonsten scheint er weder meinen Computer lahm zu legen, noch sonst welche Seiten zu verhindern. Aber man weiß ja nie, welche private Daten der Trojaner schon kennt. Ich habe versucht, die Tab-Einstellung in about:config zurückzusetzen, habe Google als Startseite eingestellt, habe Avast und Malwarebytes installiert und vollständig drüber laufen lassen. Nichts nützt. Ich benutze Https Everywhere und bin auch sonst eigentlich echt vorsichtig. Malwarebytes hat infizierte Dateien gefunden hat, und die hab ich in Quarantäne verschoben. Da searchnu jedoch immer noch in meinen Tabs auftauchte, muss ich gestehen, dass ich die Dateien gelöscht habe (ja, ich weiß, das sollte ich eigentlich nicht tun, aber mir fiel keine bessere Lösung ein)- ohne Erfolg. Searchnu verfolgt mich immer noch. Ich habe Windows Vista, mein Laptop (hp) ist um die 6 Jahre alt und ich benutze Mozilla Firefox als Browser. Bitte helft mir! Da ich mich nicht soo sehr mit Internet und Computern auskenne, wird es mir also nicht so viel weiterhelfen, wenn ihr mir schreibt "Erstelle Logfiles" oder ähnliches. Wenn's geht, also bitte idiotensicher.  Tausend Dank euch! Sarah Geändert von JambalayaJam (20.03.2013 um 22:14 Uhr) |
|
20.03.2013, 22:37
| #2 | |
| /// TB-Ausbilder   | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Hallo Sarah,
__________________Zitat:
Weiter: Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
22.03.2013, 16:53
| #3 |
| | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Hallo,
__________________danke für deine schnelle Nachricht. Hier also die Logs: Log von MBAM Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.20.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19401 Besitzer :: BESITZER-PC [limitiert] 20.03.2013 19:59:09 mbam-log-2013-03-20 (19-59-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 233104 Laufzeit: 13 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Log von AdwcleanerAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 22/03/2013 um 15:52:45 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Besitzer - BESITZER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Besitzer\Pictures\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\sphhgde8.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\sphhgde8.default\searchplugins\icqplugin-3.xml
Gelöscht mit Neustart : C:\Program Files\search results toolbar
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\sphhgde8.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\sphhgde8.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
Ordner Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\sphhgde8.default\extensions\engine@conduit.com
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\mgrldr.dll
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoft
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\DVDVideoSoft
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42EC-B55A-3CAEB12DBF58}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoft Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\XTTB00001
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6BA5B3AA-9C88-4A31-AB33-4596B706EE76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\XTTB00001.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\XTTB00001.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\XTTB00001.XTTB00001
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\XTTB00001.XTTB00001.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoft
Schlüssel Gelöscht : HKLM\Software\iLividSRTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6BA5B3AA-9C88-4A31-AB33-4596B706EE76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoft Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19401
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://google.icq.com/search/search_frame.php --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\sphhgde8.default\prefs.js
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "27-7-2010");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Tue Jul 27 2010 15:35:59 GMT+0200");
Gelöscht : user_pref("CT2269050.ExternalComponentPollDate8877840225553681985", "Tue Jul 27 2010 15:35:59 GMT+02[...]
Gelöscht : user_pref("CT2269050.FirstServerDate", "28-3-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2269050.InstalledDate", "Sun Mar 28 2010 17:59:52 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Tue Jul 27 2010 15:36:00 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.5.8.6", "Sun Mar 28 2010 17:59:53 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Tue Jul 27 2010 15:35:59 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Tue Jul 27 2010 15:35:59 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Tue Jul 27 2010 15:35:59 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1280150171");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Tue Jul 27 2010 15:35:59 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1269533603");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2269050.UserID", "UN71082063579611199");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 0);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Tue Jul 27 2010 15:36:00 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Mar 29 2011 16:05:56 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 23:45:50 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 23:45:42 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "5db96b3c-5f77-41aa-a39d-3fabc88008fa");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jul 27 2010 15:35:59 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Jun 10 2011 23:44:35 GMT+0200");
Gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Mar 29 2011 16:05:54 GMT+0200");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "03/29/2011 17");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Tue Mar 29 2011 16:05:54 GMT+0200");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Mar 29 2011 16:05:54 GMT+0200");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Mar 29 2011 16:05:54 GMT+0200");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Mar 29 2011 16:05:53 GMT+0200");
Gelöscht : user_pref("ConduitEngine.UserID", "UN48209153190894886");
Gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Mar 29 2011 16:05:53 GMT+0200");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Mar 29 2011 16:05:54 GMT+0200");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("ConduitEngine.usagesFlag", 1);
Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("extensions.ecosia.keywordURL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q[...]
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options itb_people itb_zoom_in itb_zoom_out itb_zoom_def[...]
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.0.15");
Gelöscht : user_pref("icqtoolbar.shownElements", "");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "yes");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "124540507012454050701245432870339");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1259351732);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=706&systemid=406&apn[...]
*************************
AdwCleaner[S1].txt - [396 octets] - [22/03/2013 15:44:49]
AdwCleaner[S2].txt - [21387 octets] - [22/03/2013 15:52:45]
########## EOF - C:\AdwCleaner[S2].txt - [21448 octets] ##########
Logs von OTL OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.03.2013 16:10:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Besitzer\Pictures\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19401) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,23% Memory free 4,23 Gb Paging File | 3,39 Gb Available in Paging File | 80,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141,57 Gb Total Space | 18,06 Gb Free Space | 12,76% Space Free | Partition Type: NTFS Drive D: | 7,48 Gb Total Space | 2,17 Gb Free Space | 29,07% Space Free | Partition Type: NTFS Drive E: | 5,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.20 23:19:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Pictures\Desktop\OTL.exe PRC - [2013.03.13 12:43:36 | 004,970,496 | ---- | M] (Bandoo Media Inc.) -- C:\Programme\Search Results Toolbar\Datamngr\DatamngrUI.exe PRC - [2013.03.13 12:43:34 | 004,557,312 | ---- | M] (Bandoo Media Inc.) -- C:\Programme\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2012.06.07 16:35:02 | 000,522,744 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.06.07 16:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2010.10.08 06:18:42 | 000,726,288 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\iked.exe PRC - [2010.10.08 06:18:42 | 000,541,968 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe PRC - [2010.10.08 06:18:42 | 000,054,544 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008.01.22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.04.24 02:11:42 | 000,262,243 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe PRC - [2007.03.09 18:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.02.12 15:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.04.24 02:10:44 | 000,061,440 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ========== Services (SafeList) ========== SRV - [2013.03.18 19:59:55 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.13 12:43:34 | 004,557,312 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Programme\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe -- (DatamngrCoordinator) SRV - [2013.03.08 15:52:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.07 16:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.02.16 13:28:06 | 000,082,944 | ---- | M] (Freemake) [Auto | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2010.10.08 06:18:42 | 000,726,288 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked) SRV - [2010.10.08 06:18:42 | 000,541,968 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) SRV - [2010.10.08 06:18:42 | 000,054,544 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.01.22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.04.24 02:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) SRV - [2007.04.24 02:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) SRV - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.06.07 16:25:20 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2012.06.07 16:24:23 | 000,057,256 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux) DRV - [2012.06.07 16:24:23 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsint.sys -- (acsint) DRV - [2011.04.29 16:49:42 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.04.29 16:49:40 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.11.09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010.09.02 08:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt) DRV - [2010.09.02 08:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet) DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.05 11:15:58 | 001,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009.03.25 15:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009.03.25 15:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) DRV - [2009.03.25 15:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) DRV - [2009.03.25 15:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009.03.25 15:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) DRV - [2009.03.25 15:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) DRV - [2009.03.25 15:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2009.02.26 19:13:45 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.02.24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.08.29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.03.05 22:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.03.01 13:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.23 18:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.30 18:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006.06.28 17:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2003.07.09 16:52:02 | 000,020,032 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Stopped] -- C:\Windows\System32\MLPTDR_P.SYS -- (MLPTDR_P) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: rtmgmail%40rememberthemilk.com:1.0.7 FF - prefs.js..extensions.enabledAddons: %7Bd04b0b40-3dab-4f0b-97a6-04ec3eddbfb0%7D:2.0.6 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.1.4 FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0 FF - prefs.js..extensions.enabledItems: robert.kresse@vebu.de:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.5 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=706&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=6554020327914509&o=APN10645&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.02.20 18:19:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.11.01 18:30:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 15:52:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 22:45:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 15:52:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 22:45:41 | 000,000,000 | ---D | M] [2013.03.17 19:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions [2011.03.17 16:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2013.03.22 15:53:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\sphhgde8.default\extensions [2010.05.30 16:18:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\sphhgde8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.03.17 19:56:09 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\sphhgde8.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0} [2013.03.08 22:42:24 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\sphhgde8.default\extensions\https-everywhere@eff.org [2009.04.17 16:49:06 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\sphhgde8.default\extensions\moveplayer@movenetworks.com [2010.12.19 13:19:13 | 000,000,000 | ---D | M] ("vebusupport") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\sphhgde8.default\extensions\robert.kresse@vebu.de [2012.11.26 19:02:21 | 000,012,881 | ---- | M] () (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\sphhgde8.default\extensions\rtmgmail@rememberthemilk.com.xpi [2012.12.13 09:48:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\sphhgde8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2011.05.17 15:39:23 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\sphhgde8.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2013.02.15 09:51:28 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\sphhgde8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.04.24 10:04:40 | 000,002,289 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\sphhgde8.default\searchplugins\ecosia.xml [2013.03.17 19:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.27 22:45:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.03.17 19:55:35 | 000,000,000 | ---D | M] (Datamngr) -- C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2013.03.08 15:52:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.21 10:19:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 20:11:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.21 10:19:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 10:19:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 10:19:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 10:19:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Programme\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Programme\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe () O4 - HKU\S-1-5-18..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe () O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O7 - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DC3C7D7-9805-4B24-9C99-A14AE4A9D4AB}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AD0DBD8-49C9-4E56-8098-B52A36872AFA}: Domain = uni-mannheim.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AD0DBD8-49C9-4E56-8098-B52A36872AFA}: NameServer = 134.155.96.51,134.155.96.53 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80742428-975B-48AE-8B46-54D87A5BF182}: Domain = uni-mannheim.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80742428-975B-48AE-8B46-54D87A5BF182}: NameServer = 134.155.96.51,134.155.96.53 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{cad2a7f2-6a52-11e0-8036-001b2497147f}\Shell - "" = AutoRun O33 - MountPoints2\{cad2a7f2-6a52-11e0-8036-001b2497147f}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{f44d34f6-de88-11de-8025-00059a3c7800}\Shell\AutoRun\command - "" = F:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.20 23:19:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Pictures\Desktop\OTL.exe [2013.03.20 22:17:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.20 19:28:27 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes [2013.03.20 19:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.20 19:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.20 19:27:59 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.20 19:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.20 19:26:48 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Besitzer\Pictures\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.20 19:19:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.03.20 17:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.03.20 17:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.03.20 17:50:38 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Besitzer\Pictures\Desktop\SpyHunter-Installer.exe [2013.03.17 19:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert [2013.03.17 19:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Search Results Toolbar [2013.03.17 19:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr [2013.03.12 23:01:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.12 23:01:25 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.03.12 23:01:23 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.12 23:01:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.03.12 23:01:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.12 23:01:21 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.12 23:01:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.03.12 23:01:19 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.12 23:01:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.03.12 23:01:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.12 23:01:01 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.03.12 23:00:57 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2013.03.12 23:00:56 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.12 23:00:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.12 23:00:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.12 23:00:49 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.12 23:00:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.12 23:00:40 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.27 22:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.26 21:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gargoyle [2013.02.26 21:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Gargoyle [2009.08.18 18:21:45 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeF8D2.dll [76 C:\Users\Besitzer\Pictures\Desktop\*.tmp files -> C:\Users\Besitzer\Pictures\Desktop\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.22 16:11:36 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{57628678-73F5-4FE3-AE75-90EAFCFFAF9A}.job [2013.03.22 16:02:57 | 000,137,517 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.03.22 16:02:57 | 000,137,517 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.03.22 16:00:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.22 15:58:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.22 15:58:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.22 15:57:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.22 15:57:49 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2013.03.22 15:56:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.22 15:54:34 | 000,000,162 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.03.22 10:19:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.20 23:19:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Pictures\Desktop\OTL.exe [2013.03.20 23:18:57 | 000,609,993 | ---- | M] () -- C:\Users\Besitzer\Pictures\Desktop\adwcleaner.exe [2013.03.20 20:04:49 | 000,000,060 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\mbam.context.scan [2013.03.20 19:27:08 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Besitzer\Pictures\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.20 17:50:54 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Besitzer\Pictures\Desktop\SpyHunter-Installer.exe [2013.03.20 16:20:11 | 000,644,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.20 16:20:11 | 000,600,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.20 16:20:11 | 000,131,444 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.20 16:20:11 | 000,108,822 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.18 19:59:55 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.18 19:59:55 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.16 11:46:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.03.12 00:15:08 | 000,015,229 | ---- | M] () -- C:\Users\Besitzer\Documents\Sitzung 11.3.13.odt [2013.02.28 10:25:24 | 003,820,716 | ---- | M] () -- C:\Users\Besitzer\Documents\Gothaer Lebensversicherung.pdf [2013.02.28 03:49:23 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [76 C:\Users\Besitzer\Pictures\Desktop\*.tmp files -> C:\Users\Besitzer\Pictures\Desktop\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.22 15:46:54 | 000,000,162 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.03.20 23:18:40 | 000,609,993 | ---- | C] () -- C:\Users\Besitzer\Pictures\Desktop\adwcleaner.exe [2013.03.20 20:04:49 | 000,000,060 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\mbam.context.scan [2013.03.12 00:15:03 | 000,015,229 | ---- | C] () -- C:\Users\Besitzer\Documents\Sitzung 11.3.13.odt [2013.02.28 22:43:04 | 003,820,716 | ---- | C] () -- C:\Users\Besitzer\Documents\Gothaer Lebensversicherung.pdf [2012.02.26 15:18:51 | 000,000,862 | ---- | C] () -- C:\Users\Besitzer\.recently-used.xbel [2011.05.21 22:11:00 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\{D0F5232D-EB7C-42F7-AF8A-6360D50ED6B0} [2011.04.29 16:49:42 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.04.29 16:49:40 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.04.25 15:30:45 | 000,000,059 | ---- | C] () -- C:\Windows\RUNAWAY.INI [2010.06.05 21:32:55 | 000,004,096 | -H-- | C] () -- C:\Users\Besitzer\AppData\Local\keyfile3.drm [2009.10.09 08:45:16 | 000,001,470 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\RecConfig.xml [2009.07.05 08:32:56 | 000,137,517 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.07.05 08:32:56 | 000,137,517 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.06.20 17:22:41 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.05.02 13:49:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008.01.03 16:26:02 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.11.23 19:56:50 | 000,000,680 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat [2007.11.04 20:18:10 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\wklnhst.dat [2007.11.02 20:46:57 | 000,161,280 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.10.13 17:59:43 | 000,027,620 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\nvModes.001 [2007.10.13 00:07:12 | 000,027,620 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.03.2013 16:10:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Besitzer\Pictures\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19401)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,23% Memory free
4,23 Gb Paging File | 3,39 Gb Available in Paging File | 80,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,57 Gb Total Space | 18,06 Gb Free Space | 12,76% Space Free | Partition Type: NTFS
Drive D: | 7,48 Gb Total Space | 2,17 Gb Free Space | 29,07% Space Free | Partition Type: NTFS
Drive E: | 5,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1774AEDD-0048-46DB-89F6-192497ED16E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{20D958C7-B105-4B6E-A1C0-F1E829EAAA9A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6200A465-8A6A-4A73-88B8-1B4E5B5CA146}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A15C9276-E245-4F47-9A02-0AF123129880}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DCD67995-D3F0-48A5-8A15-A7FC1FE84046}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB952719-4606-437D-A9F8-D2DE71B501F8}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0125CD8B-7C0C-4FB0-B636-93F0843B80BE}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{2167A3F7-2D2C-4552-BC9A-CCFAA151A2BC}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{23162BC0-4409-4D74-9DC1-6BF7908C7D70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3BE074E1-FC96-4657-8B49-FD7E1922037D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40B1D353-C1A0-4B35-9E73-3ECF977E450A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44221C92-74FA-482A-AAF7-D41B82422AB4}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{75C5C2BB-2E26-44FF-ABB9-C9326D3D6358}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DF8919C-7C82-4B68-B2B2-EAFF28112F39}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{A1C1257E-1DDA-4D10-89E2-78362ACA67F3}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{A3457A09-D4BF-4D57-A837-F5C0BAD51B8D}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{BCBF0D94-4215-4532-8617-A9EBDE917B7B}" = protocol=17 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{C71EDD7E-42CF-4CD0-94E1-2298FC82317D}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C7DFF9D1-B96F-48EF-BED9-22444BEBE418}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{CE3B418C-5844-4815-8E60-3DA8056EB939}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DB71B211-2A4C-4559-AC44-3E3A27D779EE}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DE4811BE-FC11-4552-B156-9D1284063168}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{F8A92E7A-0F7A-47B2-A01B-87B078D70D43}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{F927BD2C-4D37-4A3D-9BB0-C2DC58AB1453}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"TCP Query User{051EC79F-F7C2-438E-9B9F-03FC0FC419BB}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{265B885C-4148-47E1-9815-D1A932004B34}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{2F4D3A0F-B3D6-4038-B3D0-79A55CF581A1}C:\kav\kav8.0\german\setup.exe" = protocol=6 | dir=in | app=c:\kav\kav8.0\german\setup.exe |
"TCP Query User{931FAAC6-056B-4098-ADC2-430151627425}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9A2BF081-CF46-4367-B89D-ACE5A2CF516A}G:\sarah\program files\jowood\die gilde\gilde_tl.exe" = protocol=6 | dir=in | app=g:\sarah\program files\jowood\die gilde\gilde_tl.exe |
"TCP Query User{ABE9918F-DFF1-4BC9-8385-4B8128C06666}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B68A7FB4-DE11-4857-BAF7-A2577BBAE296}C:\users\besitzer\pictures\desktop\skype.exe" = protocol=6 | dir=in | app=c:\users\besitzer\pictures\desktop\skype.exe |
"TCP Query User{BF55A449-083B-473F-B2AF-9BBEC53393C8}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"TCP Query User{C15AB0B4-F9B6-4180-951A-B23A1F303125}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{C6A844BA-7DA1-47C8-9148-907CBE5C206C}C:\users\besitzer\pictures\desktop\skype.exe" = protocol=6 | dir=in | app=c:\users\besitzer\pictures\desktop\skype.exe |
"UDP Query User{07692730-1029-4519-87DC-02EB84DB5AF1}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{281ABC7C-FF03-49B4-9F05-24A6001F2F76}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"UDP Query User{73AF2836-FD75-497F-B8C5-E62DA243581E}G:\sarah\program files\jowood\die gilde\gilde_tl.exe" = protocol=17 | dir=in | app=g:\sarah\program files\jowood\die gilde\gilde_tl.exe |
"UDP Query User{78446756-FC8E-4511-B144-C18A30D2FFB5}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B1CF4665-2D70-4B1F-950B-7484325CB70D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{B575BFFE-5318-4831-93A9-C4CAC27C14E8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C3DC4423-EB5A-4EFA-BFC9-306159495D68}C:\users\besitzer\pictures\desktop\skype.exe" = protocol=17 | dir=in | app=c:\users\besitzer\pictures\desktop\skype.exe |
"UDP Query User{E648819C-2BF1-40AD-8CC7-F16EF623477C}C:\kav\kav8.0\german\setup.exe" = protocol=17 | dir=in | app=c:\kav\kav8.0\german\setup.exe |
"UDP Query User{F22B3190-ACC0-4C96-B392-35FBBF9F4C39}C:\users\besitzer\pictures\desktop\skype.exe" = protocol=17 | dir=in | app=c:\users\besitzer\pictures\desktop\skype.exe |
"UDP Query User{FC6FCBB9-702C-45EE-A827-EC8288626E46}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{194C14D5-3CB0-4977-8886-A79DFC00E820}" = MSCU for Microsoft Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20370E2E-E19B-4D8D-A6D4-81C1D268F6EA}" = Mobipocket Reader 5.2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2E1A9152-3B46-4D04-9245-2A284B64F142}" = Cisco AnyConnect Secure Mobility Client
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7968EB30-5580-4955-8925-4A17CD625118}" = ESU for Microsoft Vista
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{818FB39B-1A57-4F1B-A54D-391C33D6C596}" = Tropico
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}" = Die Sims - Hokus Pokus
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Art of Murder 2/DE-German_is1" = Die Kunst des Mordens: Der Marionettenspieler
"Art of Murder/DE-German_is1" = Die Kunst des Mordens: Geheimakte FBI
"avast" = avast! Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Clementine" = Clementine
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"'Cultures Saga'" = 'Cultures Saga'
"Die Gilde" = Die Gilde
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FeedDemon_is1" = FeedDemon
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Disc Burner_is1" = Free Disc Burner version 3.0.4.426
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.12
"Free Studio_is1" = Free Studio version 5.2.0
"Free Video Dub_is1" = Free Video Dub version 1.8.10.305
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.17.305
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.1
"Google Updater" = Google Updater
"GXTranscoder v2" = GXTranscoder v2
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"ilividtoolbargaw" = Search-Results Toolbar
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Jack Keane" = Jack Keane
"kikin Plugin (NO23 Edition)" = kikin Plugin (NO23 Edition) 1.11
"KONICA MINOLTA magicolor2300W" = KONICA MINOLTA magicolor2300W
"LastFM_is1" = Last.fm 1.5.4.27091
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"ManyCam" = ManyCam 2.6.30 (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"OpenStreetMap Plugin V2_is1" = OpenStreetMap Plugin V2
"Patchwork Girl" = Patchwork Girl
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.03.2013 14:46:25 | Computer Name = Besitzer-PC | Source = .NET Runtime | ID = 1023
Description =
Error - 17.03.2013 14:46:25 | Computer Name = Besitzer-PC | Source = Application Error | ID = 1000
Error - 17.03.2013 14:46:32 | Computer Name = Besitzer-PC | Source = .NET Runtime
| ID = 1023
Description =
Error - 17.03.2013 14:47:00 | Computer Name = Besitzer-PC | Source = .NET Runtime
| ID = 1023
Description =
Error - 17.03.2013 14:47:00 | Computer Name = Besitzer-PC | Source = Application
Error | ID = 1000
Error - 17.03.2013 14:47:18 | Computer Name = Besitzer-PC | Source = .NET Runtime | ID = 1023
Description =
Error - 17.03.2013 14:47:18 | Computer Name = Besitzer-PC | Source = Application Error | ID = 1000
Error - 17.03.2013 15:00:45 | Computer Name = Besitzer-PC | Source = .NET Runtime
| ID = 1023
Description =
Error - 17.03.2013 15:00:46 | Computer Name = Besitzer-PC | Source = Application
Error | ID = 1000
Error - 20.03.2013 14:20:54 | Computer Name = Besitzer-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msiexec.exe, Version 4.5.6002.18005, Zeitstempel
0x49e01c42, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
Ausnahmecode 0xc0000005, Fehleroffset 0x000417be, Prozess-ID 0x1770, Anwendungsstartzeit
01ce25972a71f5a0.
Error - 20.03.2013 14:22:36 | Computer Name = Besitzer-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul searchresultstb.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x50b69ae6, Ausnahmecode 0xc0000005, Fehleroffset 0x66fa32c3, Prozess-ID 0xa74,
Anwendungsstartzeit 01ce25734ee68240.
Error - 20.03.2013 14:23:37 | Computer Name = Besitzer-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Dwm.exe, Version 6.0.6002.18005, Zeitstempel
0x49e01b94, fehlerhaftes Modul searchresultstb.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x50b69ae6, Ausnahmecode 0xc0000005, Fehleroffset 0x66fa32c3, Prozess-ID 0x9a4,
Anwendungsstartzeit 01ce257348963ca0.
Error - 22.03.2013 10:52:19 | Computer Name = Besitzer-PC | Source = Application Hang | ID = 1002
Description = Programm adwcleaner.exe, Version 2.1.1.5 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: d9c Anfangszeit: 01ce270ba453e1ce Zeitpunkt der Beendigung:
0
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 22.03.2013 10:44:54 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown
Error - 22.03.2013 10:44:54 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 22.03.2013 10:44:54 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 22.03.2013 10:44:54 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
Verbindung wurde vom Remotehost geschlossen.
Error - 22.03.2013 10:44:54 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 22.03.2013 10:57:59 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.
Error - 22.03.2013 11:01:25 | Computer Name = Besitzer-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 22.03.2013 11:03:15 | Computer Name = Besitzer-PC | Source = acvpnui | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.
Error - 22.03.2013 11:03:22 | Computer Name = Besitzer-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 22.03.2013 11:03:25 | Computer Name = Besitzer-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1086 NULL object. Cannot establish a connection at this time.
[ Media Center Events ]
Error - 17.04.2008 13:27:09 | Computer Name = Besitzer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
Error - 18.04.2008 11:29:05 | Computer Name = Besitzer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ System Events ]
Error - 22.03.2013 10:35:08 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 22.03.2013 10:50:16 | Computer Name = Besitzer-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 22.03.2013 11:00:17 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 22.03.2013 11:00:17 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7002
Description =
Error - 22.03.2013 11:00:17 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 22.03.2013 11:00:17 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 22.03.2013 11:00:17 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 22.03.2013 11:00:48 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 22.03.2013 11:01:16 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 22.03.2013 11:01:18 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
22.03.2013, 17:03
| #4 |
| /// TB-Ausbilder | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Hallo, wie läuft der Rechner jetzt? Macht er noch Probleme? (Wir sind noch nicht fertig!)
__________________ cheers, Leo |
|
22.03.2013, 18:03
| #5 |
| | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Hey Leo, So auf die Schnelle kann ich jetzt gar nicht sagen, ob der Rechner besser läuft. Hab oft, dass mein Firefox spinnt und ich die Meldung "Keine Rückmeldung" bekomme. Oder einen ominösen Crash Dump, den ich vor allem bekomme, wenn ich Filme anschaue. Aber das wird sich mit der Zeit zeigen, ob es sich gebessert hat. Searchnu erscheint zumindest immer noch in meinen neu geöffneten Tabs. Keep up the good work! Sarah |
|
22.03.2013, 18:23
| #6 |
| /// TB-Ausbilder | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Hallo Sarah, hm, der AdwCleaner hat da Einträge stehenlassen. Versuchen wir es noch einmal, und dann nehm ich sie manuell raus. Schritt 1
Schritt 2
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ --> Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" |
|
23.03.2013, 17:14
| #7 |
| | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Hey Leo, danke für deine Mühen. Hier die beiden Logs: Log von AdwCleanerAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 23/03/2013 um 16:30:54 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Besitzer - BESITZER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Besitzer\Pictures\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Program Files\search results toolbar
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19401
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\sphhgde8.default\prefs.js
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=706&systemid=406&apn[...]
*************************
AdwCleaner[S1].txt - [396 octets] - [22/03/2013 15:44:49]
AdwCleaner[S2].txt - [21518 octets] - [22/03/2013 15:52:45]
AdwCleaner[S3].txt - [1030 octets] - [23/03/2013 16:30:55]
########## EOF - C:\AdwCleaner[S3].txt - [1090 octets] ##########
Log von OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 23.03.2013 16:49:01 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Besitzer\Pictures\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19401) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,22% Memory free 4,23 Gb Paging File | 2,85 Gb Available in Paging File | 67,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141,57 Gb Total Space | 17,69 Gb Free Space | 12,49% Space Free | Partition Type: NTFS Drive D: | 7,48 Gb Total Space | 2,17 Gb Free Space | 29,07% Space Free | Partition Type: NTFS Drive E: | 5,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.20 23:19:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Pictures\Desktop\OTL.exe PRC - [2013.03.13 12:43:36 | 004,970,496 | ---- | M] (Bandoo Media Inc.) -- C:\Programme\Search Results Toolbar\Datamngr\DatamngrUI.exe PRC - [2013.03.13 12:43:34 | 004,557,312 | ---- | M] (Bandoo Media Inc.) -- C:\Programme\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe PRC - [2013.01.24 18:33:42 | 000,701,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2013.01.24 18:33:23 | 000,544,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2010.10.08 06:18:42 | 000,726,288 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\iked.exe PRC - [2010.10.08 06:18:42 | 000,541,968 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe PRC - [2010.10.08 06:18:42 | 000,054,544 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008.01.22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.04.24 02:11:42 | 000,262,243 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe PRC - [2007.03.12 19:54:24 | 000,050,696 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe PRC - [2007.03.09 18:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.02.12 15:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2013.02.15 09:44:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll MOD - [2013.01.24 18:34:13 | 000,063,408 | ---- | M] () -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll MOD - [2013.01.10 10:07:04 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.10 10:04:53 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 10:03:39 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2007.04.24 02:10:44 | 000,061,440 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ========== Services (SafeList) ========== SRV - [2013.03.18 19:59:55 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.13 12:43:34 | 004,557,312 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Programme\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe -- (DatamngrCoordinator) SRV - [2013.03.08 15:52:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.24 18:33:23 | 000,544,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.16 13:28:06 | 000,082,944 | ---- | M] (Freemake) [Auto | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2010.10.08 06:18:42 | 000,726,288 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked) SRV - [2010.10.08 06:18:42 | 000,541,968 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) SRV - [2010.10.08 06:18:42 | 000,054,544 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.01.22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.04.24 02:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) SRV - [2007.04.24 02:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) SRV - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.01.24 18:15:54 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2013.01.24 18:13:54 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux) DRV - [2013.01.24 18:13:54 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsint.sys -- (acsint) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.04.29 16:49:42 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.04.29 16:49:40 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.11.09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010.09.02 08:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt) DRV - [2010.09.02 08:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet) DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.05 11:15:58 | 001,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009.03.25 15:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009.03.25 15:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) DRV - [2009.03.25 15:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) DRV - [2009.03.25 15:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009.03.25 15:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) DRV - [2009.03.25 15:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) DRV - [2009.03.25 15:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2009.02.26 19:13:45 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.02.24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.08.29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.03.05 22:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.03.01 13:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.23 18:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.30 18:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006.06.28 17:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2003.07.09 16:52:02 | 000,020,032 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Stopped] -- C:\Windows\System32\MLPTDR_P.SYS -- (MLPTDR_P) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: rtmgmail%40rememberthemilk.com:1.0.7 FF - prefs.js..extensions.enabledAddons: %7Bd04b0b40-3dab-4f0b-97a6-04ec3eddbfb0%7D:2.0.6 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.1.4 FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0 FF - prefs.js..extensions.enabledItems: robert.kresse@vebu.de:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.5 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=706&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=6554020327914509&o=APN10645&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.02.20 18:19:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.11.01 18:30:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 15:52:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 22:45:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 15:52:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 22:45:41 | 000,000,000 | ---D | M] [2013.03.17 19:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions [2011.03.17 16:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2013.03.23 16:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\sphhgde8.default\extensions [2010.05.30 16:18:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\sphhgde8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.03.08 22:42:24 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\sphhgde8.default\extensions\https-everywhere@eff.org [2009.04.17 16:49:06 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\sphhgde8.default\extensions\moveplayer@movenetworks.com [2010.12.19 13:19:13 | 000,000,000 | ---D | M] ("vebusupport") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\sphhgde8.default\extensions\robert.kresse@vebu.de [2012.11.26 19:02:21 | 000,012,881 | ---- | M] () (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\sphhgde8.default\extensions\rtmgmail@rememberthemilk.com.xpi [2012.12.13 09:48:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\sphhgde8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2011.05.17 15:39:23 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\sphhgde8.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2013.02.15 09:51:28 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\sphhgde8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.04.24 10:04:40 | 000,002,289 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\sphhgde8.default\searchplugins\ecosia.xml [2013.03.17 19:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.27 22:45:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.03.17 19:55:35 | 000,000,000 | ---D | M] (Datamngr) -- C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2013.03.08 15:52:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.21 10:19:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 20:11:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.21 10:19:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 10:19:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 10:19:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 10:19:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe () O4 - HKU\S-1-5-18..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe () O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O7 - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-1788041499-2400256946-4090530611-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.206.100.126 129.206.210.127 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DC3C7D7-9805-4B24-9C99-A14AE4A9D4AB}: DhcpNameServer = 129.206.100.126 129.206.210.127 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AD0DBD8-49C9-4E56-8098-B52A36872AFA}: Domain = uni-mannheim.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AD0DBD8-49C9-4E56-8098-B52A36872AFA}: NameServer = 134.155.96.51,134.155.96.53 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80742428-975B-48AE-8B46-54D87A5BF182}: Domain = uni-mannheim.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80742428-975B-48AE-8B46-54D87A5BF182}: NameServer = 134.155.96.51,134.155.96.53 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E05E1A56-4AE7-489B-BEE9-F15DC4BB9062}: Domain = urz.uni-heidelberg.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E05E1A56-4AE7-489B-BEE9-F15DC4BB9062}: NameServer = 129.206.100.126,129.206.210.127 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{cad2a7f2-6a52-11e0-8036-001b2497147f}\Shell - "" = AutoRun O33 - MountPoints2\{cad2a7f2-6a52-11e0-8036-001b2497147f}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{f44d34f6-de88-11de-8025-00059a3c7800}\Shell\AutoRun\command - "" = F:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.23 16:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2013.03.20 23:19:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Pictures\Desktop\OTL.exe [2013.03.20 19:28:27 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes [2013.03.20 19:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.20 19:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.20 19:27:59 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.20 19:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.20 19:26:48 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Besitzer\Pictures\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.20 17:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.03.20 17:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.03.20 17:50:38 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Besitzer\Pictures\Desktop\SpyHunter-Installer.exe [2013.03.17 19:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert [2013.03.17 19:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Search Results Toolbar [2013.03.17 19:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr [2013.02.27 22:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.26 21:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gargoyle [2013.02.26 21:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Gargoyle [2009.08.18 18:21:45 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeF8D2.dll [76 C:\Users\Besitzer\Pictures\Desktop\*.tmp files -> C:\Users\Besitzer\Pictures\Desktop\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.23 16:51:57 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{57628678-73F5-4FE3-AE75-90EAFCFFAF9A}.job [2013.03.23 16:46:24 | 000,137,517 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.03.23 16:46:24 | 000,137,517 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.03.23 16:41:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.23 16:41:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.23 16:41:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.23 16:41:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.23 16:41:00 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2013.03.23 16:34:12 | 000,000,269 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.03.23 16:19:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.22 17:56:25 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.20 23:19:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Pictures\Desktop\OTL.exe [2013.03.20 23:18:57 | 000,609,993 | ---- | M] () -- C:\Users\Besitzer\Pictures\Desktop\adwcleaner.exe [2013.03.20 20:04:49 | 000,000,060 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\mbam.context.scan [2013.03.20 19:27:08 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Besitzer\Pictures\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.20 17:50:54 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Besitzer\Pictures\Desktop\SpyHunter-Installer.exe [2013.03.20 16:20:11 | 000,644,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.20 16:20:11 | 000,600,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.20 16:20:11 | 000,131,444 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.20 16:20:11 | 000,108,822 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.16 11:46:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.03.12 00:15:08 | 000,015,229 | ---- | M] () -- C:\Users\Besitzer\Documents\Sitzung 11.3.13.odt [2013.02.28 10:25:24 | 003,820,716 | ---- | M] () -- C:\Users\Besitzer\Documents\Gothaer Lebensversicherung.pdf [76 C:\Users\Besitzer\Pictures\Desktop\*.tmp files -> C:\Users\Besitzer\Pictures\Desktop\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.22 15:46:54 | 000,000,269 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.03.20 23:18:40 | 000,609,993 | ---- | C] () -- C:\Users\Besitzer\Pictures\Desktop\adwcleaner.exe [2013.03.20 20:04:49 | 000,000,060 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\mbam.context.scan [2013.03.12 00:15:03 | 000,015,229 | ---- | C] () -- C:\Users\Besitzer\Documents\Sitzung 11.3.13.odt [2013.02.28 22:43:04 | 003,820,716 | ---- | C] () -- C:\Users\Besitzer\Documents\Gothaer Lebensversicherung.pdf [2012.02.26 15:18:51 | 000,000,862 | ---- | C] () -- C:\Users\Besitzer\.recently-used.xbel [2011.05.21 22:11:00 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\{D0F5232D-EB7C-42F7-AF8A-6360D50ED6B0} [2011.04.29 16:49:42 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.04.29 16:49:40 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.04.25 15:30:45 | 000,000,059 | ---- | C] () -- C:\Windows\RUNAWAY.INI [2010.06.05 21:32:55 | 000,004,096 | -H-- | C] () -- C:\Users\Besitzer\AppData\Local\keyfile3.drm [2009.10.09 08:45:16 | 000,001,470 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\RecConfig.xml [2009.07.05 08:32:56 | 000,137,517 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.07.05 08:32:56 | 000,137,517 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.06.20 17:22:41 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.05.02 13:49:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008.01.03 16:26:02 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.11.23 19:56:50 | 000,000,680 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat [2007.11.04 20:18:10 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\wklnhst.dat [2007.11.02 20:46:57 | 000,161,280 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.10.13 17:59:43 | 000,027,620 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\nvModes.001 [2007.10.13 00:07:12 | 000,027,620 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.02.26 19:21:18 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools [2009.02.26 19:28:04 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools Lite [2009.02.26 19:21:18 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools Pro [2012.12.03 19:06:06 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\digital publishing [2013.03.22 17:59:36 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\EndNote [2010.11.25 23:34:23 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\GetRightToGo [2012.01.17 11:52:25 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\gtk-2.0 [2012.11.01 22:48:13 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ICQ [2007.11.03 17:55:32 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ICQ Toolbar [2010.09.29 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\iScreensaver [2011.11.03 18:52:17 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Langenscheidt [2009.08.24 10:30:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Leadertech [2010.09.20 13:44:00 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\LEGO Company [2011.03.16 01:23:27 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ManyCam [2011.02.21 16:11:53 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mobipocket [2008.04.13 16:42:46 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OLYMPUS [2011.01.06 19:42:41 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenOffice.org [2011.03.18 16:26:33 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Philips [2011.03.17 16:21:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Philips-Songbird [2012.01.01 14:13:15 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\PhotoFiltre [2011.04.19 16:38:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ProtectDISC [2009.05.13 14:31:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Quark [2008.05.02 13:49:13 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Samsung [2012.08.21 11:05:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Softland [2013.01.24 09:26:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Swiss Academic Software [2010.05.02 16:52:59 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Template [2011.06.21 12:32:35 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Three Rings Design [2009.03.09 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\uTorrent [2008.01.16 10:18:21 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ICQ Toolbar ========== Purity Check ========== < End of report > |
|
23.03.2013, 17:39
| #8 |
| /// TB-Ausbilder | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Hallo, weiter mit diesen Schritten. Besteht das Problem danach immer noch? Schritt 1
Code:
ATTFilter :OTL
[2013.03.17 19:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013.03.17 19:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Search Results Toolbar
[2013.03.17 19:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr
O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
[2013.02.27 22:45:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2013.03.17 19:55:35 | 000,000,000 | ---D | M] (Datamngr) -- C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=706&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=6554020327914509&o=APN10645&q="
[2013.03.20 17:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.03.20 17:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.03.20 17:50:38 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Besitzer\Pictures\Desktop\SpyHunter-Installer.exe
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
:commands
[emptytemp]
Schritt 2
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
24.03.2013, 00:00
| #9 |
| | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Hey Leo, hier der Log von OTL All processes killed ========== OTL ========== C:\ProgramData\Wincert folder moved successfully. C:\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\content folder moved successfully. C:\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension\components folder moved successfully. C:\Program Files\Search Results Toolbar\Datamngr\FirefoxExtension folder moved successfully. C:\Program Files\Search Results Toolbar\Datamngr folder moved successfully. C:\Program Files\Search Results Toolbar folder moved successfully. C:\ProgramData\Datamngr folder moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\Wincert\WIN32C~1.DLL deleted successfully. File C:\ProgramData\Wincert\win32cert.dll not found. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully. Folder C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION\ not found. Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=706&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=6554020327914509&o=APN10645&q=" removed from keyword.URL C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter\Data folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully. C:\Program Files\Enigma Software Group folder moved successfully. C:\Program Files\Common Files\Wise Installation Wizard folder moved successfully. C:\Users\Besitzer\Pictures\Desktop\SpyHunter-Installer.exe moved successfully. Service esgiguard stopped successfully! Service esgiguard deleted successfully! File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Besitzer ->Temp folder emptied: 434320072 bytes ->Temporary Internet Files folder emptied: 12658351 bytes ->Java cache emptied: 4112745 bytes ->FireFox cache emptied: 95449836 bytes ->Apple Safari cache emptied: 1660928 bytes ->Flash cache emptied: 15748086 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gast ->Temp folder emptied: 9701630 bytes ->Temporary Internet Files folder emptied: 34029975 bytes ->Flash cache emptied: 3147 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1319902 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 381676336 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 945,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03232013_181240 Files\Folders moved on Reboot... File\Folder C:\Users\Besitzer\AppData\Local\Temp\2011-09-20-1184499465_04-RG.PDF not found! C:\Users\Besitzer\AppData\Local\Temp\ehmsas.txt moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... MBAM Log Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.03.23.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19401 Besitzer :: BESITZER-PC [Administrator] 23.03.2013 18:30:21 mbam-log-2013-03-23 (18-30-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 231192 Laufzeit: 7 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Log von ESET Keine infizierten Dateien gefunden! Log von SecurityCheck Mein Avast-Programm hat mich davor gewarnt, das zu öffnen und meinte, es sei eine FileRepMalware! Was hast du mir da geschickt?! Jedenfalls scheinen auf meinem Rechner keine infizierten Dateien mehr zu sein, und auch die searchnu-Toolbar / -Tabs sind weg. Tausend Dank dir. Auch wenn ich jetzt nicht wirklich weiß, was ich davon halten soll, dass du mir ein scheinbar bösartiges Programm geschickt hast. Erklärung bitte! Cheers, Sarah |
|
24.03.2013, 00:19
| #10 | |
| /// TB-Ausbilder | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Hallo Sarah, Zitat:
Das ist ein Fehlalarm. Du kannst das File auf Virustotal hochladen und von 46 verschiedenen Scannern gleichzeitig testen lassen, wenn du das nicht glaubst. Wenn du dich davon überzeugt hast, dann schalte temporär avast aus, wenn er stört, lass das Tool durchlaufen und poste das Log. Danach schliessen wir noch deine Sicherheitslücken.
__________________ cheers, Leo |
|
25.03.2013, 16:38
| #11 |
| | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Log von SecurityCheck Results of screen317's Security Check version 0.99.61 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 CCleaner Java(TM) 6 Update 30 Java 7 Update 9 Java(TM) SE Runtime Environment 6 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (19.0.2) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe Windows Defender MSASCui.exe Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` ********************************************************************* Danke dir, Leo! Ich wollte nicht undankbar wirken, dafür, dass du dir hier so viel Mühe machst! Sorry. Natürlich kennst du dich besser aus als ich, und es war blöd von mir, das zu hinterfragen. :-) PS: Oha, alles out of date... Da muss ich mich ja mal schleunigst an Updates ranmachen. Außer Internet Explorer, den benutze ich gar nicht. Grüße, Sarah |
|
25.03.2013, 17:15
| #12 | ||
| /// TB-Ausbilder | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Hallo Sarah, Zitat:
 (Es wäre ja theoretisch durchaus irgendwie möglich, dass eines der Tools von einem Angreifer oder sonst wie schädlichen Code untergeschoben bekommt. Ich musste nach deiner Nachricht selber zuerst testen, ob das hier der Fall ist oder nicht.) Zitat:
Schritt 1 Downloade und installiere den Internet Explorer 9. Schritt 2 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 17.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Schritt 3 Dein Flashplayer im Internet Explorer ist veraltet. Installiere folgendermassen die aktuelle Version:
Schritt 4 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Schritt 5
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
26.03.2013, 21:49
| #13 |
| | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Hey Leo, ich versuche nun schon seit Tagen, mein Java zu aktivieren. Heruntergeladen ist es, aber ich habe nun schon alles mögliche probiert, es zu aktivieren, aber es will einfach nicht. Vielleicht übersehe ich irgendwo ein Häkchen... Und wenn ich manuell nach Adobe Reader-Updates suche, dann sagt er mir, dass 10.1.6. (das, was ich habe) das aktuelle wäre. Aber der Plugin-Check verlangt nach 11.0. Auf dieser Seite https://www.adobe.com/de/products/reader.html steht "Adobe Reader IX" sei das Neueste, klicke ich darauf, erscheint nur wieder 10, statt 11. Weißt du, woran das liegen kann? Wenn ich die beiden Updates endlich abgeschlossen habe, schicke ich dir den SecurityCheck-Log. Grüße! |
|
26.03.2013, 21:51
| #14 | |
| /// TB-Ausbilder | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab"Zitat:
Was klappt denn nicht bei Java? Gibt es eine Fehlermeldung? Hast du alle alten Versionen (es sind sogar 6 Stück bei dir, nicht 5) deinstalliert?
__________________ cheers, Leo |
|
26.03.2013, 22:09
| #15 |
| | Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" Hey, jetzt hat alles geklappt. Alles ist nun auf dem neusten Stand. Danke dir! Ich hab wohl eine Java-Version beim Deinstallieren übersehen (da alle anderen mit "Java Update 5", "6" etc. betitelt waren, aber diese eine Version, die ich jetzt noch deinstalliert habe, hieß "Run Time Environment 6", hab das nicht als veraltete Version gesehen und deshalb in meinen Programmen stehen gelassen). Security Check folgt... Schönen Abend dir! Und daaaaanke für deine Mühen und deine megaschnellen Antworten. :-) PS: Können andere mit meinen ganzen Logs etwas anfangen? Stehen dort sensible Daten drin (außer dass ich Monkey Island und Jack Keane zocke)? Geändert von JambalayaJam (26.03.2013 um 22:23 Uhr) |
|
| Themen zu Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab" |
| about, avast, chip.de, computer, computer lahm, computern, dateien gelöscht, firefox, folge, forum, google, internet, lahm, laptop, leute, logfiles, malwarebytes, mozilla, neu, neue, newtab, searchnu, seite, seiten, startseite, tab, trojaner, vista, windows, windows vista |
Textbox.
Linear-Darstellung
