| |
| |||||||
Log-Analyse und Auswertung: Trojaner Savings Sidekick und Incredibar auf meinem LaptopWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.03.2013, 22:51
| #1 |
 |  Trojaner Savings Sidekick und Incredibar auf meinem Laptop Hallo, seit kurzer Zeit stürzt Firefox ständig ab. Die CPU Auslastung ist dann auch extrem hoch. Habe im Add-on Manager Saving Sidekicks und Incredibar gefunden. Incredibar war schon deaktiviert und Savings Sidekick habe ich deaktiviert. Nun läuft Firefox schon besser. Da mir beide "Add-ons" nicht bekannt waren (bin kein echter PC-Kenner!!!), habe ich beim googlen nach dem Problem diese Seite gefunden. Laut Avira ist mein Lappi sicher. Habe mich hier umgeschaut und mir defogger und gmer (OTL hängt bei mir auch bei Firefox settings - das Problem hatte hier auch schon jemand) runtergeladen und ausgeführt. Savings Sidekick finde ich bei mir auch unter Systemsteurung - Programe, Incredibar nicht! Ich hoffe, die Infos reichen soweit?? Gruß |
|
24.03.2013, 11:10
| #2 | |
| /// TB-Ausbilder   | Trojaner Savings Sidekick und Incredibar auf meinem Laptop Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Zitat:
Abschließend hätte ich noch gerne die Logdatei von GMER. Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex
netsvcs
msconfig
CREATERESTOREPOINT
Bitte poste mit deiner nächsten Antwort
|
|
24.03.2013, 18:57
| #3 |
| | Trojaner Savings Sidekick und Incredibar auf meinem Laptop Hallo,
__________________habe nun die folgenden Aktiondn durchgeführt: LogDatei AdwCleaner: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 24/03/2013 um 16:22:27 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : oggi12 - CHRISTIAN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\oggi12\Desktop\adwcleaner.exe
# Option [Löschen]
# Schalter verwendet : /DisableAskDetection
**** [Dienste] ****
Gestoppt & Gelöscht : IBUpdaterService
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\oggi12\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Datei Gelöscht : C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\jhq1p98b.default\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\jhq1p98b.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\qo5rx7n7.default\extensions\pricepeep@getpricepeep.com.xpi
Datei Gelöscht : C:\Users\oggi12\Desktop\Check for Updates.lnk
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Windows\SysWOW64\dmwu.exe
Ordner Gelöscht : C:\Program Files (x86)\Ashampoo_DE
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\file scout
Ordner Gelöscht : C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gelöscht : C:\Program Files (x86)\LayoutsExpress
Ordner Gelöscht : C:\Program Files (x86)\Minibar
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Program Files (x86)\PricePeep
Ordner Gelöscht : C:\Program Files (x86)\Savings Sidekick
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\oggi12\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\oggi12\AppData\Local\Minibar
Ordner Gelöscht : C:\Users\oggi12\AppData\Local\Savings Sidekick
Ordner Gelöscht : C:\Users\oggi12\AppData\Local\Temp\Conduit
Ordner Gelöscht : C:\Users\oggi12\AppData\Local\Temp\CT2481020
Ordner Gelöscht : C:\Users\oggi12\AppData\Local\Temp\CT2625848
Ordner Gelöscht : C:\Users\oggi12\AppData\LocalLow\Ashampoo_DE
Ordner Gelöscht : C:\Users\oggi12\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\oggi12\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\oggi12\AppData\LocalLow\CT2625848
Ordner Gelöscht : C:\Users\oggi12\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\oggi12\AppData\LocalLow\Ironsource
Ordner Gelöscht : C:\Users\oggi12\AppData\LocalLow\Minibar
Ordner Gelöscht : C:\Users\oggi12\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\oggi12\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\oggi12\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\oggi12\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\oggi12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\jhq1p98b.default\CT2625848
Ordner Gelöscht : C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\jhq1p98b.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gelöscht : C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\jhq1p98b.default\extensions\{5786d022-540e-4699-b350-b4be0ae94b79}
Ordner Gelöscht : C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\jhq1p98b.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
Ordner Gelöscht : C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\jhq1p98b.default\extensions\crossriderapp5060@crossrider.com
Ordner Gelöscht : C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\jhq1p98b.default\extensions\ffxtlbr@incredibar.com
Ordner Gelöscht : C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\jhq1p98b.default\Smartbar
Ordner Gelöscht : C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\qo5rx7n7.default\extensions\ffxtlbr@searchya.com
Ordner Gelöscht : C:\Users\oggi12\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Ashampoo_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PricePeep
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Savings Sidekick
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Ironsource
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5786D022-540E-4699-B350-B4BE0AE94B79}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5786D022-540E-4699-B350-B4BE0AE94B79}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKCU\Software\Minibar
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\fe8cd1b63eee44
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Ashampoo_DE
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartBar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2481020
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044504460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4F9AD2F2-3A64-470E-93F7-A03423E52ACA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{63BEF061-5EFC-4753-9806-ED0573BC7C4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A7C2FCDD-0359-49DD-8339-BE2A5BD60918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\Ironsource
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F6477D09-A529-4EEC-993D-BAAEB71AE111}
Schlüssel Gelöscht : HKLM\Software\Minibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5786D022-540E-4699-B350-B4BE0AE94B79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D6598005-A921-4F83-B6E6-F4F030D1BF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F6477D09-A529-4EEC-993D-BAAEB71AE111}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F6ECBD3-98B1-4044-8520-69407A70C83C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055505560}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8A41F062-A222-4322-A8C4-26218BE869B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0207057-3461-4F7F-B689-D016B7A03964}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C6A61AAE-D30B-4E7A-A3D8-8A34E5BA3414}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\fe8cd1b63eee44
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98EC5C2E-758F-4A06-89D3-9CB60C444FDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBE2AD92-D6D8-4362-AA11-DBA9E2A54951}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5786D022-540E-4699-B350-B4BE0AE94B79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LayoutsExpress
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F6ECBD3-98B1-4044-8520-69407A70C83C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8A41F062-A222-4322-A8C4-26218BE869B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0207057-3461-4F7F-B689-D016B7A03964}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C6A61AAE-D30B-4E7A-A3D8-8A34E5BA3414}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{539F76FD-084E-4858-86D5-62F02F54AE86}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5786D022-540E-4699-B350-B4BE0AE94B79}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5786D022-540E-4699-B350-B4BE0AE94B79}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{33AA308B-B565-4376-AC66-59EE9B6AD13E}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5786D022-540E-4699-B350-B4BE0AE94B79}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=118716&babsrc=HP_ss&mntrId=d8b822250000000000000eedb92db98e --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0B0EyCtB0CzztBtBtByDtN0D0Tzu0StBzyyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1398799176 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.32010003&st=12 --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (en-US)
Datei : C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\jhq1p98b.default\prefs.js
C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\jhq1p98b.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2481020.autoDisableScopes", -1);
Gelöscht : user_pref("CT2625848.1000082.isDisplayHidden", "true");
Gelöscht : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT2625848.2625848a129894023611240511000000paramsGK1", "eyJ1cGRhdGVSZXFUaW1lIjoxMzUyNDc0Mj[...]
Gelöscht : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2625848.FirstTime", "true");
Gelöscht : user_pref("CT2625848.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2625848.LoginRevertSettingsEnabled", true);
Gelöscht : user_pref("CT2625848.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT2625848.UserID", "UN33821517308125726");
Gelöscht : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.autoDisableScopes", -1);
Gelöscht : user_pref("CT2625848.cbcountry_001", "REU=");
Gelöscht : user_pref("CT2625848.cbfirsttime", "VGh1IE5vdiAwOCAyMDEyIDIyOjM2OjAwIEdNVCswMTAw");
Gelöscht : user_pref("CT2625848.defaultSearch", "false");
Gelöscht : user_pref("CT2625848.enableAlerts", "false");
Gelöscht : user_pref("CT2625848.enableFix404ByUser", "TRUE");
Gelöscht : user_pref("CT2625848.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2625848.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundErrorByUser", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2625848.fixUrls", true);
Gelöscht : user_pref("CT2625848.installId", "conduitnsisintegration");
Gelöscht : user_pref("CT2625848.installType", "conduitnsisintegration");
Gelöscht : user_pref("CT2625848.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2625848.isNewTabEnabled", false);
Gelöscht : user_pref("CT2625848.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2625848.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Gelöscht : user_pref("CT2625848.lastVersion", "10.14.65.43");
Gelöscht : user_pref("CT2625848.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2625848.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Gelöscht : user_pref("CT2625848.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.openThankYouPage", "false");
Gelöscht : user_pref("CT2625848.openUninstallPage", "true");
Gelöscht : user_pref("CT2625848.search.searchAppId", "129181467799155027");
Gelöscht : user_pref("CT2625848.search.searchCount", "0");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabledByUser", "false");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352062258048");
Gelöscht : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1352462048883");
Gelöscht : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1352062258620");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.13.3.21_lastUpdate", "1352847204512");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358805385305");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359367356247");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360791578716");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364132507290");
Gelöscht : user_pref("CT2625848.serviceLayer_services_optimizer_lastUpdate", "1352472729720");
Gelöscht : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1352062258681");
Gelöscht : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1352459921003");
Gelöscht : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1364082868518");
Gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1352062258379");
Gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1364132507513");
Gelöscht : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1364082869413");
Gelöscht : user_pref("CT2625848.settingsINI", true);
Gelöscht : user_pref("CT2625848.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2625848.smartbar.CTID", "CT2625848");
Gelöscht : user_pref("CT2625848.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2625848.smartbar.isHidden", true);
Gelöscht : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
Gelöscht : user_pref("CT2625848.startPage", "false");
Gelöscht : user_pref("CT2625848.toolbarBornServerTime", "4-11-2012");
Gelöscht : user_pref("CT2625848.toolbarCurrentServerTime", "24-3-2013");
Gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=118716&babsrc=HP_ss&mntrId[...]
Gelöscht : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=118716&babsrc=HP_ss&mntrId=d[...]
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "d8b822250000000000000eedb92db98e");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15732");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=118716");
Gelöscht : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.218:11:30");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.InstallationThankYouPage", true);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1352398036);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.searchUserConifrmation", false[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setHomepage", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setNewTab", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.InstallationUserSettings.setSearch", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.active", true);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.addressbar", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.addressbarenhanced", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n//\n");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.backgroundver", 38);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1352398036");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1352398036");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_arbitrary_code.expiration", "Sat Mar 23 201[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_arbitrary_code.value", "%22/**/%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Sat Mar 23 2013 00:[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_cf_ab_cap1.expiration", "Fri Feb 01 2030 00[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_cf_ab_cap1.value", "%22lbcmmpmjjaockhkcoflj[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_cf_bu1.value", "1361288544");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Sun Mar 24 2013 [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22DE%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1363901496");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_currenttime.value", "%221363714872%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2214019%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1352398077481");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221224%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_sr[gametwist.de].expiration", "Sun Mar 24 2[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_sr[gametwist.de].value", "1363540720");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%22104200%22");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1352398064290");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.cookie.lastrequest.value", "%7B%22path%22%3A%22/%22%2C%[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.domain", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.group", 0);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.homepage", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.iframe", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "82");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Sat Mar 23[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.expiration", "Fri[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.newtab", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.opensearch", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 4);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 15);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 35);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 5);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_64.name", "appApiMessage");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_64.ver", 1);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_72.name", "appApiValidation");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_72.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_78.code", "(function(a){if(typeof a===\"[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_78.name", "CrossriderInfo");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_78.ver", 2);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_98.code", "(function(){var b=\"cr_\"+app[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_98.name", "omniCommands");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_98.ver", 1);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,10000[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Gelöscht : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 58);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.setnewtab", false);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.settingsurl", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.thankyou", "");
Gelöscht : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360);
Gelöscht : user_pref("extensions.crossriderapp5060.5060.ver", 82);
Gelöscht : user_pref("extensions.crossriderapp5060.adsOldValue", -1);
Gelöscht : user_pref("extensions.crossriderapp5060.apps", "5060");
Gelöscht : user_pref("extensions.crossriderapp5060.bic", "13ae134bcff4399a776f53d67d4394ed");
Gelöscht : user_pref("extensions.crossriderapp5060.cid", 5060);
Gelöscht : user_pref("extensions.crossriderapp5060.firstrun", false);
Gelöscht : user_pref("extensions.crossriderapp5060.hadappinstalled", true);
Gelöscht : user_pref("extensions.crossriderapp5060.installationdate", 1352398061);
Gelöscht : user_pref("extensions.crossriderapp5060.lastcheck", 22733140);
Gelöscht : user_pref("extensions.crossriderapp5060.lastcheckitem", 22733274);
Gelöscht : user_pref("extensions.crossriderapp5060.modetype", "production");
Gelöscht : user_pref("extensions.crossriderapp5060.reportInstall", true);
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10643");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "d8b822250000000000000eedb92db98e");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15688");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "6666660837");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyXbXirIg&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyXbXirIg");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92262621620998052");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1420:42:02");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("smartbar.machineId", "LVUS8WWJDZ9+7VXHOKGP3CQKN6XZIQHIMBKZC44Q7HZUS06GFTI5UXJEQJGCRN9UWZ6[...]
Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "hxxp://search.babylon.c[...]
Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...]
Datei : C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\qo5rx7n7.default\prefs.js
C:\Users\oggi12\AppData\Roaming\Mozilla\Firefox\Profiles\qo5rx7n7.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN[...]
Gelöscht : user_pref("keyword.URL", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0EtD0[...]
Gelöscht : user_pref("browser.search.selectedEngine", "SearchYa!");
Gelöscht : user_pref("browser.search.defaultenginename", "SearchYa!");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\oggi12\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [53917 octets] - [24/03/2013 16:22:27]
########## EOF - C:\AdwCleaner[S1].txt - [53978 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Home Premium x64
Ran by oggi12 on 24.03.2013 at 16:33:46,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\filescout
Successfully deleted: [Registry Key] hkey_current_user\software\performersoft llc
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted: [File] C:\Users\oggi12\AppData\Roaming\mozilla\firefox\profiles\jhq1p98b.default\invalidprefs.js
Successfully deleted: [File] C:\Users\oggi12\AppData\Roaming\mozilla\firefox\profiles\jhq1p98b.default\searchplugins\askcom.xml
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\staged"
Successfully deleted: [Folder] C:\Users\oggi12\AppData\Roaming\mozilla\firefox\profiles\jhq1p98b.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\oggi12\AppData\Roaming\mozilla\firefox\profiles\jhq1p98b.default\prefs.js
user_pref("extensions.crossrider.bic", "13ae134bcff4399a776f53d67d4394ed");
Emptied folder: C:\Users\oggi12\AppData\Roaming\mozilla\firefox\profiles\jhq1p98b.default\minidumps [153 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.03.2013 at 16:42:18,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter OTL Extras logfile created on: 24.03.2013 17:24:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oggi12\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 62,16% Memory free
7,60 Gb Paging File | 6,01 Gb Available in Paging File | 79,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463,76 Gb Total Space | 415,82 Gb Free Space | 89,66% Space Free | Partition Type: NTFS
Drive F: | 666,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: CHRISTIAN | User Name: oggi12 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024F34B1-AD54-4706-839D-065F57D56374}" = rport=138 | protocol=17 | dir=out | app=system |
"{06033770-9C0D-42E1-8E28-97EA45A908C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{0A88E970-ADAC-441D-85AB-8A982E11D899}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10259613-C893-49DE-A9D2-84A025100C0A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{13316379-92AC-42A4-B62C-7C284B4FB6EA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1556E003-1895-4A58-962C-A022D051F93C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{15F29540-55C1-4760-A473-9604DE697BE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23AA44B9-524D-473E-9216-2C177B7A636A}" = rport=139 | protocol=6 | dir=out | app=system |
"{29AE824D-127F-46F5-A791-F15CA443F45B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36A2A689-7EE9-4706-AB7F-241058D344C4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{37A237F3-495F-4ABA-AB00-2F7CEF4F140F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4722E79D-4800-49E3-872A-9703CB9BB7C6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4853FB26-3608-428F-903C-A2AC59E45BDF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BF3839D-D035-4DB9-9676-D4C8D67CE41C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E625E4E-84E0-4C6D-99B9-003D11531235}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53DB27DC-427F-4A95-A351-FBDC2B24445D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55DB6E79-A2FC-4520-9CD6-F0F7B9B8B183}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F17159B-72F7-407D-B501-6ACCD8ED804B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{732BE41D-1DE5-482C-865C-113E9EE2F2BB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{74248603-69B2-4796-8364-1874925A0ECD}" = rport=137 | protocol=17 | dir=out | app=system |
"{74F99F03-F6A3-4131-8CE6-F6E0ED4F3051}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7D254AEB-B3D4-4464-87B1-28236BAAB92E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80FC9CBB-FAE0-4BAD-A3CC-E5029D409499}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83EBED7B-BD64-43DC-BEB0-FF0A5316F7AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DBFED5D-DF17-49E0-AE36-BC1CC6362E66}" = lport=445 | protocol=6 | dir=in | app=system |
"{90CD6330-7624-4B2F-AC8F-926C45674F0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0206860-A90E-4659-9CAD-6D41CD6FA758}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A681D934-829E-4A56-81D7-D4D895C6AE62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A73D2E3D-5162-4B92-8298-B149FE8F84AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAF80EB3-B565-45FA-A3F2-91744D4F1214}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B0ABCF33-E89A-4731-B864-800C31A93AAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1286CD8-448B-4428-AAF1-372544721FB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6FD58CC-074E-462D-9D8A-1D5A2BBB29C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{B81E80D7-847F-4DBF-A482-9B529D1C8670}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB7D9B1B-8A1A-4BCE-9C24-03D88B895EF2}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFF474AF-01F0-4AFA-AB1D-C72C5F81253E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6E515A4-B4F1-4621-B24D-6BDEB6E343AC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F351F410-8339-4278-84D5-265E653B2D97}" = lport=137 | protocol=17 | dir=in | app=system |
"{F3E7D306-3E46-401A-9AAF-4F2A663004C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF85AB31-6E7F-442F-AAB4-41713B8B3F57}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF95FC4F-D35F-41F7-8021-313FE0E667AC}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBF7B14-4979-472F-AEB0-E3CF5696CFD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A94C3D4-65E4-4E7A-B905-9D9374402A96}" = dir=out | app=c:\windows\syswow64\dmwu.exe |
"{1C45A7A3-C95E-4774-90A0-76CF018E212A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1E47D1A1-4E75-457E-88D3-D0D6D653678A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B274FAC-D993-4900-BB7D-B26610B661C6}" = protocol=6 | dir=out | app=system |
"{2DFF78AD-D441-41FE-A975-11B3BBA1A295}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{33C07739-4590-484F-BA36-41CA0C1586D5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{38A6FD9C-2583-44A1-A3E2-9CA59596148D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{48F767A1-BA52-40FD-B2ED-02125AA6C4AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48FC2D4D-DB21-4C79-A9A3-FA7C23E7DFD4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52628E78-2B65-408F-9E7F-EAD3D0FD7CA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52E323EB-CFE2-4925-89A8-1DD0D002F87D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{591DF078-42E3-45C2-B88E-AC15EC96E2D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6155BC94-683E-40ED-8011-F6738C8E4D6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{68D10EDF-40E7-4E1B-9BDC-85AA700542A6}" = dir=in | app=c:\windows\syswow64\dmwu.exe |
"{71316601-2B01-4F99-B412-85203FCDB6A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8561E9C3-3CE1-46B1-997E-CC7667FA9959}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8B84DD6-BAC5-4E80-82AF-6D85B927A2DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B254B33E-36F5-4434-BB4D-AA76F52885AB}" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{B990D5CD-2AD1-4206-8082-0901FACEA3F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C03C8618-C361-46AC-AE1A-5474825D174E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C29911C8-AAF1-4279-8E68-509B9A9A0BF4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CFE045D3-E7E3-4E57-BDF0-9A0B9ACC7F83}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D99AAB7A-E3A2-408B-AEAA-2652E6092BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAFDD18A-F206-4FE9-B4DE-710587416FCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBE4E04A-5D21-4F88-B76F-00450EB662CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0E11AED-14AD-4A61-B3D6-7C32AE8E8A5A}" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3FECD60-6740-4792-8D0A-0DFC15E851BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4B39B73-E22C-43DA-A42C-5966F5C0A317}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB0E62E5-CD55-4E22-92F5-321775F4F86A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{2B639A0C-3DC9-431D-AABC-9FD3E7A4FEAE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B80433A4-F5E1-4D1A-BB1F-486269F136BE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C290B398-FDC1-45CD-922E-5D48001E95FD}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{66EB7395-587B-4499-B94D-76FF953EBE32}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BB9F2080-C372-48C6-8074-DADEBB55CDA8}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F0EBC862-DF9D-48EF-888A-8F479C75D96E}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{128AF653-6E81-4525-BE84-43C297A35F28}_is1" = Object Fix Zip
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22FE3793-5961-4ADE-AE66-69D9291C22B1}" = HPLaserJetHelp_LearnCenter
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Avira AntiVir Desktop" = Avira Free Antivirus
"DeskUpdate_is1" = DeskUpdate
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Lula 3D - Demo" = Lula 3D - Demo
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SagaGamesHotelManager2_is1" = Hotel-Manager
"VideoPerformer" = VideoPerformer
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Updater
"Akamai" = Akamai NetSession Interface
"CT2625848" = DVDVideoSoftTB DE Toolbar
"Dropbox" = Dropbox
"Mozilla Firefox Packages" = Mozilla Firefox Packages
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 24.03.2013 11:53:10 | Computer Name = christian | Source = DCOM | ID = 10010
Description =
< End of report >
Zippen hat noch nicht so recht geklappt! Ich versuchs weiter..!! |
|
24.03.2013, 19:50
| #4 | |
| /// TB-Ausbilder | Trojaner Savings Sidekick und Incredibar auf meinem Laptop Servus, Zitat:
Das gleiche könntest du mit GMER versuchen.  |
|
24.03.2013, 20:31
| #5 |
| | Trojaner Savings Sidekick und Incredibar auf meinem Laptop Jupp, so oder so ähnlich hatte ich dann auch gedacht. Dachte mir, bevorich hier zig Antworten auf einmal schicke, frag ich mal lieber nach... So hier gehts weiter: 2. OTL LogDatei: Code:
ATTFilter OTL logfile created on: 24.03.2013 17:24:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oggi12\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 62,16% Memory free 7,60 Gb Paging File | 6,01 Gb Available in Paging File | 79,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 463,76 Gb Total Space | 415,82 Gb Free Space | 89,66% Space Free | Partition Type: NTFS Drive F: | 666,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: CHRISTIAN | User Name: oggi12 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.23 02:16:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oggi12\Downloads\OTL.exe PRC - [2013.02.12 16:18:57 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 16:18:36 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.02.12 16:18:33 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.12 16:18:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\oggi12\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\oggi12\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.09.25 13:25:34 | 000,102,528 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe PRC - [2010.10.25 13:40:08 | 000,058,936 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe PRC - [2009.11.01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.10.09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009.10.08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2009.07.08 20:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe ========== Modules (No Company Name) ========== MOD - [2013.02.16 12:19:32 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll MOD - [2013.02.16 12:19:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.02.16 12:19:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.02.16 12:18:49 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4976e150a5d096db3981d4d56dda5a8e\System.Deployment.ni.dll MOD - [2013.02.15 22:21:24 | 000,117,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeskUpdateNotifier\bb8aedfc8cb3fec4d0b2fa2ab4f9e66d\DeskUpdateNotifier.ni.exe MOD - [2013.02.15 00:22:34 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll MOD - [2013.01.11 20:01:05 | 000,766,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\652daef54b944f4e81ac562d639d0112\log4net.ni.dll MOD - [2013.01.10 16:33:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 16:33:17 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb4fa29ea9ab56d453b36696edbe6423\System.Runtime.Serialization.Formatters.Soap.ni.dll MOD - [2013.01.10 16:33:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 16:32:35 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 16:32:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 16:32:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 16:32:10 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 16:32:04 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.01.10 06:47:39 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.10 06:47:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.10 06:47:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll MOD - [2013.01.10 06:47:17 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.10 06:47:11 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2011.02.14 13:56:39 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll MOD - [2011.02.14 13:56:38 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2010.10.25 13:36:22 | 000,119,864 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.06.24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV:64bit: - [2009.07.30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.03.14 07:01:44 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.12 16:18:57 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 16:18:36 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.02.12 16:18:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.10.25 13:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 18:46:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 18:46:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.08 04:41:45 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.10.26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.24 00:55:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.12.24 00:55:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.07 08:24:08 | 000,023,576 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdfaxio.sys -- (HPFXFAX) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.03 04:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM) DRV:64bit: - [2010.06.08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.11.27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.11.06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.11.01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.10.26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006.11.01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{B8D77453-5A9E-49E8-9E9C-AF7BE1DB4521}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0B0EyCtB0CzztBtBtByDtN0D0Tzu0StBzyyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1398799176 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0E5F7F46-6763-E015-844C-3CC3AF6CEB53}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKLM\..\SearchScopes\{B8D77453-5A9E-49E8-9E9C-AF7BE1DB4521}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0B0EyCtB0CzztBtBtByDtN0D0Tzu0StBzyyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1398799176 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu.com/fts IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\..\SearchScopes\{0283B4E8-67AE-4F2C-881D-E5826C6A5EC5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=3e40563e-b8b6-4ed6-82e8-6a56d9f56ec3&apn_sauid=1C557B1C-5661-4DD2-A704-A7B9F9E884E5 IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\..\SearchScopes\{0E5F7F46-6763-E015-844C-3CC3AF6CEB53}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE505DE505 IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\..\SearchScopes\{B8D77453-5A9E-49E8-9E9C-AF7BE1DB4521}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE505DE505 IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\..\SearchScopes\{E6D62FB0-C88E-4BE3-89D4-04901AE7A714}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020&SSPV=IEOB13 IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 169.254.1.1 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: langpack-de%40firefox.mozilla.org:19.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 19:25:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.16 13:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\Extensions [2013.03.24 16:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\Firefox\Profiles\jhq1p98b.default\extensions [2013.03.24 16:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\Firefox\Profiles\qo5rx7n7.default\extensions [2012.11.04 21:50:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\oggi12\AppData\Roaming\mozilla\Firefox\Profiles\qo5rx7n7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.03.09 19:26:18 | 000,306,394 | ---- | M] () (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\firefox\profiles\jhq1p98b.default\extensions\langpack-de@firefox.mozilla.org.xpi [2012.12.12 14:37:31 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\firefox\profiles\jhq1p98b.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.24 16:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.09 19:25:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.10.22 10:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2013.03.09 19:25:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 02:05:38 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml [2012.10.11 02:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.20 19:24:00 | 000,001,453 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml [2013.01.20 19:24:00 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2013.03.09 19:25:24 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml [2012.10.11 02:05:38 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml [2012.10.11 02:05:38 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\oggi12\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\oggi12\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\.DEFAULT..\Run: [Video Performer63659.exe] C:\Windows\TEMP\Video Performer63659.exe () O4 - HKU\S-1-5-18..\Run: [Video Performer63659.exe] C:\Windows\TEMP\Video Performer63659.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000..\Run: [Akamai NetSession Interface] C:\Users\oggi12\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\oggi12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\oggi12\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\oggi12\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\oggi12\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DEA4C0F-F285-4426-8A09-C2EE1EBAA625}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1999.09.03 20:51:52 | 000,193,536 | R--- | M] () - F:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [1998.10.26 07:04:46 | 000,000,049 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{9c0d671d-119a-11e2-89cc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9c0d671d-119a-11e2-89cc-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [1999.09.03 20:51:52 | 000,193,536 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.03.24 16:33:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.24 16:32:52 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.24 16:06:22 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\oggi12\Desktop\JRT.exe [2013.03.23 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\oggi12\AppData\Local\{2C0B7FFC-953F-4954-8D9A-63782923AB68} [2013.03.23 15:58:50 | 000,000,000 | ---D | C] -- C:\Users\oggi12\AppData\Roaming\Windows Live Writer [2013.03.23 15:58:50 | 000,000,000 | ---D | C] -- C:\Users\oggi12\AppData\Local\Windows Live Writer [2013.03.21 00:37:05 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.13 20:49:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 20:49:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 20:49:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 20:49:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 20:49:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 20:49:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 20:49:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.13 20:49:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.13 20:49:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.13 20:49:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.13 20:49:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.13 20:49:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 20:49:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.13 20:49:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.13 20:49:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.28 03:11:59 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 03:11:59 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 03:11:58 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 03:11:58 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 03:11:56 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 03:11:56 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 03:11:53 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 03:11:53 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 03:11:53 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 03:11:53 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 03:11:53 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 03:11:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 03:11:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 03:11:53 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 03:11:53 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 03:11:52 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 03:11:52 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 03:11:51 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 03:11:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 03:11:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 03:11:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 03:11:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 03:11:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 03:11:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 03:11:49 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 03:11:49 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 03:11:49 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 03:11:49 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 03:11:48 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 03:11:48 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 03:11:48 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 03:11:48 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 03:11:48 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 03:11:47 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.28 03:11:47 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 03:11:47 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.28 03:11:47 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll ========== Files - Modified Within 30 Days ========== [2013.03.24 17:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.24 16:34:25 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 16:34:25 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 16:31:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.24 16:26:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.24 16:25:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.24 16:25:52 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys [2013.03.24 16:06:29 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\oggi12\Desktop\JRT.exe [2013.03.24 16:00:28 | 000,609,993 | ---- | M] () -- C:\Users\oggi12\Desktop\adwcleaner.exe [2013.03.23 18:43:49 | 000,001,501 | ---- | M] () -- C:\Users\oggi12\Desktop\gmer_2.1.19155.exe - Verknüpfung.lnk [2013.03.23 18:21:28 | 000,001,409 | ---- | M] () -- C:\Users\oggi12\Desktop\dds+.exe - Verknüpfung.lnk [2013.03.23 13:08:51 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.23 13:08:51 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.23 13:08:51 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.23 13:08:51 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.23 13:08:51 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.23 02:19:19 | 000,001,392 | ---- | M] () -- C:\Users\oggi12\Desktop\OTL - Verknüpfung.lnk [2013.03.23 02:11:12 | 000,001,040 | ---- | M] () -- C:\Users\oggi12\Desktop\Defogger - Verknüpfung.lnk [2013.03.17 23:45:05 | 000,199,346 | ---- | M] () -- C:\temp.raw [2013.03.14 07:01:43 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.14 07:01:43 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.03.24 16:00:21 | 000,609,993 | ---- | C] () -- C:\Users\oggi12\Desktop\adwcleaner.exe [2013.03.23 18:31:06 | 000,001,501 | ---- | C] () -- C:\Users\oggi12\Desktop\gmer_2.1.19155.exe - Verknüpfung.lnk [2013.03.23 18:21:28 | 000,001,409 | ---- | C] () -- C:\Users\oggi12\Desktop\dds+.exe - Verknüpfung.lnk [2013.03.23 02:17:08 | 000,001,392 | ---- | C] () -- C:\Users\oggi12\Desktop\OTL - Verknüpfung.lnk [2013.03.23 02:10:13 | 000,001,040 | ---- | C] () -- C:\Users\oggi12\Desktop\Defogger - Verknüpfung.lnk [2012.10.28 22:08:34 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI [2012.10.24 08:19:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.10.22 08:26:34 | 000,292,911 | ---- | C] () -- C:\Users\oggi12\AppData\Local\speeddial.crx [2012.06.20 15:58:04 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.06.20 15:58:04 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2012.06.20 15:58:04 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2012.06.20 15:58:04 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.06.20 15:58:03 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.12.24 10:17:33 | 005,050,402 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-23 21:12:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\oggi12\AppData\Local\Temp\kwtyipod.sys
---- User code sections - GMER 2.1 ----
.text C:\Users\oggi12\AppData\Local\Akamai\netsession_win.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075581465 2 bytes [58, 75]
.text C:\Users\oggi12\AppData\Local\Akamai\netsession_win.exe[3256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755814bb 2 bytes [58, 75]
.text ... * 2
.text C:\Users\oggi12\AppData\Roaming\Dropbox\bin\Dropbox.exe[3356] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075581465 2 bytes [58, 75]
.text C:\Users\oggi12\AppData\Roaming\Dropbox\bin\Dropbox.exe[3356] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000755814bb 2 bytes [58, 75]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075581465 2 bytes [58, 75]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755814bb 2 bytes [58, 75]
.text ... * 2
.text C:\Users\oggi12\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075581465 2 bytes [58, 75]
.text C:\Users\oggi12\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755814bb 2 bytes [58, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075581465 2 bytes [58, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755814bb 2 bytes [58, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{729577DD-D244-4668-BF5D-1C2E05475F33}\Connection@Name isatap.{580EEA23-95D1-491C-8731-24EAAEF92CB9}
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca94be62c8
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{729577DD-D244-4668-BF5D-1C2E05475F33}@InterfaceName isatap.{580EEA23-95D1-491C-8731-24EAAEF92CB9}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{729577DD-D244-4668-BF5D-1C2E05475F33}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca94be62c8 (not active ControlSet)
---- EOF - GMER 2.1 ----
Gruß... |
|
25.03.2013, 14:19
| #6 |
| /// TB-Ausbilder | Trojaner Savings Sidekick und Incredibar auf meinem Laptop Servus, du hast alles richtig gemacht.  So geht es weiter: Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes\{B8D77453-5A9E-49E8-9E9C-AF7BE1DB4521}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0B0EyCtB0CzztBtBtByDtN0D0Tzu0StBzyyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1398799176
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{B8D77453-5A9E-49E8-9E9C-AF7BE1DB4521}: "URL" = hxxp://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0B0EyCtB0CzztBtBtByDtN0D0Tzu0StBzyyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1398799176
IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found
IE - HKU\S-1-5-21-1491957711-1346489856-3561057297-1000\..\SearchScopes\{E6D62FB0-C88E-4BE3-89D4-04901AE7A714}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020&SSPV=IEOB13
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
[2012.10.22 10:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\oggi12\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\oggi12\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [Video Performer63659.exe] C:\Windows\TEMP\Video Performer63659.exe ()
O4 - HKU\S-1-5-18..\Run: [Video Performer63659.exe] C:\Windows\TEMP\Video Performer63659.exe ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\oggi12\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\oggi12\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
:commands
[Emptytemp]
Schritt 2 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Schritt 3 Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
Gibt es noch Probleme mit Savings Sidekick oder Incredibar? Wenn ja, in welchem Browser tritt das Problem noch auf? Bitte poste mit deiner nächsten Antwort
|
|
26.03.2013, 00:31
| #7 |
| | Trojaner Savings Sidekick und Incredibar auf meinem Laptop Hi, hier die Logdateien: OTL: Code:
ATTFilter OTL logfile created on: 25.03.2013 23:44:43 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oggi12\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 65,50% Memory free 7,60 Gb Paging File | 6,14 Gb Available in Paging File | 80,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 463,76 Gb Total Space | 417,57 Gb Free Space | 90,04% Space Free | Partition Type: NTFS Drive F: | 666,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: CHRISTIAN | User Name: oggi12 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.23 02:16:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oggi12\Downloads\OTL.exe PRC - [2013.02.12 16:18:57 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 16:18:36 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.02.12 16:18:33 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.12 16:18:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\oggi12\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\oggi12\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.09.25 13:25:34 | 000,102,528 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe PRC - [2009.11.01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.10.09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009.10.08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2009.07.08 20:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe ========== Modules (No Company Name) ========== MOD - [2013.02.15 22:21:24 | 000,117,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeskUpdateNotifier\bb8aedfc8cb3fec4d0b2fa2ab4f9e66d\DeskUpdateNotifier.ni.exe MOD - [2013.02.15 00:22:34 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll MOD - [2013.01.11 20:01:05 | 000,766,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\652daef54b944f4e81ac562d639d0112\log4net.ni.dll MOD - [2013.01.10 06:47:39 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.10 06:47:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.10 06:47:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll MOD - [2013.01.10 06:47:17 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.10 06:47:11 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.06.24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV:64bit: - [2009.07.30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.03.14 07:01:44 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.12 16:18:57 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 16:18:36 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.02.12 16:18:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.10.25 13:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 18:46:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 18:46:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.08 04:41:45 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.10.26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.24 00:55:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.12.24 00:55:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.07 08:24:08 | 000,023,576 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdfaxio.sys -- (HPFXFAX) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.03 04:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM) DRV:64bit: - [2010.06.08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.11.27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.11.06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.11.01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.10.26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006.11.01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0E5F7F46-6763-E015-844C-3CC3AF6CEB53}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu.com/fts IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0283B4E8-67AE-4F2C-881D-E5826C6A5EC5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=3e40563e-b8b6-4ed6-82e8-6a56d9f56ec3&apn_sauid=1C557B1C-5661-4DD2-A704-A7B9F9E884E5 IE - HKCU\..\SearchScopes\{0E5F7F46-6763-E015-844C-3CC3AF6CEB53}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE505DE505 IE - HKCU\..\SearchScopes\{B8D77453-5A9E-49E8-9E9C-AF7BE1DB4521}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE505DE505 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 169.254.1.1 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: langpack-de%40firefox.mozilla.org:19.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 19:25:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.16 13:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\Extensions [2013.03.24 16:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\Firefox\Profiles\jhq1p98b.default\extensions [2013.03.24 16:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\Firefox\Profiles\qo5rx7n7.default\extensions [2012.11.04 21:50:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\oggi12\AppData\Roaming\mozilla\Firefox\Profiles\qo5rx7n7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.03.09 19:26:18 | 000,306,394 | ---- | M] () (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\firefox\profiles\jhq1p98b.default\extensions\langpack-de@firefox.mozilla.org.xpi [2012.12.12 14:37:31 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\firefox\profiles\jhq1p98b.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.25 23:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.09 19:25:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 02:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.09 19:25:24 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\oggi12\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - Startup: C:\Users\oggi12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\oggi12\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DEA4C0F-F285-4426-8A09-C2EE1EBAA625}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1999.09.03 20:51:52 | 000,193,536 | R--- | M] () - F:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [1998.10.26 07:04:46 | 000,000,049 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{9c0d671d-119a-11e2-89cc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9c0d671d-119a-11e2-89cc-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [1999.09.03 20:51:52 | 000,193,536 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.25 23:30:52 | 000,000,000 | ---D | C] -- C:\_OTL [2013.03.24 18:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.03.24 18:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.03.24 16:33:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.24 16:32:52 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.24 16:06:22 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\oggi12\Desktop\JRT.exe [2013.03.23 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\oggi12\AppData\Local\{2C0B7FFC-953F-4954-8D9A-63782923AB68} [2013.03.23 15:58:50 | 000,000,000 | ---D | C] -- C:\Users\oggi12\AppData\Roaming\Windows Live Writer [2013.03.23 15:58:50 | 000,000,000 | ---D | C] -- C:\Users\oggi12\AppData\Local\Windows Live Writer [2013.03.21 00:37:05 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.13 20:49:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 20:49:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 20:49:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 20:49:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 20:49:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 20:49:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 20:49:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.13 20:49:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.13 20:49:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.13 20:49:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.13 20:49:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.13 20:49:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 20:49:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.13 20:49:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.13 20:49:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.28 03:11:59 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 03:11:59 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 03:11:58 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 03:11:58 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 03:11:56 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 03:11:56 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 03:11:53 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 03:11:53 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 03:11:53 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 03:11:53 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 03:11:53 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 03:11:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 03:11:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 03:11:53 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 03:11:53 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 03:11:52 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 03:11:52 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 03:11:51 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 03:11:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 03:11:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 03:11:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 03:11:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 03:11:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 03:11:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 03:11:49 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 03:11:49 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 03:11:49 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 03:11:49 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 03:11:48 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 03:11:48 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 03:11:48 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 03:11:48 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 03:11:48 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 03:11:47 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.28 03:11:47 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 03:11:47 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.28 03:11:47 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll ========== Files - Modified Within 30 Days ========== [2013.03.25 23:44:36 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.25 23:44:36 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.25 23:37:14 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.25 23:36:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.25 23:36:53 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys [2013.03.25 23:31:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.25 23:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.24 16:06:29 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\oggi12\Desktop\JRT.exe [2013.03.24 16:00:28 | 000,609,993 | ---- | M] () -- C:\Users\oggi12\Desktop\adwcleaner.exe [2013.03.23 18:43:49 | 000,001,501 | ---- | M] () -- C:\Users\oggi12\Desktop\gmer_2.1.19155.exe - Verknüpfung.lnk [2013.03.23 18:21:28 | 000,001,409 | ---- | M] () -- C:\Users\oggi12\Desktop\dds+.exe - Verknüpfung.lnk [2013.03.23 13:08:51 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.23 13:08:51 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.23 13:08:51 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.23 13:08:51 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.23 13:08:51 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.23 02:19:19 | 000,001,392 | ---- | M] () -- C:\Users\oggi12\Desktop\OTL - Verknüpfung.lnk [2013.03.23 02:11:12 | 000,001,040 | ---- | M] () -- C:\Users\oggi12\Desktop\Defogger - Verknüpfung.lnk [2013.03.17 23:45:05 | 000,199,346 | ---- | M] () -- C:\temp.raw [2013.03.14 07:01:43 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.14 07:01:43 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.03.24 16:00:21 | 000,609,993 | ---- | C] () -- C:\Users\oggi12\Desktop\adwcleaner.exe [2013.03.23 18:31:06 | 000,001,501 | ---- | C] () -- C:\Users\oggi12\Desktop\gmer_2.1.19155.exe - Verknüpfung.lnk [2013.03.23 18:21:28 | 000,001,409 | ---- | C] () -- C:\Users\oggi12\Desktop\dds+.exe - Verknüpfung.lnk [2013.03.23 02:17:08 | 000,001,392 | ---- | C] () -- C:\Users\oggi12\Desktop\OTL - Verknüpfung.lnk [2013.03.23 02:10:13 | 000,001,040 | ---- | C] () -- C:\Users\oggi12\Desktop\Defogger - Verknüpfung.lnk [2012.10.28 22:08:34 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI [2012.10.24 08:19:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.10.22 08:26:34 | 000,292,911 | ---- | C] () -- C:\Users\oggi12\AppData\Local\speeddial.crx [2012.06.20 15:58:04 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.06.20 15:58:04 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2012.06.20 15:58:04 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2012.06.20 15:58:04 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.06.20 15:58:03 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.12.24 10:17:33 | 005,050,402 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.03.2013 23:44:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oggi12\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 65,50% Memory free
7,60 Gb Paging File | 6,14 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463,76 Gb Total Space | 417,57 Gb Free Space | 90,04% Space Free | Partition Type: NTFS
Drive F: | 666,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: CHRISTIAN | User Name: oggi12 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024F34B1-AD54-4706-839D-065F57D56374}" = rport=138 | protocol=17 | dir=out | app=system |
"{06033770-9C0D-42E1-8E28-97EA45A908C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{0A88E970-ADAC-441D-85AB-8A982E11D899}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10259613-C893-49DE-A9D2-84A025100C0A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{13316379-92AC-42A4-B62C-7C284B4FB6EA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1556E003-1895-4A58-962C-A022D051F93C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{15F29540-55C1-4760-A473-9604DE697BE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23AA44B9-524D-473E-9216-2C177B7A636A}" = rport=139 | protocol=6 | dir=out | app=system |
"{29AE824D-127F-46F5-A791-F15CA443F45B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36A2A689-7EE9-4706-AB7F-241058D344C4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{37A237F3-495F-4ABA-AB00-2F7CEF4F140F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4722E79D-4800-49E3-872A-9703CB9BB7C6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4853FB26-3608-428F-903C-A2AC59E45BDF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BF3839D-D035-4DB9-9676-D4C8D67CE41C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E625E4E-84E0-4C6D-99B9-003D11531235}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53DB27DC-427F-4A95-A351-FBDC2B24445D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55DB6E79-A2FC-4520-9CD6-F0F7B9B8B183}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F17159B-72F7-407D-B501-6ACCD8ED804B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{732BE41D-1DE5-482C-865C-113E9EE2F2BB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{74248603-69B2-4796-8364-1874925A0ECD}" = rport=137 | protocol=17 | dir=out | app=system |
"{74F99F03-F6A3-4131-8CE6-F6E0ED4F3051}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7D254AEB-B3D4-4464-87B1-28236BAAB92E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80FC9CBB-FAE0-4BAD-A3CC-E5029D409499}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83EBED7B-BD64-43DC-BEB0-FF0A5316F7AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DBFED5D-DF17-49E0-AE36-BC1CC6362E66}" = lport=445 | protocol=6 | dir=in | app=system |
"{90CD6330-7624-4B2F-AC8F-926C45674F0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0206860-A90E-4659-9CAD-6D41CD6FA758}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A681D934-829E-4A56-81D7-D4D895C6AE62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A73D2E3D-5162-4B92-8298-B149FE8F84AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAF80EB3-B565-45FA-A3F2-91744D4F1214}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B0ABCF33-E89A-4731-B864-800C31A93AAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1286CD8-448B-4428-AAF1-372544721FB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6FD58CC-074E-462D-9D8A-1D5A2BBB29C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{B81E80D7-847F-4DBF-A482-9B529D1C8670}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB7D9B1B-8A1A-4BCE-9C24-03D88B895EF2}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFF474AF-01F0-4AFA-AB1D-C72C5F81253E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6E515A4-B4F1-4621-B24D-6BDEB6E343AC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F351F410-8339-4278-84D5-265E653B2D97}" = lport=137 | protocol=17 | dir=in | app=system |
"{F3E7D306-3E46-401A-9AAF-4F2A663004C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF85AB31-6E7F-442F-AAB4-41713B8B3F57}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF95FC4F-D35F-41F7-8021-313FE0E667AC}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBF7B14-4979-472F-AEB0-E3CF5696CFD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A94C3D4-65E4-4E7A-B905-9D9374402A96}" = dir=out | app=c:\windows\syswow64\dmwu.exe |
"{1C45A7A3-C95E-4774-90A0-76CF018E212A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1E47D1A1-4E75-457E-88D3-D0D6D653678A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B274FAC-D993-4900-BB7D-B26610B661C6}" = protocol=6 | dir=out | app=system |
"{2DFF78AD-D441-41FE-A975-11B3BBA1A295}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{33C07739-4590-484F-BA36-41CA0C1586D5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{38A6FD9C-2583-44A1-A3E2-9CA59596148D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{48F767A1-BA52-40FD-B2ED-02125AA6C4AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48FC2D4D-DB21-4C79-A9A3-FA7C23E7DFD4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52628E78-2B65-408F-9E7F-EAD3D0FD7CA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52E323EB-CFE2-4925-89A8-1DD0D002F87D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{591DF078-42E3-45C2-B88E-AC15EC96E2D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6155BC94-683E-40ED-8011-F6738C8E4D6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{68D10EDF-40E7-4E1B-9BDC-85AA700542A6}" = dir=in | app=c:\windows\syswow64\dmwu.exe |
"{71316601-2B01-4F99-B412-85203FCDB6A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8561E9C3-3CE1-46B1-997E-CC7667FA9959}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8B84DD6-BAC5-4E80-82AF-6D85B927A2DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B254B33E-36F5-4434-BB4D-AA76F52885AB}" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{B990D5CD-2AD1-4206-8082-0901FACEA3F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C03C8618-C361-46AC-AE1A-5474825D174E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C29911C8-AAF1-4279-8E68-509B9A9A0BF4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CFE045D3-E7E3-4E57-BDF0-9A0B9ACC7F83}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D99AAB7A-E3A2-408B-AEAA-2652E6092BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAFDD18A-F206-4FE9-B4DE-710587416FCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBE4E04A-5D21-4F88-B76F-00450EB662CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0E11AED-14AD-4A61-B3D6-7C32AE8E8A5A}" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3FECD60-6740-4792-8D0A-0DFC15E851BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4B39B73-E22C-43DA-A42C-5966F5C0A317}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB0E62E5-CD55-4E22-92F5-321775F4F86A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{2B639A0C-3DC9-431D-AABC-9FD3E7A4FEAE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B80433A4-F5E1-4D1A-BB1F-486269F136BE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C290B398-FDC1-45CD-922E-5D48001E95FD}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{66EB7395-587B-4499-B94D-76FF953EBE32}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BB9F2080-C372-48C6-8074-DADEBB55CDA8}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F0EBC862-DF9D-48EF-888A-8F479C75D96E}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{128AF653-6E81-4525-BE84-43C297A35F28}_is1" = Object Fix Zip
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22FE3793-5961-4ADE-AE66-69D9291C22B1}" = HPLaserJetHelp_LearnCenter
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Avira AntiVir Desktop" = Avira Free Antivirus
"DeskUpdate_is1" = DeskUpdate
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Lula 3D - Demo" = Lula 3D - Demo
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SagaGamesHotelManager2_is1" = Hotel-Manager
"VideoPerformer" = VideoPerformer
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Updater
"Akamai" = Akamai NetSession Interface
"CT2625848" = DVDVideoSoftTB DE Toolbar
"Dropbox" = Dropbox
"Mozilla Firefox Packages" = Mozilla Firefox Packages
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.03.2013 12:22:52 | Computer Name = christian | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.15.599.0,
Zeitstempel: 0x4cc5ee57 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x680 Startzeit der fehlerhaften Anwendung: 0x01ce2974ee622f9b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 3d57f7da-9568-11e2-8164-e0ca94be62c8
Error - 25.03.2013 12:24:03 | Computer Name = christian | Source = WinMgmt | ID = 10
Description =
Error - 25.03.2013 18:37:28 | Computer Name = christian | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.15.599.0,
Zeitstempel: 0x4cc5ee57 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x650 Startzeit der fehlerhaften Anwendung: 0x01ce29a9468a20d7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 9215178c-959c-11e2-a3d4-e0ca94be62c8
Error - 25.03.2013 18:38:46 | Computer Name = christian | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.03.2013 13:15:09 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 13:17:22 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 13:41:40 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:21:39 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:23:51 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:42:04 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:44:10 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:48:35 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 18:37:32 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 18:37:40 | Computer Name = christian | Source = Service Control Manager | ID = 7034
Description = Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 25.03.2013 23:44:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oggi12\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 65,50% Memory free
7,60 Gb Paging File | 6,14 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463,76 Gb Total Space | 417,57 Gb Free Space | 90,04% Space Free | Partition Type: NTFS
Drive F: | 666,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: CHRISTIAN | User Name: oggi12 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024F34B1-AD54-4706-839D-065F57D56374}" = rport=138 | protocol=17 | dir=out | app=system |
"{06033770-9C0D-42E1-8E28-97EA45A908C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{0A88E970-ADAC-441D-85AB-8A982E11D899}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10259613-C893-49DE-A9D2-84A025100C0A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{13316379-92AC-42A4-B62C-7C284B4FB6EA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1556E003-1895-4A58-962C-A022D051F93C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{15F29540-55C1-4760-A473-9604DE697BE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23AA44B9-524D-473E-9216-2C177B7A636A}" = rport=139 | protocol=6 | dir=out | app=system |
"{29AE824D-127F-46F5-A791-F15CA443F45B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36A2A689-7EE9-4706-AB7F-241058D344C4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{37A237F3-495F-4ABA-AB00-2F7CEF4F140F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4722E79D-4800-49E3-872A-9703CB9BB7C6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4853FB26-3608-428F-903C-A2AC59E45BDF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BF3839D-D035-4DB9-9676-D4C8D67CE41C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E625E4E-84E0-4C6D-99B9-003D11531235}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53DB27DC-427F-4A95-A351-FBDC2B24445D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55DB6E79-A2FC-4520-9CD6-F0F7B9B8B183}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F17159B-72F7-407D-B501-6ACCD8ED804B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{732BE41D-1DE5-482C-865C-113E9EE2F2BB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{74248603-69B2-4796-8364-1874925A0ECD}" = rport=137 | protocol=17 | dir=out | app=system |
"{74F99F03-F6A3-4131-8CE6-F6E0ED4F3051}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7D254AEB-B3D4-4464-87B1-28236BAAB92E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80FC9CBB-FAE0-4BAD-A3CC-E5029D409499}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83EBED7B-BD64-43DC-BEB0-FF0A5316F7AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DBFED5D-DF17-49E0-AE36-BC1CC6362E66}" = lport=445 | protocol=6 | dir=in | app=system |
"{90CD6330-7624-4B2F-AC8F-926C45674F0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0206860-A90E-4659-9CAD-6D41CD6FA758}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A681D934-829E-4A56-81D7-D4D895C6AE62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A73D2E3D-5162-4B92-8298-B149FE8F84AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAF80EB3-B565-45FA-A3F2-91744D4F1214}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B0ABCF33-E89A-4731-B864-800C31A93AAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1286CD8-448B-4428-AAF1-372544721FB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6FD58CC-074E-462D-9D8A-1D5A2BBB29C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{B81E80D7-847F-4DBF-A482-9B529D1C8670}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB7D9B1B-8A1A-4BCE-9C24-03D88B895EF2}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFF474AF-01F0-4AFA-AB1D-C72C5F81253E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6E515A4-B4F1-4621-B24D-6BDEB6E343AC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F351F410-8339-4278-84D5-265E653B2D97}" = lport=137 | protocol=17 | dir=in | app=system |
"{F3E7D306-3E46-401A-9AAF-4F2A663004C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF85AB31-6E7F-442F-AAB4-41713B8B3F57}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF95FC4F-D35F-41F7-8021-313FE0E667AC}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBF7B14-4979-472F-AEB0-E3CF5696CFD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A94C3D4-65E4-4E7A-B905-9D9374402A96}" = dir=out | app=c:\windows\syswow64\dmwu.exe |
"{1C45A7A3-C95E-4774-90A0-76CF018E212A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1E47D1A1-4E75-457E-88D3-D0D6D653678A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B274FAC-D993-4900-BB7D-B26610B661C6}" = protocol=6 | dir=out | app=system |
"{2DFF78AD-D441-41FE-A975-11B3BBA1A295}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{33C07739-4590-484F-BA36-41CA0C1586D5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{38A6FD9C-2583-44A1-A3E2-9CA59596148D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{48F767A1-BA52-40FD-B2ED-02125AA6C4AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48FC2D4D-DB21-4C79-A9A3-FA7C23E7DFD4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52628E78-2B65-408F-9E7F-EAD3D0FD7CA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52E323EB-CFE2-4925-89A8-1DD0D002F87D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{591DF078-42E3-45C2-B88E-AC15EC96E2D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6155BC94-683E-40ED-8011-F6738C8E4D6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{68D10EDF-40E7-4E1B-9BDC-85AA700542A6}" = dir=in | app=c:\windows\syswow64\dmwu.exe |
"{71316601-2B01-4F99-B412-85203FCDB6A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8561E9C3-3CE1-46B1-997E-CC7667FA9959}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8B84DD6-BAC5-4E80-82AF-6D85B927A2DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B254B33E-36F5-4434-BB4D-AA76F52885AB}" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{B990D5CD-2AD1-4206-8082-0901FACEA3F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C03C8618-C361-46AC-AE1A-5474825D174E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C29911C8-AAF1-4279-8E68-509B9A9A0BF4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CFE045D3-E7E3-4E57-BDF0-9A0B9ACC7F83}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D99AAB7A-E3A2-408B-AEAA-2652E6092BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAFDD18A-F206-4FE9-B4DE-710587416FCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBE4E04A-5D21-4F88-B76F-00450EB662CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0E11AED-14AD-4A61-B3D6-7C32AE8E8A5A}" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3FECD60-6740-4792-8D0A-0DFC15E851BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4B39B73-E22C-43DA-A42C-5966F5C0A317}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB0E62E5-CD55-4E22-92F5-321775F4F86A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{2B639A0C-3DC9-431D-AABC-9FD3E7A4FEAE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B80433A4-F5E1-4D1A-BB1F-486269F136BE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C290B398-FDC1-45CD-922E-5D48001E95FD}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{66EB7395-587B-4499-B94D-76FF953EBE32}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BB9F2080-C372-48C6-8074-DADEBB55CDA8}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F0EBC862-DF9D-48EF-888A-8F479C75D96E}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{128AF653-6E81-4525-BE84-43C297A35F28}_is1" = Object Fix Zip
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22FE3793-5961-4ADE-AE66-69D9291C22B1}" = HPLaserJetHelp_LearnCenter
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Avira AntiVir Desktop" = Avira Free Antivirus
"DeskUpdate_is1" = DeskUpdate
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Lula 3D - Demo" = Lula 3D - Demo
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SagaGamesHotelManager2_is1" = Hotel-Manager
"VideoPerformer" = VideoPerformer
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Updater
"Akamai" = Akamai NetSession Interface
"CT2625848" = DVDVideoSoftTB DE Toolbar
"Dropbox" = Dropbox
"Mozilla Firefox Packages" = Mozilla Firefox Packages
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.03.2013 12:22:52 | Computer Name = christian | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.15.599.0,
Zeitstempel: 0x4cc5ee57 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x680 Startzeit der fehlerhaften Anwendung: 0x01ce2974ee622f9b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 3d57f7da-9568-11e2-8164-e0ca94be62c8
Error - 25.03.2013 12:24:03 | Computer Name = christian | Source = WinMgmt | ID = 10
Description =
Error - 25.03.2013 18:37:28 | Computer Name = christian | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.15.599.0,
Zeitstempel: 0x4cc5ee57 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x650 Startzeit der fehlerhaften Anwendung: 0x01ce29a9468a20d7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 9215178c-959c-11e2-a3d4-e0ca94be62c8
Error - 25.03.2013 18:38:46 | Computer Name = christian | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.03.2013 13:15:09 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 13:17:22 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 13:41:40 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:21:39 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:23:51 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:42:04 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:44:10 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:48:35 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 18:37:32 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 18:37:40 | Computer Name = christian | Source = Service Control Manager | ID = 7034
Description = Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 23:58 on 25/03/2013 by oggi12
Administrator - Elevation successful
Invalid Context: folderfind*
No Context: Ashampoo_DE*
No Context: Conduit*
No Context: file scout*
No Context: Savings Sidekick*
No Context: Babylon*
No Context: IBUpdater*
No Context: Minibar*
No Context: incredibar*
No Context: PriceGong*
No Context: crossrider*
No Context: PerformerSoft*
========== regfind ==========
Searching for "Ashampoo_DE"
No data found.
Searching for "Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.defaultSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.installId"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.searchAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.navigateToSearch"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.2625848a129894023611240511000000paramsGK1"="{"updateReqTime":1352761033278,"updateRespTime":1352761034241,"data":{"settings":{"icon":"hxxp://storage.conduit.com/48/262/CT2625848/images/634805391170633954_24PX.png","componentId":"129894023611240511","templateId":"b4b62798-c0fe-4e86-bf03-ada796889d1e"},"content":{"profileName":{"id":"profileName","type":"textbox","data":{"value":"hxxp://www.facebook.com/DVDVideoSoft.de"}},"displayFBIcon":{"id":"displayFBIcon","type":"checkbox","data":{"value":false}}}}}"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"text\\\">\\n \\n </fo
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"AutoUpdateUrl"="hxxp://autoupdate.toolbar.conduit-services.com/Update/EB_TOOLBAR_ID/EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"Server"="users.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"BrowserSearchURL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"PlatformType"="ConduitToolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"HomepageURL"="hxxp://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationId"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationType"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"CT2625848_Apps"="hxxp://conduitapps.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"InstalledSource_CT2625848"="hxxp://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"tbInfo_CT2625848"="hxxp://search.conduit.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"DisplayIcon"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"UninstallString"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E44BB13-2523-468b-BF51-58D5F52A84F6}]
"AppPath"="C:\Users\oggi12\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.defaultSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.installId"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.searchAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.navigateToSearch"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.2625848a129894023611240511000000paramsGK1"="{"updateReqTime":1352761033278,"updateRespTime":1352761034241,"data":{"settings":{"icon":"hxxp://storage.conduit.com/48/262/CT2625848/images/634805391170633954_24PX.png","componentId":"129894023611240511","templateId":"b4b62798-c0fe-4e86-bf03-ada796889d1e"},"content":{"profileName":{"id":"profileName","type":"textbox","data":{"value":"hxxp://www.facebook.com/DVDVideoSoft.de"}},"displayFBIcon":{"id":"displayFBIcon","type":"checkbox","data":{"value":false}}}}}"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"tex
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"AutoUpdateUrl"="hxxp://autoupdate.toolbar.conduit-services.com/Update/EB_TOOLBAR_ID/EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"BrowserSearchURL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"PlatformType"="ConduitToolbar"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"HomepageURL"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationId"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationType"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"CT2625848_Apps"="hxxp://conduitapps.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"InstalledSource_CT2625848"="hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"tbInfo_CT2625848"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"DisplayIcon"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"UninstallString"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe toolbar"
Searching for "file scout"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\filescout\command]
@=""C:\Program Files (x86)\File Scout\filescout.exe" /sc "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
@=""C:\Program Files (x86)\File Scout\filescout.exe" /open "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
"fs_backup"=""C:\Program Files (x86)\File Scout\filescout.exe" /open "%1""
Searching for "Savings Sidekick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASMANCS]
Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
Searching for "IBUpdater"
[HKEY_USERS\.DEFAULT\Software\IBUpdaterService]
[HKEY_USERS\S-1-5-18\Software\IBUpdaterService]
Searching for "Minibar"
No data found.
Searching for "incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prdct"="incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prtnrid"="incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"tlbrsrchurl"="http%3A%2F%2Fmystart%2EIncredibar%2Ecom%2F%3Fa%3D6OyXbXirIg%26loc%3DIB%5FTB%26i%3D26%26search%3D"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_actvtyrpttime"="1357976111146"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_afterinstallrpt"="sent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d55114ab_0]
@="{0.0.0.00000000}.{7bf7051f-d29a-4f9b-88a1-d4a91c3e2dc5}|\Device\HarddiskVolume2\Users\oggi12\AppData\Local\Temp\incredibar_installer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com]
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar]
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prdct"="incredibar"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prtnrid"="incredibar"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"tlbrsrchurl"="http%3A%2F%2Fmystart%2EIncredibar%2Ecom%2F%3Fa%3D6OyXbXirIg%26loc%3DIB%5FTB%26i%3D26%26search%3D"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_actvtyrpttime"="1357976111146"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_afterinstallrpt"="sent"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d55114ab_0]
@="{0.0.0.00000000}.{7bf7051f-d29a-4f9b-88a1-d4a91c3e2dc5}|\Device\HarddiskVolume2\Users\oggi12\AppData\Local\Temp\incredibar_installer.exe%b{00000000-0000-0000-0000-000000000000}"
Searching for "PriceGong"
No data found.
Searching for "crossrider"
No data found.
Searching for "PerformerSoft"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPerformer]
"Publisher"="PerformerSoft LLC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPerformer]
"URLInfoAbout"="hxxp://performersoft.com/contact-us.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPerformer]
"HelpLink"="hxxp://performersoft.com/contact-us.php"
Searching for " "
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"text\\\">\\n \\n </fo
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"tex
-= EOF =-
Gelegentlich läuft der Lüfter noch recht hoch (hört sich jedenfalls so an) obwohl ich nix oder nur wenig mache! CPU-Auslastung wird mir dann aber nicht in der Symbolleiste angezeigt. Von daher wird die auch im grünen Bereich sein denke ich. Und jaaanz wichtig: Danke für Deine Hilfe bis hierhin. |
|
26.03.2013, 00:33
| #8 |
| | Trojaner Savings Sidekick und Incredibar auf meinem Laptop Hi, hier die Logdateien: OTL: Code:
ATTFilter OTL logfile created on: 25.03.2013 23:44:43 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oggi12\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 65,50% Memory free 7,60 Gb Paging File | 6,14 Gb Available in Paging File | 80,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 463,76 Gb Total Space | 417,57 Gb Free Space | 90,04% Space Free | Partition Type: NTFS Drive F: | 666,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: CHRISTIAN | User Name: oggi12 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.23 02:16:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oggi12\Downloads\OTL.exe PRC - [2013.02.12 16:18:57 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 16:18:36 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.02.12 16:18:33 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.12 16:18:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\oggi12\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\oggi12\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.09.25 13:25:34 | 000,102,528 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe PRC - [2009.11.01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.10.09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009.10.08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2009.07.08 20:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe ========== Modules (No Company Name) ========== MOD - [2013.02.15 22:21:24 | 000,117,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeskUpdateNotifier\bb8aedfc8cb3fec4d0b2fa2ab4f9e66d\DeskUpdateNotifier.ni.exe MOD - [2013.02.15 00:22:34 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll MOD - [2013.01.11 20:01:05 | 000,766,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\652daef54b944f4e81ac562d639d0112\log4net.ni.dll MOD - [2013.01.10 06:47:39 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.10 06:47:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.10 06:47:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll MOD - [2013.01.10 06:47:17 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.10 06:47:11 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.06.24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV:64bit: - [2009.07.30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.03.14 07:01:44 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.12 16:18:57 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 16:18:36 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.02.12 16:18:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.10.25 13:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 18:46:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 18:46:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.08 04:41:45 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.10.26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.24 00:55:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.12.24 00:55:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.07 08:24:08 | 000,023,576 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdfaxio.sys -- (HPFXFAX) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.03 04:06:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM) DRV:64bit: - [2010.06.08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.11.27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.11.06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.11.01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.10.26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006.11.01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0E5F7F46-6763-E015-844C-3CC3AF6CEB53}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu.com/fts IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0283B4E8-67AE-4F2C-881D-E5826C6A5EC5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=3e40563e-b8b6-4ed6-82e8-6a56d9f56ec3&apn_sauid=1C557B1C-5661-4DD2-A704-A7B9F9E884E5 IE - HKCU\..\SearchScopes\{0E5F7F46-6763-E015-844C-3CC3AF6CEB53}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE505DE505 IE - HKCU\..\SearchScopes\{B8D77453-5A9E-49E8-9E9C-AF7BE1DB4521}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE505DE505 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 169.254.1.1 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: langpack-de%40firefox.mozilla.org:19.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 19:25:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.16 13:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\Extensions [2013.03.24 16:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\Firefox\Profiles\jhq1p98b.default\extensions [2013.03.24 16:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\Firefox\Profiles\qo5rx7n7.default\extensions [2012.11.04 21:50:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\oggi12\AppData\Roaming\mozilla\Firefox\Profiles\qo5rx7n7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.03.09 19:26:18 | 000,306,394 | ---- | M] () (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\firefox\profiles\jhq1p98b.default\extensions\langpack-de@firefox.mozilla.org.xpi [2012.12.12 14:37:31 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\oggi12\AppData\Roaming\mozilla\firefox\profiles\jhq1p98b.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.25 23:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.09 19:25:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 02:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.09 19:25:24 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\oggi12\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - Startup: C:\Users\oggi12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\oggi12\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DEA4C0F-F285-4426-8A09-C2EE1EBAA625}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1999.09.03 20:51:52 | 000,193,536 | R--- | M] () - F:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [1998.10.26 07:04:46 | 000,000,049 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{9c0d671d-119a-11e2-89cc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9c0d671d-119a-11e2-89cc-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [1999.09.03 20:51:52 | 000,193,536 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.25 23:30:52 | 000,000,000 | ---D | C] -- C:\_OTL [2013.03.24 18:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.03.24 18:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.03.24 16:33:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.24 16:32:52 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.24 16:06:22 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\oggi12\Desktop\JRT.exe [2013.03.23 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\oggi12\AppData\Local\{2C0B7FFC-953F-4954-8D9A-63782923AB68} [2013.03.23 15:58:50 | 000,000,000 | ---D | C] -- C:\Users\oggi12\AppData\Roaming\Windows Live Writer [2013.03.23 15:58:50 | 000,000,000 | ---D | C] -- C:\Users\oggi12\AppData\Local\Windows Live Writer [2013.03.21 00:37:05 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.13 20:49:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 20:49:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 20:49:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 20:49:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 20:49:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 20:49:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 20:49:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.13 20:49:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.13 20:49:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.13 20:49:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.13 20:49:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.13 20:49:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 20:49:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.13 20:49:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.13 20:49:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.28 03:11:59 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 03:11:59 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 03:11:58 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 03:11:58 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 03:11:56 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 03:11:56 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 03:11:53 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 03:11:53 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 03:11:53 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 03:11:53 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 03:11:53 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 03:11:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 03:11:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 03:11:53 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 03:11:53 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 03:11:52 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 03:11:52 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 03:11:51 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 03:11:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 03:11:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 03:11:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 03:11:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 03:11:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 03:11:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 03:11:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 03:11:49 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 03:11:49 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 03:11:49 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 03:11:49 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 03:11:48 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 03:11:48 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 03:11:48 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 03:11:48 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 03:11:48 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 03:11:47 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.28 03:11:47 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 03:11:47 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.28 03:11:47 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll ========== Files - Modified Within 30 Days ========== [2013.03.25 23:44:36 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.25 23:44:36 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.25 23:37:14 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.25 23:36:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.25 23:36:53 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys [2013.03.25 23:31:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.25 23:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.24 16:06:29 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\oggi12\Desktop\JRT.exe [2013.03.24 16:00:28 | 000,609,993 | ---- | M] () -- C:\Users\oggi12\Desktop\adwcleaner.exe [2013.03.23 18:43:49 | 000,001,501 | ---- | M] () -- C:\Users\oggi12\Desktop\gmer_2.1.19155.exe - Verknüpfung.lnk [2013.03.23 18:21:28 | 000,001,409 | ---- | M] () -- C:\Users\oggi12\Desktop\dds+.exe - Verknüpfung.lnk [2013.03.23 13:08:51 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.23 13:08:51 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.23 13:08:51 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.23 13:08:51 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.23 13:08:51 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.23 02:19:19 | 000,001,392 | ---- | M] () -- C:\Users\oggi12\Desktop\OTL - Verknüpfung.lnk [2013.03.23 02:11:12 | 000,001,040 | ---- | M] () -- C:\Users\oggi12\Desktop\Defogger - Verknüpfung.lnk [2013.03.17 23:45:05 | 000,199,346 | ---- | M] () -- C:\temp.raw [2013.03.14 07:01:43 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.14 07:01:43 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.03.24 16:00:21 | 000,609,993 | ---- | C] () -- C:\Users\oggi12\Desktop\adwcleaner.exe [2013.03.23 18:31:06 | 000,001,501 | ---- | C] () -- C:\Users\oggi12\Desktop\gmer_2.1.19155.exe - Verknüpfung.lnk [2013.03.23 18:21:28 | 000,001,409 | ---- | C] () -- C:\Users\oggi12\Desktop\dds+.exe - Verknüpfung.lnk [2013.03.23 02:17:08 | 000,001,392 | ---- | C] () -- C:\Users\oggi12\Desktop\OTL - Verknüpfung.lnk [2013.03.23 02:10:13 | 000,001,040 | ---- | C] () -- C:\Users\oggi12\Desktop\Defogger - Verknüpfung.lnk [2012.10.28 22:08:34 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI [2012.10.24 08:19:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.10.22 08:26:34 | 000,292,911 | ---- | C] () -- C:\Users\oggi12\AppData\Local\speeddial.crx [2012.06.20 15:58:04 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.06.20 15:58:04 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2012.06.20 15:58:04 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2012.06.20 15:58:04 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.06.20 15:58:03 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.12.24 10:17:33 | 005,050,402 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.03.2013 23:44:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oggi12\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 65,50% Memory free
7,60 Gb Paging File | 6,14 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463,76 Gb Total Space | 417,57 Gb Free Space | 90,04% Space Free | Partition Type: NTFS
Drive F: | 666,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: CHRISTIAN | User Name: oggi12 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024F34B1-AD54-4706-839D-065F57D56374}" = rport=138 | protocol=17 | dir=out | app=system |
"{06033770-9C0D-42E1-8E28-97EA45A908C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{0A88E970-ADAC-441D-85AB-8A982E11D899}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10259613-C893-49DE-A9D2-84A025100C0A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{13316379-92AC-42A4-B62C-7C284B4FB6EA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1556E003-1895-4A58-962C-A022D051F93C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{15F29540-55C1-4760-A473-9604DE697BE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23AA44B9-524D-473E-9216-2C177B7A636A}" = rport=139 | protocol=6 | dir=out | app=system |
"{29AE824D-127F-46F5-A791-F15CA443F45B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36A2A689-7EE9-4706-AB7F-241058D344C4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{37A237F3-495F-4ABA-AB00-2F7CEF4F140F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4722E79D-4800-49E3-872A-9703CB9BB7C6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4853FB26-3608-428F-903C-A2AC59E45BDF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BF3839D-D035-4DB9-9676-D4C8D67CE41C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E625E4E-84E0-4C6D-99B9-003D11531235}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53DB27DC-427F-4A95-A351-FBDC2B24445D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55DB6E79-A2FC-4520-9CD6-F0F7B9B8B183}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F17159B-72F7-407D-B501-6ACCD8ED804B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{732BE41D-1DE5-482C-865C-113E9EE2F2BB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{74248603-69B2-4796-8364-1874925A0ECD}" = rport=137 | protocol=17 | dir=out | app=system |
"{74F99F03-F6A3-4131-8CE6-F6E0ED4F3051}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7D254AEB-B3D4-4464-87B1-28236BAAB92E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80FC9CBB-FAE0-4BAD-A3CC-E5029D409499}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83EBED7B-BD64-43DC-BEB0-FF0A5316F7AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DBFED5D-DF17-49E0-AE36-BC1CC6362E66}" = lport=445 | protocol=6 | dir=in | app=system |
"{90CD6330-7624-4B2F-AC8F-926C45674F0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0206860-A90E-4659-9CAD-6D41CD6FA758}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A681D934-829E-4A56-81D7-D4D895C6AE62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A73D2E3D-5162-4B92-8298-B149FE8F84AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAF80EB3-B565-45FA-A3F2-91744D4F1214}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B0ABCF33-E89A-4731-B864-800C31A93AAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1286CD8-448B-4428-AAF1-372544721FB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6FD58CC-074E-462D-9D8A-1D5A2BBB29C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{B81E80D7-847F-4DBF-A482-9B529D1C8670}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB7D9B1B-8A1A-4BCE-9C24-03D88B895EF2}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFF474AF-01F0-4AFA-AB1D-C72C5F81253E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6E515A4-B4F1-4621-B24D-6BDEB6E343AC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F351F410-8339-4278-84D5-265E653B2D97}" = lport=137 | protocol=17 | dir=in | app=system |
"{F3E7D306-3E46-401A-9AAF-4F2A663004C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF85AB31-6E7F-442F-AAB4-41713B8B3F57}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF95FC4F-D35F-41F7-8021-313FE0E667AC}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBF7B14-4979-472F-AEB0-E3CF5696CFD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A94C3D4-65E4-4E7A-B905-9D9374402A96}" = dir=out | app=c:\windows\syswow64\dmwu.exe |
"{1C45A7A3-C95E-4774-90A0-76CF018E212A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1E47D1A1-4E75-457E-88D3-D0D6D653678A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B274FAC-D993-4900-BB7D-B26610B661C6}" = protocol=6 | dir=out | app=system |
"{2DFF78AD-D441-41FE-A975-11B3BBA1A295}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{33C07739-4590-484F-BA36-41CA0C1586D5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{38A6FD9C-2583-44A1-A3E2-9CA59596148D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{48F767A1-BA52-40FD-B2ED-02125AA6C4AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48FC2D4D-DB21-4C79-A9A3-FA7C23E7DFD4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52628E78-2B65-408F-9E7F-EAD3D0FD7CA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52E323EB-CFE2-4925-89A8-1DD0D002F87D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{591DF078-42E3-45C2-B88E-AC15EC96E2D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6155BC94-683E-40ED-8011-F6738C8E4D6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{68D10EDF-40E7-4E1B-9BDC-85AA700542A6}" = dir=in | app=c:\windows\syswow64\dmwu.exe |
"{71316601-2B01-4F99-B412-85203FCDB6A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8561E9C3-3CE1-46B1-997E-CC7667FA9959}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8B84DD6-BAC5-4E80-82AF-6D85B927A2DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B254B33E-36F5-4434-BB4D-AA76F52885AB}" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{B990D5CD-2AD1-4206-8082-0901FACEA3F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C03C8618-C361-46AC-AE1A-5474825D174E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C29911C8-AAF1-4279-8E68-509B9A9A0BF4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CFE045D3-E7E3-4E57-BDF0-9A0B9ACC7F83}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D99AAB7A-E3A2-408B-AEAA-2652E6092BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAFDD18A-F206-4FE9-B4DE-710587416FCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBE4E04A-5D21-4F88-B76F-00450EB662CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0E11AED-14AD-4A61-B3D6-7C32AE8E8A5A}" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3FECD60-6740-4792-8D0A-0DFC15E851BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4B39B73-E22C-43DA-A42C-5966F5C0A317}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB0E62E5-CD55-4E22-92F5-321775F4F86A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{2B639A0C-3DC9-431D-AABC-9FD3E7A4FEAE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B80433A4-F5E1-4D1A-BB1F-486269F136BE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C290B398-FDC1-45CD-922E-5D48001E95FD}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{66EB7395-587B-4499-B94D-76FF953EBE32}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BB9F2080-C372-48C6-8074-DADEBB55CDA8}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F0EBC862-DF9D-48EF-888A-8F479C75D96E}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{128AF653-6E81-4525-BE84-43C297A35F28}_is1" = Object Fix Zip
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22FE3793-5961-4ADE-AE66-69D9291C22B1}" = HPLaserJetHelp_LearnCenter
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Avira AntiVir Desktop" = Avira Free Antivirus
"DeskUpdate_is1" = DeskUpdate
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Lula 3D - Demo" = Lula 3D - Demo
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SagaGamesHotelManager2_is1" = Hotel-Manager
"VideoPerformer" = VideoPerformer
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Updater
"Akamai" = Akamai NetSession Interface
"CT2625848" = DVDVideoSoftTB DE Toolbar
"Dropbox" = Dropbox
"Mozilla Firefox Packages" = Mozilla Firefox Packages
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.03.2013 12:22:52 | Computer Name = christian | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.15.599.0,
Zeitstempel: 0x4cc5ee57 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x680 Startzeit der fehlerhaften Anwendung: 0x01ce2974ee622f9b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 3d57f7da-9568-11e2-8164-e0ca94be62c8
Error - 25.03.2013 12:24:03 | Computer Name = christian | Source = WinMgmt | ID = 10
Description =
Error - 25.03.2013 18:37:28 | Computer Name = christian | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.15.599.0,
Zeitstempel: 0x4cc5ee57 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x650 Startzeit der fehlerhaften Anwendung: 0x01ce29a9468a20d7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 9215178c-959c-11e2-a3d4-e0ca94be62c8
Error - 25.03.2013 18:38:46 | Computer Name = christian | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.03.2013 13:15:09 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 13:17:22 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 13:41:40 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:21:39 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:23:51 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:42:04 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:44:10 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:48:35 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 18:37:32 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 18:37:40 | Computer Name = christian | Source = Service Control Manager | ID = 7034
Description = Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 25.03.2013 23:44:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oggi12\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 65,50% Memory free
7,60 Gb Paging File | 6,14 Gb Available in Paging File | 80,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463,76 Gb Total Space | 417,57 Gb Free Space | 90,04% Space Free | Partition Type: NTFS
Drive F: | 666,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: CHRISTIAN | User Name: oggi12 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024F34B1-AD54-4706-839D-065F57D56374}" = rport=138 | protocol=17 | dir=out | app=system |
"{06033770-9C0D-42E1-8E28-97EA45A908C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{0A88E970-ADAC-441D-85AB-8A982E11D899}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10259613-C893-49DE-A9D2-84A025100C0A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{13316379-92AC-42A4-B62C-7C284B4FB6EA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1556E003-1895-4A58-962C-A022D051F93C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{15F29540-55C1-4760-A473-9604DE697BE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23AA44B9-524D-473E-9216-2C177B7A636A}" = rport=139 | protocol=6 | dir=out | app=system |
"{29AE824D-127F-46F5-A791-F15CA443F45B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36A2A689-7EE9-4706-AB7F-241058D344C4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{37A237F3-495F-4ABA-AB00-2F7CEF4F140F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4722E79D-4800-49E3-872A-9703CB9BB7C6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4853FB26-3608-428F-903C-A2AC59E45BDF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BF3839D-D035-4DB9-9676-D4C8D67CE41C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E625E4E-84E0-4C6D-99B9-003D11531235}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53DB27DC-427F-4A95-A351-FBDC2B24445D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55DB6E79-A2FC-4520-9CD6-F0F7B9B8B183}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F17159B-72F7-407D-B501-6ACCD8ED804B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{732BE41D-1DE5-482C-865C-113E9EE2F2BB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{74248603-69B2-4796-8364-1874925A0ECD}" = rport=137 | protocol=17 | dir=out | app=system |
"{74F99F03-F6A3-4131-8CE6-F6E0ED4F3051}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7D254AEB-B3D4-4464-87B1-28236BAAB92E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80FC9CBB-FAE0-4BAD-A3CC-E5029D409499}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83EBED7B-BD64-43DC-BEB0-FF0A5316F7AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DBFED5D-DF17-49E0-AE36-BC1CC6362E66}" = lport=445 | protocol=6 | dir=in | app=system |
"{90CD6330-7624-4B2F-AC8F-926C45674F0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0206860-A90E-4659-9CAD-6D41CD6FA758}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A681D934-829E-4A56-81D7-D4D895C6AE62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A73D2E3D-5162-4B92-8298-B149FE8F84AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAF80EB3-B565-45FA-A3F2-91744D4F1214}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B0ABCF33-E89A-4731-B864-800C31A93AAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1286CD8-448B-4428-AAF1-372544721FB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6FD58CC-074E-462D-9D8A-1D5A2BBB29C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{B81E80D7-847F-4DBF-A482-9B529D1C8670}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB7D9B1B-8A1A-4BCE-9C24-03D88B895EF2}" = lport=139 | protocol=6 | dir=in | app=system |
"{BFF474AF-01F0-4AFA-AB1D-C72C5F81253E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6E515A4-B4F1-4621-B24D-6BDEB6E343AC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F351F410-8339-4278-84D5-265E653B2D97}" = lport=137 | protocol=17 | dir=in | app=system |
"{F3E7D306-3E46-401A-9AAF-4F2A663004C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF85AB31-6E7F-442F-AAB4-41713B8B3F57}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF95FC4F-D35F-41F7-8021-313FE0E667AC}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBF7B14-4979-472F-AEB0-E3CF5696CFD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A94C3D4-65E4-4E7A-B905-9D9374402A96}" = dir=out | app=c:\windows\syswow64\dmwu.exe |
"{1C45A7A3-C95E-4774-90A0-76CF018E212A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1E47D1A1-4E75-457E-88D3-D0D6D653678A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B274FAC-D993-4900-BB7D-B26610B661C6}" = protocol=6 | dir=out | app=system |
"{2DFF78AD-D441-41FE-A975-11B3BBA1A295}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{33C07739-4590-484F-BA36-41CA0C1586D5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{38A6FD9C-2583-44A1-A3E2-9CA59596148D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{48F767A1-BA52-40FD-B2ED-02125AA6C4AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48FC2D4D-DB21-4C79-A9A3-FA7C23E7DFD4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52628E78-2B65-408F-9E7F-EAD3D0FD7CA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52E323EB-CFE2-4925-89A8-1DD0D002F87D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{591DF078-42E3-45C2-B88E-AC15EC96E2D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6155BC94-683E-40ED-8011-F6738C8E4D6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{68D10EDF-40E7-4E1B-9BDC-85AA700542A6}" = dir=in | app=c:\windows\syswow64\dmwu.exe |
"{71316601-2B01-4F99-B412-85203FCDB6A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8561E9C3-3CE1-46B1-997E-CC7667FA9959}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8B84DD6-BAC5-4E80-82AF-6D85B927A2DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B254B33E-36F5-4434-BB4D-AA76F52885AB}" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{B990D5CD-2AD1-4206-8082-0901FACEA3F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C03C8618-C361-46AC-AE1A-5474825D174E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C29911C8-AAF1-4279-8E68-509B9A9A0BF4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CFE045D3-E7E3-4E57-BDF0-9A0B9ACC7F83}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D99AAB7A-E3A2-408B-AEAA-2652E6092BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAFDD18A-F206-4FE9-B4DE-710587416FCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBE4E04A-5D21-4F88-B76F-00450EB662CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0E11AED-14AD-4A61-B3D6-7C32AE8E8A5A}" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3FECD60-6740-4792-8D0A-0DFC15E851BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4B39B73-E22C-43DA-A42C-5966F5C0A317}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB0E62E5-CD55-4E22-92F5-321775F4F86A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{2B639A0C-3DC9-431D-AABC-9FD3E7A4FEAE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B80433A4-F5E1-4D1A-BB1F-486269F136BE}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C290B398-FDC1-45CD-922E-5D48001E95FD}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{66EB7395-587B-4499-B94D-76FF953EBE32}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BB9F2080-C372-48C6-8074-DADEBB55CDA8}C:\users\oggi12\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F0EBC862-DF9D-48EF-888A-8F479C75D96E}C:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\oggi12\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{128AF653-6E81-4525-BE84-43C297A35F28}_is1" = Object Fix Zip
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22FE3793-5961-4ADE-AE66-69D9291C22B1}" = HPLaserJetHelp_LearnCenter
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Avira AntiVir Desktop" = Avira Free Antivirus
"DeskUpdate_is1" = DeskUpdate
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Lula 3D - Demo" = Lula 3D - Demo
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SagaGamesHotelManager2_is1" = Hotel-Manager
"VideoPerformer" = VideoPerformer
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Updater
"Akamai" = Akamai NetSession Interface
"CT2625848" = DVDVideoSoftTB DE Toolbar
"Dropbox" = Dropbox
"Mozilla Firefox Packages" = Mozilla Firefox Packages
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.03.2013 12:22:52 | Computer Name = christian | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.15.599.0,
Zeitstempel: 0x4cc5ee57 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x680 Startzeit der fehlerhaften Anwendung: 0x01ce2974ee622f9b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 3d57f7da-9568-11e2-8164-e0ca94be62c8
Error - 25.03.2013 12:24:03 | Computer Name = christian | Source = WinMgmt | ID = 10
Description =
Error - 25.03.2013 18:37:28 | Computer Name = christian | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 2.15.599.0,
Zeitstempel: 0x4cc5ee57 Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24,
Zeitstempel: 0x4c9685d0 Ausnahmecode: 0xc0000417 Fehleroffset: 0x000073bf ID des fehlerhaften
Prozesses: 0x650 Startzeit der fehlerhaften Anwendung: 0x01ce29a9468a20d7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\hppccompio.DLL Berichtskennung: 9215178c-959c-11e2-a3d4-e0ca94be62c8
Error - 25.03.2013 18:38:46 | Computer Name = christian | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.03.2013 13:15:09 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 13:17:22 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 13:41:40 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:21:39 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:23:51 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:42:04 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:44:10 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 14:48:35 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 18:37:32 | Computer Name = christian | Source = ipnathlp | ID = 31004
Description =
Error - 25.03.2013 18:37:40 | Computer Name = christian | Source = Service Control Manager | ID = 7034
Description = Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 23:58 on 25/03/2013 by oggi12
Administrator - Elevation successful
Invalid Context: folderfind*
No Context: Ashampoo_DE*
No Context: Conduit*
No Context: file scout*
No Context: Savings Sidekick*
No Context: Babylon*
No Context: IBUpdater*
No Context: Minibar*
No Context: incredibar*
No Context: PriceGong*
No Context: crossrider*
No Context: PerformerSoft*
========== regfind ==========
Searching for "Ashampoo_DE"
No data found.
Searching for "Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.defaultSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.installId"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.searchAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.navigateToSearch"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.2625848a129894023611240511000000paramsGK1"="{"updateReqTime":1352761033278,"updateRespTime":1352761034241,"data":{"settings":{"icon":"hxxp://storage.conduit.com/48/262/CT2625848/images/634805391170633954_24PX.png","componentId":"129894023611240511","templateId":"b4b62798-c0fe-4e86-bf03-ada796889d1e"},"content":{"profileName":{"id":"profileName","type":"textbox","data":{"value":"hxxp://www.facebook.com/DVDVideoSoft.de"}},"displayFBIcon":{"id":"displayFBIcon","type":"checkbox","data":{"value":false}}}}}"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"text\\\">\\n \\n </fo
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"AutoUpdateUrl"="hxxp://autoupdate.toolbar.conduit-services.com/Update/EB_TOOLBAR_ID/EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"Server"="users.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"BrowserSearchURL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"PlatformType"="ConduitToolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"HomepageURL"="hxxp://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationId"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationType"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"CT2625848_Apps"="hxxp://conduitapps.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"InstalledSource_CT2625848"="hxxp://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"tbInfo_CT2625848"="hxxp://search.conduit.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"DisplayIcon"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"UninstallString"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E44BB13-2523-468b-BF51-58D5F52A84F6}]
"AppPath"="C:\Users\oggi12\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.defaultSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.installId"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.searchAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.navigateToSearch"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.2625848a129894023611240511000000paramsGK1"="{"updateReqTime":1352761033278,"updateRespTime":1352761034241,"data":{"settings":{"icon":"hxxp://storage.conduit.com/48/262/CT2625848/images/634805391170633954_24PX.png","componentId":"129894023611240511","templateId":"b4b62798-c0fe-4e86-bf03-ada796889d1e"},"content":{"profileName":{"id":"profileName","type":"textbox","data":{"value":"hxxp://www.facebook.com/DVDVideoSoft.de"}},"displayFBIcon":{"id":"displayFBIcon","type":"checkbox","data":{"value":false}}}}}"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"tex
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"AutoUpdateUrl"="hxxp://autoupdate.toolbar.conduit-services.com/Update/EB_TOOLBAR_ID/EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"BrowserSearchURL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"PlatformType"="ConduitToolbar"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"HomepageURL"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationId"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationType"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"CT2625848_Apps"="hxxp://conduitapps.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"InstalledSource_CT2625848"="hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"tbInfo_CT2625848"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"DisplayIcon"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"UninstallString"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe toolbar"
Searching for "file scout"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\filescout\command]
@=""C:\Program Files (x86)\File Scout\filescout.exe" /sc "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
@=""C:\Program Files (x86)\File Scout\filescout.exe" /open "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
"fs_backup"=""C:\Program Files (x86)\File Scout\filescout.exe" /open "%1""
Searching for "Savings Sidekick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASMANCS]
Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
Searching for "IBUpdater"
[HKEY_USERS\.DEFAULT\Software\IBUpdaterService]
[HKEY_USERS\S-1-5-18\Software\IBUpdaterService]
Searching for "Minibar"
No data found.
Searching for "incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prdct"="incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prtnrid"="incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"tlbrsrchurl"="http%3A%2F%2Fmystart%2EIncredibar%2Ecom%2F%3Fa%3D6OyXbXirIg%26loc%3DIB%5FTB%26i%3D26%26search%3D"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_actvtyrpttime"="1357976111146"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_afterinstallrpt"="sent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d55114ab_0]
@="{0.0.0.00000000}.{7bf7051f-d29a-4f9b-88a1-d4a91c3e2dc5}|\Device\HarddiskVolume2\Users\oggi12\AppData\Local\Temp\incredibar_installer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com]
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar]
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prdct"="incredibar"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prtnrid"="incredibar"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"tlbrsrchurl"="http%3A%2F%2Fmystart%2EIncredibar%2Ecom%2F%3Fa%3D6OyXbXirIg%26loc%3DIB%5FTB%26i%3D26%26search%3D"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_actvtyrpttime"="1357976111146"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_afterinstallrpt"="sent"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d55114ab_0]
@="{0.0.0.00000000}.{7bf7051f-d29a-4f9b-88a1-d4a91c3e2dc5}|\Device\HarddiskVolume2\Users\oggi12\AppData\Local\Temp\incredibar_installer.exe%b{00000000-0000-0000-0000-000000000000}"
Searching for "PriceGong"
No data found.
Searching for "crossrider"
No data found.
Searching for "PerformerSoft"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPerformer]
"Publisher"="PerformerSoft LLC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPerformer]
"URLInfoAbout"="hxxp://performersoft.com/contact-us.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPerformer]
"HelpLink"="hxxp://performersoft.com/contact-us.php"
Searching for " "
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"text\\\">\\n \\n </fo
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"tex
-= EOF =-
|
|
26.03.2013, 00:36
| #9 |
| | Trojaner Savings Sidekick und Incredibar auf meinem Laptop Und nun noch die Antwort auf Deine Fragen: Bei den Plugins und Systemsteuerung>Programme sind Incredibar und Savings Sidekick nicht mehr zusehen. Firefox ist stabil, kein Absturz bis jetzt. Gelegentlich läuft der Lüfter noch recht hoch (hört sich jedenfalls so an) obwohl ich nix oder nur wenig mache! CPU-Auslastung wird mir dann aber nicht in der Symbolleiste angezeigt. Von daher wird die auch im grünen Bereich sein denke ich. Und jaaanz wichtig: Danke für Deine Hilfe bis hierhin. |
|
26.03.2013, 14:11
| #10 |
| /// TB-Ausbilder | Trojaner Savings Sidekick und Incredibar auf meinem Laptop Servus, SystemLook bitte nochmal ausführen, es war ein kleiner Fehler drinnen.
|
|
26.03.2013, 22:47
| #11 |
| | Trojaner Savings Sidekick und Incredibar auf meinem Laptop Jo, hier nochmal SystemLook: Code:
ATTFilter :folderfind
Ashampoo_DE*
Conduit*
file scout*
Savings Sidekick*
Babylon*
IBUpdater*
Minibar*
incredibar*
PriceGong*
crossrider*
PerformerSoft*
:regfind
Ashampoo_DE
Conduit
file scout
Savings Sidekick
Babylon
IBUpdater
Minibar
incredibar
PriceGong
crossrider
PerformerSoft
Ähhh sorry, datt war wohl falsch.... Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 22:40 on 26/03/2013 by oggi12
Administrator - Elevation successful
========== folderfind ==========
Searching for "Ashampoo_DE*"
No folders found.
Searching for "Conduit*"
No folders found.
Searching for "file scout*"
No folders found.
Searching for "Savings Sidekick*"
No folders found.
Searching for "Babylon*"
No folders found.
Searching for "IBUpdater*"
No folders found.
Searching for "Minibar*"
No folders found.
Searching for "incredibar*"
No folders found.
Searching for "PriceGong*"
No folders found.
Searching for "crossrider*"
No folders found.
Searching for "PerformerSoft*"
No folders found.
========== regfind ==========
Searching for "Ashampoo_DE"
No data found.
Searching for "Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.defaultSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.installId"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.searchAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.navigateToSearch"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.2625848a129894023611240511000000paramsGK1"="{"updateReqTime":1352761033278,"updateRespTime":1352761034241,"data":{"settings":{"icon":"hxxp://storage.conduit.com/48/262/CT2625848/images/634805391170633954_24PX.png","componentId":"129894023611240511","templateId":"b4b62798-c0fe-4e86-bf03-ada796889d1e"},"content":{"profileName":{"id":"profileName","type":"textbox","data":{"value":"hxxp://www.facebook.com/DVDVideoSoft.de"}},"displayFBIcon":{"id":"displayFBIcon","type":"checkbox","data":{"value":false}}}}}"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"text\\\">\\n \\n </fo
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"AutoUpdateUrl"="hxxp://autoupdate.toolbar.conduit-services.com/Update/EB_TOOLBAR_ID/EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"Server"="users.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"BrowserSearchURL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"PlatformType"="ConduitToolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"HomepageURL"="hxxp://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationId"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationType"="ConduitNSISIntegration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"CT2625848_Apps"="hxxp://conduitapps.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"InstalledSource_CT2625848"="hxxp://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"tbInfo_CT2625848"="hxxp://search.conduit.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"DisplayIcon"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"UninstallString"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E44BB13-2523-468b-BF51-58D5F52A84F6}]
"AppPath"="C:\Users\oggi12\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.defaultSearchUrl"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.installId"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.searchAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.navigateToSearch"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.2625848a129894023611240511000000paramsGK1"="{"updateReqTime":1352761033278,"updateRespTime":1352761034241,"data":{"settings":{"icon":"hxxp://storage.conduit.com/48/262/CT2625848/images/634805391170633954_24PX.png","componentId":"129894023611240511","templateId":"b4b62798-c0fe-4e86-bf03-ada796889d1e"},"content":{"profileName":{"id":"profileName","type":"textbox","data":{"value":"hxxp://www.facebook.com/DVDVideoSoft.de"}},"displayFBIcon":{"id":"displayFBIcon","type":"checkbox","data":{"value":false}}}}}"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"tex
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"AutoUpdateUrl"="hxxp://autoupdate.toolbar.conduit-services.com/Update/EB_TOOLBAR_ID/EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"SearchServerUrl"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"BrowserSearchURL"="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"PlatformType"="ConduitToolbar"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"HomepageURL"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationId"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"InstallationType"="ConduitNSISIntegration"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar]
"SocialDomains"="hxxp://apps.conduit.com; hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\Settings]
"SearchFromAddressUrl"="hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=MYSEARCHTERM&SSPV=IESB12"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"CT2625848_Apps"="hxxp://conduitapps.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"InstalledSource_CT2625848"="hxxp://social.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\toolbar\UninstallData\Cookies]
"tbInfo_CT2625848"="hxxp://search.conduit.com"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"DisplayIcon"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
"UninstallString"="C:\Users\oggi12\AppData\Local\Conduit\CT2625848\uninstall.exe toolbar"
Searching for "file scout"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\filescout\command]
@=""C:\Program Files (x86)\File Scout\filescout.exe" /sc "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
@=""C:\Program Files (x86)\File Scout\filescout.exe" /open "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
"fs_backup"=""C:\Program Files (x86)\File Scout\filescout.exe" /open "%1""
Searching for "Savings Sidekick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASMANCS]
Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
Searching for "IBUpdater"
[HKEY_USERS\.DEFAULT\Software\IBUpdaterService]
[HKEY_USERS\S-1-5-18\Software\IBUpdaterService]
Searching for "Minibar"
No data found.
Searching for "incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prdct"="incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prtnrid"="incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"tlbrsrchurl"="http%3A%2F%2Fmystart%2EIncredibar%2Ecom%2F%3Fa%3D6OyXbXirIg%26loc%3DIB%5FTB%26i%3D26%26search%3D"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_actvtyrpttime"="1357976111146"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_afterinstallrpt"="sent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d55114ab_0]
@="{0.0.0.00000000}.{7bf7051f-d29a-4f9b-88a1-d4a91c3e2dc5}|\Device\HarddiskVolume2\Users\oggi12\AppData\Local\Temp\incredibar_installer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com]
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar]
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prdct"="incredibar"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"prtnrid"="incredibar"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"tlbrsrchurl"="http%3A%2F%2Fmystart%2EIncredibar%2Ecom%2F%3Fa%3D6OyXbXirIg%26loc%3DIB%5FTB%26i%3D26%26search%3D"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_actvtyrpttime"="1357976111146"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\incredibar\iestrg]
"incredibar_afterinstallrpt"="sent"
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d55114ab_0]
@="{0.0.0.00000000}.{7bf7051f-d29a-4f9b-88a1-d4a91c3e2dc5}|\Device\HarddiskVolume2\Users\oggi12\AppData\Local\Temp\incredibar_installer.exe%b{00000000-0000-0000-0000-000000000000}"
Searching for "PriceGong"
No data found.
Searching for "crossrider"
No data found.
Searching for "PerformerSoft"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPerformer]
"Publisher"="PerformerSoft LLC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPerformer]
"URLInfoAbout"="hxxp://performersoft.com/contact-us.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoPerformer]
"HelpLink"="hxxp://performersoft.com/contact-us.php"
Searching for " "
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"text\\\">\\n \\n </fo
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_USERS\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\AppDataLow\Software\CT2625848\Repository]
"CT2625848.embeddedsData"="[{"appId":"129181467799155027","apiPermissions":{"crossDomainAjax":true,"getMainFrameTitle":true,"getMainFrameUrl":true,"getSearchTerm":true,"instantAlert":true,"jsInjection":true,"sslGranted":true},"onBeforeLoadData":"{\"view\":{\"html\":\"<table id=\\\"main\\\" class=\\\"mainwrapper\\\" cellSpacing=\\\"0\\\" cellPadding=\\\"0\\\">\\n <tbody><tr>\\n <!-- don't remove the width=\\\"100%\\\" bug in chrome the width become in px-->\\n <td style=\\\"background: rgb(255, 255, 255); width: 100%;\\\" id=\\\"textboxWrapper\\\" width=\\\"100%\\\">\\n <!-- take focuse in IE -->\\n \\n <form onsubmit=\\\"return false;\\\" action=\\\"#\\\">\\n \\n <input style=\\\"background: rgb(255, 255, 255); width: 100%; color: rgb(0, 0, 0); min-width: 137px; max-width: 358px;\\\" id=\\\"textbox\\\" value=\\\"\\\" type=\\\"tex
-= EOF =-
|
|
27.03.2013, 10:43
| #12 |
| /// TB-Ausbilder | Trojaner Savings Sidekick und Incredibar auf meinem Laptop Servus, gut gemacht!  Wir entfernen noch ein paar Reste und kontrollieren nochmal alles: Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848"=-
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E44BB13-2523-468b-BF51-58D5F52A84F6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASMANCS]
[-HKEY_USERS\.DEFAULT\Software\IBUpdaterService]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com]
:Commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
29.03.2013, 05:32
| #13 | |
| | Trojaner Savings Sidekick und Incredibar auf meinem LaptopZitat:
Und nun weiter mit: OTL: Code:
ATTFilter All processes killed
========== OTL ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\CT2625848 not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\CT2625848\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CT2625848\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E44BB13-2523-468b-BF51-58D5F52A84F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E44BB13-2523-468b-BF51-58D5F52A84F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Savings Sidekick-InternalInstaller_RASMANCS\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\IBUpdaterService\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1491957711-1346489856-3561057297-1000\Software\Incredibar.com\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Journal
User: oggi12
->Temp folder emptied: 2085 bytes
->Temporary Internet Files folder emptied: 147521 bytes
->FireFox cache emptied: 163426653 bytes
->Flash cache emptied: 2921 bytes
User: Public
User: RegBack
User: systemprofile
User: TxR
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13144 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1392 bytes
Total Files Cleaned = 156,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03272013_222609
Files\Folders moved on Reboot...
C:\Users\oggi12\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.27.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 oggi12 :: CHRISTIAN [Administrator] Schutz: Aktiviert 27.03.2013 22:45:34 mbam-log-2013-03-27 (22-45-34).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 229237 Laufzeit: 2 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6d9666cf86157e4e8915dd842472b0aa
# engine=13499
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-27 10:54:13
# local_time=2013-03-27 11:54:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 14137 16792456 84155 0
# compatibility_mode=5893 16776573 100 94 109214 116054703 0 0
# scanned=118064
# found=0
# cleaned=0
# scan_time=3179
Code:
ATTFilter Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Flash Player 11.6.602.180 Adobe Reader XI Mozilla Firefox (19.0.2) Google Chrome 21.0.1180.89 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
29.03.2013, 11:39
| #14 |
| /// TB-Ausbilder | Trojaner Savings Sidekick und Incredibar auf meinem Laptop Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Sofern verwendet, starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Schritt 3 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
31.03.2013, 19:49
| #15 |
| | Trojaner Savings Sidekick und Incredibar auf meinem Laptop Hallo...und frohe Ostern!!!!!!1 alles in arbeit soweit... macht es Sinn eine kostenpflichtige Antivirus-Software zu haben??? Habe schon mal überlegt statt Avira free, nen kostenpflichtigen Service von Avira zu nutzen. Kann sicher nicht nachteilig sein, doch warum zahlen, wenn ich nicht weiß was mir das bringt.... Oder genügt nun "AntiMalware"??? Danke für Deine Hilfe.... Ohne diese Seite wäre ich wohl ziemlich am A.... äh Ende.... |
|
| Themen zu Trojaner Savings Sidekick und Incredibar auf meinem Laptop |
| auslastung, avira, cpu, cpu auslastung, deaktiviert, extrem, firefox, gefunde, gmer, google, googlen, hoffe, hängt, infos, kurzer, laptop, manager, problem, reichen, seite, stürzt, systems, systemsteurung, troja, trojaner |
Textbox.
Linear-Darstellung
