Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
'TR/Symmi.21593.3' auf "http://reportingglan.com/gft.exe"

'TR/Symmi.21593.3' auf "http://reportingglan.com/gft.exe"


Log-Analyse und Auswertung: 'TR/Symmi.21593.3' auf "http://reportingglan.com/gft.exe"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Thema geschlossen
Alt 02.06.2013, 16:16   #1
Dck
 
'TR/Symmi.21593.3' auf "http://reportingglan.com/gft.exe" - Standard

'TR/Symmi.21593.3' auf "http://reportingglan.com/gft.exe"


'TR/Symmi.21593.3' auf "hxxp://reportingglan.com/gft.exe"

Hallo Board

Ich habe ein Problem mit o.g. Virus/Malware. Der Virenscanner blockiert den Zugriff regelmäßig, mal alle 10 Minuten, aber auch mal 4 x pro Minute. Ein Suchlauf (Vollständige Systemprüfung) ergab keine Funde. Firefox Cache habe ich geleert.

Win 7 ultimate, Firefox, Avira Free Antivirus

Das Logfile:
Ist zu groß. Habe ich als zip-File angehängt

Defogger ausgeführt, disabled

OTL ausgeführt. OTL.txt:
Code:
ATTFilter
OTL logfile created on: 02.06.2013 14:19:00 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dck\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 5,03 Gb Available Physical Memory | 62,91% Memory free
15,98 Gb Paging File | 13,22 Gb Available in Paging File | 82,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 42,29 Gb Free Space | 14,19% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 16,20 Gb Free Space | 1,74% Space Free | Partition Type: NTFS
Drive F: | 931,28 Gb Total Space | 520,93 Gb Free Space | 55,94% Space Free | Partition Type: FAT32
Drive G: | 1863,01 Gb Total Space | 858,12 Gb Free Space | 46,06% Space Free | Partition Type: NTFS
 
Computer Name: ALADINS-SPACE | User Name: Dck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.02 14:07:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dck\Downloads\OTL.exe
PRC - [2013.05.31 18:11:24 | 000,063,488 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Dck\AppData\Roaming\ie_util.exe
PRC - [2013.05.02 11:21:27 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.05.02 11:21:24 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.30 12:03:00 | 001,648,264 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013.03.28 09:56:18 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 09:55:55 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013.01.26 19:01:51 | 000,322,032 | ---- | M] (AVM Berlin) -- C:\Users\Dck\AppData\Local\Apps\2.0\KEBR3W6Q.3GD\NJ1GWATX.60O\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.02 18:33:47 | 000,291,840 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Dck\AppData\Roaming\Paraki\lido.exe
PRC - [2012.05.24 15:53:48 | 002,047,344 | ---- | M] (Palit Microsystems Ltd.) -- C:\Program Files (x86)\Thunder Master\THPanel.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.10.20 17:23:22 | 005,516,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
PRC - [2009.10.02 19:42:22 | 006,154,240 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009.08.19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009.03.09 09:38:40 | 001,032,192 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2004.12.17 09:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.15 18:31:27 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013.05.15 18:31:17 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013.05.15 18:31:13 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013.05.15 18:31:09 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013.05.15 18:31:07 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013.01.10 04:34:10 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.10 04:07:08 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.10 04:07:07 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 04:07:06 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.10 04:07:04 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.10 04:07:00 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.03.31 13:23:25 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.09.30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.08.28 17:05:52 | 001,412,608 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV\OcProfile.dll
MOD - [2009.08.27 19:41:46 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll
MOD - [2009.08.27 19:41:46 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\ASUSSERVICE.DLL
MOD - [2008.12.15 20:01:54 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV\TVOCLIB.DLL
MOD - [2008.12.10 20:27:56 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV\pngio.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.11.24 16:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.19 12:40:35 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 18:19:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.02 11:21:27 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.03.28 09:56:18 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 09:55:55 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.08.13 21:24:27 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2010.08.13 21:21:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.28 09:56:22 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.28 09:56:22 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.28 09:56:22 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.01.26 19:01:42 | 000,116,480 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaura.sys -- (avmaura)
DRV:64bit: - [2012.11.02 16:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.06 00:54:51 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011.08.17 10:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.08.17 10:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.08.17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.08.17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.08.17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.08.17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.04.16 21:24:34 | 000,027,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009.11.24 16:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.18 12:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.30 05:58:30 | 000,104,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B 68 A2 55 27 6F CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {382DEFE4-4EA9-4EE0-826E-7AA926AC9B3C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{149A2B07-12AA-4EC1-AA67-81186C472B0A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=9d81d83d-0142-4ac6-8476-ab4a842af8e4&apn_sauid=E397605B-AC7D-4E0C-9CFE-3620F10618B4
IE - HKCU\..\SearchScopes\{382DEFE4-4EA9-4EE0-826E-7AA926AC9B3C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{559CFE39-5301-4325-9A54-2527BE78EE8D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{FD8006DC-9FFC-44AC-BA05-CEF53EFE5C29}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6&ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.26.100015
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.19 12:40:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Dck\AppData\Roaming\Mozilla\Firefox\Profiles\7wnhb8ou.default\extensions\mail@shopping-preise.de
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.19 12:40:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.05 15:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dck\AppData\Roaming\mozilla\Extensions
[2013.05.29 09:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dck\AppData\Roaming\mozilla\Firefox\Profiles\7wnhb8ou.default\extensions
[2013.02.10 14:27:07 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Dck\AppData\Roaming\mozilla\Firefox\Profiles\7wnhb8ou.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2013.02.12 14:32:15 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\Dck\AppData\Roaming\mozilla\Firefox\Profiles\7wnhb8ou.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2013.05.29 09:29:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dck\AppData\Roaming\mozilla\Firefox\Profiles\7wnhb8ou.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.04.07 11:29:28 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Dck\AppData\Roaming\mozilla\Firefox\Profiles\7wnhb8ou.default\extensions\ich@maltegoetz.de
[2013.05.24 09:15:37 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Dck\AppData\Roaming\mozilla\Firefox\Profiles\7wnhb8ou.default\extensions\toolbar@ask.com
[2011.12.11 20:20:59 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.05.24 09:15:33 | 000,620,338 | ---- | M] () (No name found) -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\extensions\toolbar@web.de.xpi
[2011.12.05 15:13:29 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.05.24 09:15:37 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js
[2013.05.24 09:15:39 | 000,001,050 | ---- | M] () -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\searchplugins\11-suche-1.xml
[2013.05.24 09:15:39 | 000,001,050 | ---- | M] () -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\searchplugins\11-suche.xml
[2013.06.01 15:51:12 | 000,002,413 | ---- | M] () -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\searchplugins\askcom.xml
[2012.04.05 16:58:04 | 000,000,955 | ---- | M] () -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\searchplugins\conduit.xml
[2013.05.24 09:15:39 | 000,002,418 | ---- | M] () -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\searchplugins\englische-ergebnisse-1.xml
[2013.05.24 09:15:39 | 000,002,418 | ---- | M] () -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\searchplugins\englische-ergebnisse.xml
[2013.05.24 09:15:39 | 000,010,701 | ---- | M] () -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\searchplugins\gmx-suche-1.xml
[2013.05.24 09:15:39 | 000,010,701 | ---- | M] () -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\searchplugins\gmx-suche.xml
[2013.05.24 09:15:39 | 000,002,432 | ---- | M] () -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\searchplugins\lastminute-1.xml
[2013.05.24 09:15:39 | 000,002,432 | ---- | M] () -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\searchplugins\lastminute.xml
[2013.05.24 09:15:39 | 000,005,682 | ---- | M] () -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\searchplugins\webde-suche-1.xml
[2013.05.24 09:15:39 | 000,005,682 | ---- | M] () -- C:\Users\Dck\AppData\Roaming\mozilla\firefox\profiles\7wnhb8ou.default\searchplugins\webde-suche.xml
[2013.05.19 12:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.19 12:40:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.05.19 12:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.19 12:40:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=827316&p={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Avira Toolbar = C:\Users\Dck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.18.38078_0\
CHR - Extension: YouTube = C:\Users\Dck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Dck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Dck\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclefogcenncfmmekelnpgpehiglcjln\1.2.0_0\
CHR - Extension: Google Mail = C:\Users\Dck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2010.08.13 22:01:21 | 000,001,353 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (DownloadHelper Class) - {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} - C:\Programme\Common Files\Download Helper\DownloadHelperx64.dll (IE Download Helper)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (DownloadHelper Class) - {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} - C:\Program Files (x86)\Common Files\Download Helper\DownloadHelper.dll (IE Download Helper)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files (x86)\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files (x86)\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Dck\AppData\Local\Apps\2.0\KEBR3W6Q.3GD\NJ1GWATX.60O\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [Gootroufa] C:\Users\Dck\AppData\Roaming\Paraki\lido.exe (Sysinternals - www.sysinternals.com)
O4 - HKCU..\Run: [IExplorer Util] C:\Users\Dck\AppData\Roaming\ie_util.exe (Sysinternals - www.sysinternals.com)
O4 - HKCU..\Run: [THPanel] C:\Program Files (x86)\Thunder Master\THPanel.exe (Palit Microsystems Ltd.)
O4 - Startup: C:\Users\Dck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1DC2933-01EB-458F-ADD5-F294A817EDB0}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.16 03:24:36 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - Unable to obtain root file information for disk G:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.02 13:55:28 | 000,000,000 | ---D | C] -- C:\Users\Dck\Desktop\V
[2013.05.31 18:11:25 | 000,063,488 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Dck\AppData\Roaming\ie_util.exe
[2013.05.31 18:10:14 | 000,000,000 | ---D | C] -- C:\Users\Dck\AppData\Roaming\Utcyc
[2013.05.31 18:10:14 | 000,000,000 | ---D | C] -- C:\Users\Dck\AppData\Roaming\Tuynce
[2013.05.31 18:10:14 | 000,000,000 | ---D | C] -- C:\Users\Dck\AppData\Roaming\Paraki
[2013.05.28 19:09:40 | 000,000,000 | ---D | C] -- C:\Users\Dck\Desktop\TK 27052013
[2013.05.25 00:26:32 | 000,000,000 | ---D | C] -- C:\Users\Dck\Desktop\20130524 Schernsdorf
[2013.05.22 17:50:00 | 000,000,000 | ---D | C] -- C:\Users\Dck\Desktop\Neuer Ordner (2)
[2013.05.21 15:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2013.05.21 14:26:36 | 000,000,000 | ---D | C] -- C:\Users\Dck\Desktop\BB
[2013.05.19 12:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.02 14:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.02 14:06:19 | 000,000,000 | ---- | M] () -- C:\Users\Dck\defogger_reenable
[2013.06.02 14:03:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.02 13:22:53 | 061,870,887 | ---- | M] () -- C:\Users\Dck\Desktop\480P_600K_5936492.mp4
[2013.06.02 12:03:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.01 21:18:16 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 21:18:16 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 18:26:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.01 18:25:54 | 2140,495,871 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.31 23:59:03 | 001,522,262 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.31 23:59:03 | 000,662,314 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.31 23:59:03 | 000,624,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.31 23:59:03 | 000,133,316 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.31 23:59:03 | 000,109,706 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.31 18:12:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.05.31 18:11:24 | 000,063,488 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Dck\AppData\Roaming\ie_util.exe
[2013.05.31 18:03:00 | 017,723,394 | ---- | M] () -- C:\Users\Dck\Desktop\Chalee Tennison - Makin
[2013.05.28 19:09:00 | 000,025,600 | ---- | M] () -- C:\Users\Dck\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.28 14:11:25 | 020,218,538 | ---- | M] () -- C:\Users\Dck\Desktop\2012-09-04-642-HardSexTube-0077.mp4.mp4
[2013.05.28 13:02:05 | 169,563,553 | ---- | M] () -- C:\Users\Dck\Desktop\0459980.flv
[2013.05.27 16:10:09 | 023,055,877 | ---- | M] () -- C:\Users\Dck\Desktop\MICHELLE RYSER - All You Ever Do Is Bring Me Down (Albisgüet.mp4
[2013.05.21 15:14:42 | 097,426,492 | ---- | M] () -- C:\Users\Dck\Desktop\2 Galway Girls - Line Dance (Dance _ Teach).mp4
[2013.05.21 14:54:47 | 008,531,413 | ---- | M] () -- C:\Users\Dck\Desktop\Hard To Be A Lady - Line Dance (Dance _ Teach) (By Alison _ .mp4.MP3
[2013.05.21 14:48:06 | 027,504,914 | ---- | M] () -- C:\Users\Dck\Desktop\Hard To Be A Lady - Line Dance (Dance _ Teach) (By Alison _ .mp4
[2013.05.21 14:32:14 | 019,637,155 | ---- | M] () -- C:\Users\Dck\Desktop\1608564.flv
[2013.05.18 16:55:27 | 043,602,167 | ---- | M] () -- C:\Users\Dck\Desktop\8 Ball Aitken - Outback Booty Call.mp4
[2013.05.16 08:46:12 | 431,539,159 | ---- | M] () -- C:\Users\Dck\Desktop\Star Track 2013.mp4
[2013.05.15 23:39:57 | 003,077,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 17:46:06 | 037,700,033 | ---- | M] () -- C:\Users\Dck\Desktop\WCDF 2012 _ GER _ TEAM _ LARGE TROUPE _ Yvonne Zielonka Danc.flv
[2013.05.15 17:44:22 | 120,511,201 | ---- | M] () -- C:\Users\Dck\Desktop\O.Ö. Linedance Contest 2012.mp4
[2013.05.15 17:43:55 | 037,921,690 | ---- | M] () -- C:\Users\Dck\Desktop\Auftritt zum 50. Geburtstag.flv
[2013.05.15 17:36:08 | 014,192,698 | ---- | M] () -- C:\Users\Dck\Desktop\Linedance Vampire-Legenden.flv
[2013.05.15 17:33:49 | 024,081,386 | ---- | M] () -- C:\Users\Dck\Desktop\Berlin Open 2013 Teambattle Marlon _ Laura.flv
[2013.05.15 00:23:40 | 000,833,794 | ---- | M] () -- C:\Users\Dck\Desktop\008.gif
[2013.05.14 09:52:42 | 006,060,018 | ---- | M] () -- C:\Users\Dck\Desktop\Passenger - Let Her Go [All The Little Lights].mp3
[2013.05.14 09:52:42 | 005,470,037 | ---- | M] () -- C:\Users\Dck\Desktop\John McNicholl - Come On Dance.mp3
[2013.05.14 09:31:34 | 087,760,230 | ---- | M] () -- C:\Users\Dck\Desktop\John McNicholl - Come On Dance.mp4
[2013.05.14 09:27:01 | 006,790,084 | ---- | M] () -- C:\Users\Dck\Desktop\Passenger - Let Her Go [All The Little Lights].mp4
[2013.05.07 07:58:30 | 000,528,894 | ---- | M] () -- C:\Users\Dck\Desktop\tumblr_mltx66Zpwa1s9tujho1_1280.png
[2013.05.06 22:02:05 | 001,970,526 | ---- | M] () -- C:\Users\Dck\Desktop\41396_o2pearl_xx_galaxys4_video_818x460.flv
[2013.05.06 22:00:11 | 055,821,931 | ---- | M] () -- C:\Users\Dck\Desktop\video_84871.flv
[2013.05.06 21:59:33 | 029,411,965 | ---- | M] () -- C:\Users\Dck\Desktop\62673804.mp4
[2013.05.06 18:28:33 | 042,635,155 | ---- | M] () -- C:\Users\Dck\Desktop\DalaiLamasMantra.mp3
[2013.05.04 14:27:48 | 266,015,581 | ---- | M] () -- C:\Users\Dck\Desktop\Sherlock_Holmes_Der_Hund_von_Baskerville_1939_German_HQ_-_Yo.flv
[2013.05.03 15:13:43 | 018,018,909 | ---- | M] () -- C:\Users\Dck\Desktop\0102_Making_Of_720p.mp4
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.02 14:06:19 | 000,000,000 | ---- | C] () -- C:\Users\Dck\defogger_reenable
[2013.06.02 13:16:16 | 061,870,887 | ---- | C] () -- C:\Users\Dck\Desktop\480P_600K_5936492.mp4
[2013.05.31 17:58:14 | 017,723,394 | ---- | C] () -- C:\Users\Dck\Desktop\Chalee Tennison - Makin
[2013.05.28 14:11:25 | 020,218,538 | ---- | C] () -- C:\Users\Dck\Desktop\2012-09-04-642-HardSexTube-0077.mp4.mp4
[2013.05.28 12:43:03 | 169,563,553 | ---- | C] () -- C:\Users\Dck\Desktop\0459980.flv
[2013.05.27 16:09:52 | 023,055,877 | ---- | C] () -- C:\Users\Dck\Desktop\MICHELLE RYSER - All You Ever Do Is Bring Me Down (Albisgüet.mp4
[2013.05.21 23:04:58 | 008,783,620 | ---- | C] () -- C:\Users\Dck\Desktop\05 - Luke Bryan - I Don't Want This Night To End.mp3
[2013.05.21 15:13:31 | 097,426,492 | ---- | C] () -- C:\Users\Dck\Desktop\2 Galway Girls - Line Dance (Dance _ Teach).mp4
[2013.05.21 14:54:47 | 008,531,413 | ---- | C] () -- C:\Users\Dck\Desktop\Hard To Be A Lady - Line Dance (Dance _ Teach) (By Alison _ .mp4.MP3
[2013.05.21 14:47:41 | 027,504,914 | ---- | C] () -- C:\Users\Dck\Desktop\Hard To Be A Lady - Line Dance (Dance _ Teach) (By Alison _ .mp4
[2013.05.21 14:32:09 | 019,637,155 | ---- | C] () -- C:\Users\Dck\Desktop\1608564.flv
[2013.05.18 16:54:44 | 043,602,167 | ---- | C] () -- C:\Users\Dck\Desktop\8 Ball Aitken - Outback Booty Call.mp4
[2013.05.16 07:01:14 | 431,539,159 | ---- | C] () -- C:\Users\Dck\Desktop\Star Track 2013.mp4
[2013.05.15 17:40:01 | 037,700,033 | ---- | C] () -- C:\Users\Dck\Desktop\WCDF 2012 _ GER _ TEAM _ LARGE TROUPE _ Yvonne Zielonka Danc.flv
[2013.05.15 17:37:16 | 120,511,201 | ---- | C] () -- C:\Users\Dck\Desktop\O.Ö. Linedance Contest 2012.mp4
[2013.05.15 17:34:23 | 037,921,690 | ---- | C] () -- C:\Users\Dck\Desktop\Auftritt zum 50. Geburtstag.flv
[2013.05.15 17:30:44 | 024,081,386 | ---- | C] () -- C:\Users\Dck\Desktop\Berlin Open 2013 Teambattle Marlon _ Laura.flv
[2013.05.15 17:30:22 | 014,192,698 | ---- | C] () -- C:\Users\Dck\Desktop\Linedance Vampire-Legenden.flv
[2013.05.15 00:23:38 | 000,833,794 | ---- | C] () -- C:\Users\Dck\Desktop\008.gif
[2013.05.14 09:46:53 | 005,470,037 | ---- | C] () -- C:\Users\Dck\Desktop\John McNicholl - Come On Dance.mp3
[2013.05.14 09:43:57 | 006,060,018 | ---- | C] () -- C:\Users\Dck\Desktop\Passenger - Let Her Go [All The Little Lights].mp3
[2013.05.14 09:29:59 | 087,760,230 | ---- | C] () -- C:\Users\Dck\Desktop\John McNicholl - Come On Dance.mp4
[2013.05.14 09:26:53 | 006,790,084 | ---- | C] () -- C:\Users\Dck\Desktop\Passenger - Let Her Go [All The Little Lights].mp4
[2013.05.07 07:58:28 | 000,528,894 | ---- | C] () -- C:\Users\Dck\Desktop\tumblr_mltx66Zpwa1s9tujho1_1280.png
[2013.05.06 22:02:02 | 001,970,526 | ---- | C] () -- C:\Users\Dck\Desktop\41396_o2pearl_xx_galaxys4_video_818x460.flv
[2013.05.06 21:59:28 | 029,411,965 | ---- | C] () -- C:\Users\Dck\Desktop\62673804.mp4
[2013.05.06 21:59:20 | 055,821,931 | ---- | C] () -- C:\Users\Dck\Desktop\video_84871.flv
[2013.05.06 18:27:48 | 042,635,155 | ---- | C] () -- C:\Users\Dck\Desktop\DalaiLamasMantra.mp3
[2013.05.04 14:25:10 | 266,015,581 | ---- | C] () -- C:\Users\Dck\Desktop\Sherlock_Holmes_Der_Hund_von_Baskerville_1939_German_HQ_-_Yo.flv
[2013.05.03 15:13:39 | 018,018,909 | ---- | C] () -- C:\Users\Dck\Desktop\0102_Making_Of_720p.mp4
[2013.02.03 12:25:13 | 000,000,835 | ---- | C] () -- C:\Users\Dck\AppData\Roaming\Network Meter_Settings.ini
[2013.02.03 12:23:39 | 000,000,575 | ---- | C] () -- C:\Users\Dck\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012.12.20 22:24:23 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.22 14:45:50 | 000,007,593 | ---- | C] () -- C:\Users\Dck\AppData\Local\Resmon.ResmonCfg
[2012.10.21 17:29:29 | 004,031,406 | ---- | C] () -- C:\Users\Dck\Tasse Vorlage.cpr
[2012.09.18 15:19:23 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.06.08 08:06:44 | 000,017,408 | ---- | C] () -- C:\Users\Dck\AppData\Local\WebpageIcons.db
[2012.05.06 23:23:06 | 000,025,600 | ---- | C] () -- C:\Users\Dck\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.01 11:11:52 | 001,523,076 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.30 20:39:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.09 16:24:42 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.01.14 18:16:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.07.11 18:45:08 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\rgbacodec.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.30 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\Amazon
[2013.05.21 15:07:11 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\Audacity
[2012.04.30 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\Babylon
[2012.06.29 10:11:58 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\CD-LabelPrint
[2012.04.30 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\Dyitme
[2013.04.26 10:44:31 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\FileZilla
[2012.05.23 15:15:54 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\Foxit Software
[2012.04.30 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\FreeFLVConverter
[2012.04.30 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\GetRightToGo
[2012.04.30 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\IrfanView
[2012.04.30 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\KompoZer
[2012.04.30 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\kompozer.net
[2012.04.30 21:08:17 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\Lexware
[2013.02.12 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\mp3DirectCut
[2013.05.31 20:09:05 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\Mp3tag
[2012.04.30 21:08:39 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\OfficeRecovery
[2012.04.30 21:08:39 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\OpenOffice.org
[2013.05.31 18:10:14 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\Paraki
[2012.10.01 00:48:27 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\PC Suite
[2013.04.08 18:02:10 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\pdfforge
[2012.03.08 11:57:20 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\Sepuoni
[2013.05.31 18:10:14 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\Tuynce
[2013.06.02 14:18:35 | 000,000,000 | ---D | M] -- C:\Users\Dck\AppData\Roaming\Utcyc
 
========== Purity Check ==========
 
 

< End of report >
Wo finde ich die Extra.txt? Anmerkung: Ich hatte OTL 1 x gestartet, da war aber Firefox noch aktiv. Obenstehender Report ist erzeugt worden, nachdem ich Firefox beendet hatte und OTL beendet & neu gestartet hatte.

Gmer.txt: Ist zu groß. Habe ich als zip-File rangehängt.

Ist ja ein Haufen Zeugs. Ich hoffe, hier findet sich jemand, der mir helfen kann. Dank schonmal im Voraus.

Michael

Alt 02.06.2013, 16:21   #2
ryder
/// TB-Ausbilder
 
'TR/Symmi.21593.3' auf "http://reportingglan.com/gft.exe" - Standard

'TR/Symmi.21593.3' auf "http://reportingglan.com/gft.exe"


Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner Software benutzt wird, die nicht legal erworben wurde.

Supportstopp
Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.
Damit ist das Thema beendet.
__________________

__________________
Thema geschlossen

Themen zu 'TR/Symmi.21593.3' auf "http://reportingglan.com/gft.exe"
adobe, application/pdf:, autorun, avg, avira, avira searchfree toolbar, babylontoolbar, bho, blockiert, bonjour, cpu, desktop, error, explorer, firefox, flash player, format, free download, hängen, logfile, mozilla, plug-in, problem, realtek, registry, scan, security, senden, software, windows


« Skypevirus wie entfernen? | Google! Falsche Weiterleitung http://www.ihavenet.com »


Ähnliche Themen: 'TR/Symmi.21593.3' auf "http://reportingglan.com/gft.exe"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Windows 8.1: Bitdefender Fund "gen.variant.symmi.[NUMMER]" Kann nicht entfernt werden.
    Log-Analyse und Auswertung - 16.02.2014 (2)
  3. Tab mit "http://rvzr-a.akamaihd.net" öffnen sich im Browser
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (49)
  4. Ungwollte Startseite/Suchmaschine: " http://www.searchnu.com/413" - wie entferne ich das?
    Plagegeister aller Art und deren Bekämpfung - 13.12.2013 (11)
  5. häufig unerwünschte Werbung "http://static.icmapp.com/"
    Plagegeister aller Art und deren Bekämpfung - 11.12.2013 (11)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. Windows 7: "http://search.conduit.com/" in neuen Firefox-Tabs
    Log-Analyse und Auswertung - 06.08.2013 (11)
  8. "Http://reportingglan.com.gft.exe" Meldung von Avira nervt
    Log-Analyse und Auswertung - 27.06.2013 (18)
  9. Problem mit TR/Symmi.21593.3
    Log-Analyse und Auswertung - 02.06.2013 (9)
  10. Windows Vista, Firefox, "http://www.searchnu.com/406?tag=newtab"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (17)
  11. Startseite "http://www.searchnu.com/406" beim öffnen von Chrome
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (19)
  12. Trojaner an Board? "http://www.searchnu.com/410" , wie werde ich wieder los?
    Log-Analyse und Auswertung - 17.05.2012 (1)
  13. Norton meldet Zwischenfall: "HTTP Malicious Toolkit Variant Activity 13"
    Log-Analyse und Auswertung - 12.12.2010 (30)
  14. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  15. Spyware???Trojaner???"http://free-viruscan.com/id/4912933/4/1/"
    Mülltonne - 06.07.2008 (1)
  16. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema 'TR/Symmi.21593.3' auf "http://reportingglan.com/gft.exe" - 'TR/Symmi.21593.3' auf "hxxp://reportingglan.com/gft.exe" Hallo Board Ich habe ein Problem mit o.g. Virus/Malware. Der Virenscanner blockiert den Zugriff regelmäßig, mal alle 10 Minuten, aber auch mal 4 x pro Minute. Ein - 'TR/Symmi.21593.3' auf "http://reportingglan.com/gft.exe"...
Archiv
Du betrachtest: 'TR/Symmi.21593.3' auf "http://reportingglan.com/gft.exe" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130