| |
| |||||||
Log-Analyse und Auswertung: bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.06.2013, 08:34
| #1 |
 |  bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostet Hallo! Ich habe schon gesehen, dass ich nicht der einzige bin, bei dem sich im Firefox seit Kurzem verschiedene Seiten von allein öffnen. Ebenfalls gibt es "Wortverlinkungen", ich vermute, ich habe dasselbe Problem wie hier: IE & Firefox öffnen eigenständig Seiten hxxp://serve.bannersdontwork.com etc. Kann ich die gleichen Schritte einfach durchgehen? Ich vermute nicht. Bin auch relativ unbedarft, habe aber schonmal das OTL runtergeladen. Bevor ich etwas tue, warte ich auf Unterstützung. Vielen Dank für jegliche Hilfe! Hier sind die 2 Logfiles. Code:
ATTFilter OTL Extras logfile created on: 6/11/2013 9:13:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nutzer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5.93 Gb Total Physical Memory | 3.82 Gb Available Physical Memory | 64.31% Memory free
11.87 Gb Paging File | 9.73 Gb Available in Paging File | 81.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 138.99 Gb Total Space | 23.97 Gb Free Space | 17.25% Space Free | Partition Type: NTFS
Drive D: | 139.00 Gb Total Space | 73.77 Gb Free Space | 53.07% Space Free | Partition Type: NTFS
Computer Name: ROSWITHA-PC | User Name: Nutzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04394097-087F-43D5-B359-7EC89268F7BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{062BD1D7-A34E-49D5-A209-97E879C78EE0}" = lport=137 | protocol=17 | dir=in | app=system |
"{1E772A71-426A-410C-9988-638A013C56A4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24009017-B520-45A3-A0B3-4176845401B8}" = rport=137 | protocol=17 | dir=out | app=system |
"{29448E7D-0576-4C29-A991-D2DF72803B8D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E474B84-E0FF-48E4-BE4F-4DA58F6C82EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{3573617A-0FFA-4590-A6C1-B9EDD4FBD9F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36BC8B9B-5DC0-4667-8A93-099E9B85BB36}" = rport=10243 | protocol=6 | dir=out | app=system |
"{38AF08A1-C7A9-4905-AD33-0D19CB15D890}" = rport=139 | protocol=6 | dir=out | app=system |
"{43313ED1-C4D0-4619-AE58-2E880CBB3AE9}" = rport=138 | protocol=17 | dir=out | app=system |
"{46248717-393D-47B9-A3F1-14BBD866C14E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4AFF7588-7081-4131-BA33-8DF8BB3F54FF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51F6387A-8F04-49A6-A01D-5893785ADEB4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{53F058F4-E39E-478F-8160-12116C745705}" = lport=138 | protocol=17 | dir=in | app=system |
"{54B73F9A-CEE2-49A7-93B9-4D8A454F70BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{606E818E-C221-4B15-A68D-E86302D78D99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74301544-322C-454B-9B9C-B723910C7253}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{756A1D8A-FA96-4C2A-B816-69B791094D7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A142E722-6C8A-452A-8E2B-C7387D74115C}" = lport=445 | protocol=6 | dir=in | app=system |
"{C7B29E90-1162-409B-9CE1-1CCD31C58621}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D114F5AB-A766-4E39-A170-D3392D50DB85}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D890A92C-B506-44EE-8C1B-E4B222DEED4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DC4E5937-58A6-438A-9F83-41538101B082}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05679C7F-3EAB-44F6-B780-53446DFF951C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{07C94C37-7287-4156-8865-CB23D8589C80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{08CCE5AF-7FB1-4FF0-A718-D4D41DE4700D}" = dir=in | app=c:\program files (x86)\streaming audio recorder\streamingaudiorecorder.exe |
"{0ABF6C35-EFB4-4162-912C-E19022359E01}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{13B9C930-1F61-4634-A3C0-458E1F84D6EA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15C9466F-83D7-4F93-BDBC-D0FF57006121}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17A9C841-E1D5-4F83-A3B7-108605B0E9A6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A61B1FF-69FC-4DE6-B7D5-1707DF271CFA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{1A9529F9-99EA-43D1-8835-C24007EFB716}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{1B602A90-8E40-484B-A0A7-64265A275B72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D180166-EF6F-43E8-9684-0D33C074111A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3644A33A-F60E-49F4-9D32-4154CE3CAF54}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{3A90B581-4D7B-4932-85D6-1F5A5CA97553}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{3B8EC14E-F2E6-4E2C-A63C-BD79CF8A370C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{41492C3D-B907-4B46-80F0-659794CAAE5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54AC9B78-1CC3-43D2-B912-81C9BFC64A63}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{5B7426D4-1C28-401F-A375-B2CBA7863A3E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{5FC96555-844E-410E-80F3-5DF1C7BD53B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61B3C14B-36BC-4E4B-BA0E-CCC6AF02F5E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6DAD8BAB-C000-41E6-9534-F479A6A01E71}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{6F265F6E-89CA-4F3C-8651-A5EA8239D581}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{70A70281-32C1-42E5-926F-CC751D2DD586}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{78C55AEE-B5DE-4FE2-BFAC-9F3BB8D95E64}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{7FA4A873-D27A-4887-BCD5-5947FCDD1566}" = protocol=17 | dir=in | app=c:\users\nutzer\appdata\local\akamai\netsession_win.exe |
"{8385D540-EF3C-41AB-8D10-CC289D01C9EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D164232-D974-414C-B331-A36C4B185BEC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{8F122265-4F80-425C-8902-BFC2E336BBE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{90CE32AB-086E-459D-95AE-6BA60E428DB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{998033C4-E06B-4C53-8064-5E610C4BB938}" = dir=in | app=c:\program files (x86)\streaming audio recorder\streaming-audio-recorder.exe |
"{A239DD9C-852A-46B8-97A9-62E66A7E6A29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A736EBCA-C03C-4A4F-AAB9-B5198ECDE5B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A908C0D2-64F2-4DD7-B6B4-3634C12F9927}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{A94B9B89-C918-4D14-92D2-F2705180A24C}" = protocol=6 | dir=out | app=system |
"{ACF287DF-00DD-405F-94A5-059350A5FB2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B19A9EE7-D515-4501-8D0C-9230398E9247}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{B1C1978A-827F-45B8-B01D-75EA936F2060}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BA241CCC-31D1-4E64-B8A6-92F81DBCA60A}" = protocol=6 | dir=in | app=c:\users\nutzer\appdata\local\akamai\netsession_win.exe |
"{BFEDA17A-121C-44A2-858C-06F126F5E568}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C6526B92-89B9-42AB-B538-3DCB0AE7F988}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC2F6D1D-51A5-4D65-8721-D5D688B60B39}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{DC290689-2C9D-48EE-9797-35240BBE3910}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E9353043-31F1-4EC9-9E97-BA0D87AC9347}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{F32BD2E1-58A1-4C44-815C-5156A10995CD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{F450FE72-CCEA-438D-8D95-3F4E4CBEBB14}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{F7D37BF3-D9A8-4DFF-8FE1-2B60AD994CC0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{FAB953B6-67CF-4CF1-9D3D-761A731030D3}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{FCDEFEAA-828D-4201-8CFD-FBF5C5DBA8EC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"TCP Query User{08096E04-A366-4B6A-9BC0-97F4BE6212F8}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{0AF37E13-B46A-4AF6-9889-A3F701E4E6C8}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{0F07EFDB-F988-4A93-B633-2397357BC9F6}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{0FFC249F-0756-4F99-A285-6D3CBD4EF2BA}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{1037E8C6-F1BE-48F1-A7CA-899A95FD71E4}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{2104B66E-CFA4-4BB5-9B18-2D749DF53DBB}C:\program files (x86)\carcassonne ce\carcassonne.exe" = protocol=6 | dir=in | app=c:\program files (x86)\carcassonne ce\carcassonne.exe |
"TCP Query User{39C5333A-9164-415F-AC98-43BDBC51256C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{44A2FF92-C11E-4C02-8891-0D6C6DA64861}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{4DA918EB-A5D3-4ED2-966E-98E12284820C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{C43D34E5-12C7-4E2E-BC2E-BFECBFD98E7A}C:\users\nutzer\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nutzer\appdata\local\akamai\netsession_win.exe |
"TCP Query User{DF684BE9-1909-4425-970F-88B1EE092330}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{E318AF99-B443-4360-9CF4-5ABC6F420071}C:\program files (x86)\carcassonne ce\carcassonne.exe" = protocol=6 | dir=in | app=c:\program files (x86)\carcassonne ce\carcassonne.exe |
"UDP Query User{0846C862-3052-4BEE-A53C-13B83B64B949}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{113A6EBE-72C2-4CCE-AFB2-577B71DD7E03}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{3FFEFEAD-9897-4837-B72C-4A1A78681A34}C:\program files (x86)\carcassonne ce\carcassonne.exe" = protocol=17 | dir=in | app=c:\program files (x86)\carcassonne ce\carcassonne.exe |
"UDP Query User{4B71852B-437D-4379-9F5C-088E4F9B6F05}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{5E11A65B-FAC5-45AC-B4FF-50DD1946D561}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{6125B59B-ED76-4831-9D20-75B34DB6F5D3}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{7F92C0C7-0A46-4E05-94D3-4AC61BF96171}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{831F4F1A-178C-486A-A435-643276D7A4EE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{8D53B5FA-FA9A-4DFD-B1CD-CD68BA620221}C:\program files (x86)\carcassonne ce\carcassonne.exe" = protocol=17 | dir=in | app=c:\program files (x86)\carcassonne ce\carcassonne.exe |
"UDP Query User{A4202759-1601-4F11-84E9-EE4A806E0C03}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{A77E891D-36BE-47C3-8420-290AFCA71C86}C:\users\nutzer\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nutzer\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F661CCD0-6CB0-4E9B-9909-39F40366F2EF}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119EEB4B-F32F-4D71-B9C0-E42403F91C9A}" = AVG 2013
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A9614BE8-EDB6-4151-81F0-DF2B9F4D8ABE}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.7.0_WHQL
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383
"GIMP-2_is1" = GIMP 2.8.4
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Recuva" = Recuva
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{065F384A-5C64-4532-814A-A24BA5374503}" = WinDFT
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"American Audio DB Builder_is1" = American Audio DB Builder 2.7
"Audacity_is1" = Audacity 2.0.3
"AVG Secure Search" = AVG Security Toolbar
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"ElsterFormular" = ElsterFormular
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"FreeDoko" = FreeDoko 0.7.11
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"Hide and Seek_is1" = Hide and Seek version 1.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PhotoScape" = PhotoScape
"PokerTH 0.9.5" = PokerTH
"Some PDF to Word Converter_is1" = Some PDF to Word Converter 1.5
"Ticket To Ride 1.0" = Ticket To Ride 1.0
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WinX Free FLV to MP3 Converter_is1" = WinX Free FLV to MP3 Converter 2.0.6
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"Akamai" = Akamai NetSession Interface
"sc13-DE_MAIN" = Ski Challenge 13 (DE)
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/11/2013 6:10:04 PM | Computer Name = Roswitha-PC | Source = System Restore | ID = 8193
Description =
Error - 5/11/2013 6:10:04 PM | Computer Name = Roswitha-PC | Source = System Restore | ID = 8211
Description =
Error - 5/12/2013 6:00:21 PM | Computer Name = Roswitha-PC | Source = System Restore | ID = 8193
Description =
Error - 5/12/2013 6:00:21 PM | Computer Name = Roswitha-PC | Source = System Restore | ID = 8211
Description =
Error - 5/12/2013 9:26:08 PM | Computer Name = Roswitha-PC | Source = ESENT | ID = 482
Description = wuaueng.dll (1104) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb"
bei Offset 0 (0x0000000000000000) für 98304 (0x00018000) Bytes zu schreiben, ist
nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz
auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0)
bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise
beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
Error - 5/13/2013 6:18:20 PM | Computer Name = Roswitha-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FreeDoko.exe, Version: 0.0.0.0, Zeitstempel:
0x4eed8e83 Name des fehlerhaften Moduls: libgtkmm-2.4-1.dll, Version: 0.0.0.0, Zeitstempel:
0x436f11e0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000f5898 ID des fehlerhaften Prozesses:
0x280c Startzeit der fehlerhaften Anwendung: 0x01ce502656485e12 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\FreeDoko\FreeDoko.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\FreeDoko\libgtkmm-2.4-1.dll Berichtskennung: 041fb368-bc1b-11e2-967b-002454e344c5
Error - 5/14/2013 8:47:37 PM | Computer Name = Roswitha-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 5/22/2013 12:13:50 AM | Computer Name = Roswitha-PC | Source = ESENT | ID = 490
Description = wuaueng.dll (1080) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 5/22/2013 12:14:03 AM | Computer Name = Roswitha-PC | Source = ESENT | ID = 490
Description = wuaueng.dll (1080) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 5/22/2013 11:13:16 AM | Computer Name = Roswitha-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FreeDoko.exe, Version: 0.0.0.0, Zeitstempel:
0x4eed8e83 Name des fehlerhaften Moduls: libgtkmm-2.4-1.dll, Version: 0.0.0.0, Zeitstempel:
0x436f11e0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000f5898 ID des fehlerhaften Prozesses:
0x1134 Startzeit der fehlerhaften Anwendung: 0x01ce56f9f8b7c2e5 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\FreeDoko\FreeDoko.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\FreeDoko\libgtkmm-2.4-1.dll Berichtskennung: 20538fc1-c2f2-11e2-a67f-002454e344c5
[ System Events ]
Error - 5/17/2013 2:15:58 AM | Computer Name = Roswitha-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?05.?2013 um 08:11:55 unerwartet heruntergefahren.
Error - 5/18/2013 5:38:42 AM | Computer Name = Roswitha-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 5/18/2013 1:20:07 PM | Computer Name = Roswitha-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 5/20/2013 12:48:38 PM | Computer Name = Roswitha-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst WwanSvc erreicht.
Error - 5/22/2013 2:09:16 AM | Computer Name = Roswitha-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
auf Volume "C:" abgebrochen.
Error - 5/22/2013 5:19:01 AM | Computer Name = Roswitha-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 5/22/2013 8:28:46 AM | Computer Name = Roswitha-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 5/22/2013 9:07:09 AM | Computer Name = Roswitha-PC | Source = DCOM | ID = 10010
Description =
Error - 5/22/2013 9:07:18 AM | Computer Name = Roswitha-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 5/22/2013 9:18:29 AM | Computer Name = Roswitha-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
< End of report >
Code:
ATTFilter OTL logfile created on: 6/11/2013 9:13:15 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nutzer\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.93 Gb Total Physical Memory | 3.82 Gb Available Physical Memory | 64.31% Memory free 11.87 Gb Paging File | 9.73 Gb Available in Paging File | 81.96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 138.99 Gb Total Space | 23.97 Gb Free Space | 17.25% Space Free | Partition Type: NTFS Drive D: | 139.00 Gb Total Space | 73.77 Gb Free Space | 53.07% Space Free | Partition Type: NTFS Computer Name: ROSWITHA-PC | User Name: Nutzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nutzer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe (AVG Secure Search) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Users\Nutzer\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.) PRC - C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\winamp.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\vis_milk2.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\vis_avs.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\pmp_wifi.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\pmp_ipod.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ombrowser.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\pmp_android.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\out_ds.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_wire.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\pmp_usb.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\vis_nsfs.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\out_wave.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\tagz.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\out_disk.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\pmp_activesync.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\winampa.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\pmp_p4s.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\pmp_njb.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\playlist.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_local.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_disc.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_pmp.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_plg.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_mp3.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_mod.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_wm.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_online.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_playlists.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_nsv.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_vorbis.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_downloads.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_history.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_devices.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_transcode.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_autotag.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_wav.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_wave.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_rg.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_impex.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_bookmarks.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_mp4.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_enqplay.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_wv.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_orb.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_nowplaying.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\ml_addons.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_swf.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_jumpex_original.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_jumpex.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_classicart.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_ff.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_ml.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_midi.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_play_remove.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_cdda.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_skinmanager.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_hotkeys.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_undo.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_timerestore.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_nopro.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_tray.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_orgler.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_crasher.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_dshow.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\enc_wma.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_flac.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_avi.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_mkv.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\gen_find_on_disk.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\enc_wav.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\enc_vorbis.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_linein.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\in_flv.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\burnlib.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\dsp_sps.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\auth.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\enc_fhgaac.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\enc_lame.lng () MOD - C:\Users\Nutzer\AppData\Local\Temp\WLZ20B9.tmp\enc_flac.lng () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll () MOD - C:\Program Files (x86)\Winamp\System\xml.w5s () MOD - C:\Program Files (x86)\Winamp\System\png.w5s () MOD - C:\Program Files (x86)\Winamp\System\playlist.w5s () MOD - C:\Program Files (x86)\Winamp\tataki.dll () MOD - C:\Program Files (x86)\Winamp\zlib.dll () MOD - C:\Program Files (x86)\Winamp\System\timer.w5s () MOD - C:\Program Files (x86)\Winamp\System\tagz.w5s () MOD - C:\Program Files (x86)\Winamp\System\primo.w5s () MOD - C:\Program Files (x86)\Winamp\System\jnetlib.w5s () MOD - C:\Program Files (x86)\Winamp\System\auth.w5s () MOD - C:\Program Files (x86)\Winamp\System\jpeg.w5s () MOD - C:\Program Files (x86)\Winamp\System\devices.w5s () MOD - C:\Program Files (x86)\Winamp\System\albumart.w5s () MOD - C:\Program Files (x86)\Winamp\System\gif.w5s () MOD - C:\Program Files (x86)\Winamp\System\bmp.w5s () MOD - C:\Program Files (x86)\Winamp\System\dlmgr.w5s () MOD - C:\Program Files (x86)\Winamp\System\gracenote.w5s () MOD - C:\Program Files (x86)\Winamp\System\filereader.w5s () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_local.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_online.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\out_ds.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_history.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\out_disk.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\out_wave.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_wm.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_mod.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_midi.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_flac.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_flv.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_swf.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_wave.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_linein.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac () MOD - C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\in_avi.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll () MOD - C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll () MOD - C:\Program Files (x86)\Winamp\nsutil.dll () MOD - C:\Program Files (x86)\Winamp\libsndfile.dll () MOD - C:\Program Files (x86)\Winamp\libmp4v2.dll () MOD - C:\Program Files (x86)\Winamp\nde.dll () MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( ) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vToolbarUpdater15.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Akamai) -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_ca0e279.dll () SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxbk_device) -- C:\Windows\SysWOW64\lxbkcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (WsAudioDevice_383S(1) -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys (Wondershare) DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (sfvfs02) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology) DRV:64bit: - (sfdrv01) -- C:\Windows\SysNative\drivers\sfdrv01.sys (Protection Technology) DRV:64bit: - (sfhlp02) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology) DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={2340C2BE-5103-48D9-8903-8A118BB55850}&mid=6bd65bbfc15b47d0a506d16d1207ad36-cb9821c46167f8360e13f207154d234b23563c7d&lang=de&ds=od011&pr=sa&d=2012-07-16 19:39:25&v=12.2.5.32&sap=hp IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=12A518F46A3F81EB IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={2340C2BE-5103-48D9-8903-8A118BB55850}&mid=6bd65bbfc15b47d0a506d16d1207ad36-cb9821c46167f8360e13f207154d234b23563c7d&lang=de&ds=od011&pr=sa&d=2012-07-16 19:39:25&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{C141038D-EB3F-4719-9220-D1C7528F4F53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=158 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledAddons: morningCoffee%40shaneliesegang:1.35 FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0 FF - prefs.js..extensions.enabledAddons: periodicbrowsing%40masahal.info:0.8.1.1 FF - prefs.js..extensions.enabledAddons: unplug%40compunach:2.054 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~2\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013/05/21 12:56:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/22 18:40:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/05/21 12:02:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/22 18:40:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/05/21 12:02:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/07/13 00:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Extensions [2012/07/16 19:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2013/06/11 08:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions [2013/05/29 11:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Firefox\Profiles\roq1xq2y.default\extensions [2013/05/29 11:11:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Firefox\Profiles\roq1xq2y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013/04/07 13:38:25 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Firefox\Profiles\roq1xq2y.default\extensions\ich@maltegoetz.de [2013/03/26 18:46:57 | 000,126,560 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\customizable-shortcuts@timtaubert.de.xpi [2013/04/11 17:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\ftdownloader3@ftdownloader.com.xpi [2013/04/19 10:55:54 | 000,224,945 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\gophoto@gophoto.it.xpi [2012/08/16 07:55:52 | 000,107,019 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\morningCoffee@shaneliesegang.xpi [2013/03/20 17:33:59 | 000,052,715 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\periodicbrowsing@masahal.info.xpi [2013/04/02 03:19:15 | 000,142,907 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\unplug@compunach.xpi [2013/05/26 01:12:38 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012/12/23 14:23:28 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013/05/09 13:27:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/04/21 12:47:10 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013/04/04 12:30:10 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013/05/22 06:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/05/22 06:14:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/05/22 06:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013/05/22 06:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/05/22 06:14:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/09/21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll [2013/05/21 12:56:41 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2013/04/19 10:51:47 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe (AVG Secure Search) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Nutzer\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - Startup: C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk = C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64BCCFEF-BC9D-4DF7-A33E-7922E5F92A4E}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6bb2361c-5aaf-11e2-9025-002454e344c5}\Shell - "" = AutoRun O33 - MountPoints2\{6bb2361c-5aaf-11e2-9025-002454e344c5}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6bb23629-5aaf-11e2-9025-002454e344c5}\Shell - "" = AutoRun O33 - MountPoints2\{6bb23629-5aaf-11e2-9025-002454e344c5}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6bb23634-5aaf-11e2-9025-002454e344c5}\Shell - "" = AutoRun O33 - MountPoints2\{6bb23634-5aaf-11e2-9025-002454e344c5}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/11 09:12:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nutzer\Desktop\OTL.exe [2013/06/11 08:51:24 | 004,378,864 | ---- | C] (Piriform Ltd) -- C:\Users\Nutzer\Desktop\ccsetup402.exe [2013/06/04 22:41:38 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/06/04 22:41:38 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/06/04 22:41:38 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/06/04 22:41:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/06/04 22:41:37 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/06/04 22:41:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/06/04 22:41:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/06/04 22:41:37 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/06/04 22:41:37 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/06/04 22:41:37 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/06/04 22:41:37 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/06/04 22:41:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/06/04 22:41:36 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/06/04 22:41:36 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/06/04 22:41:36 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/06/04 22:41:36 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/06/04 22:41:36 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/06/04 22:41:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/06/04 22:41:36 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/06/04 22:41:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/06/04 22:41:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/06/04 22:41:35 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/06/04 22:41:35 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/06/04 22:41:35 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/06/04 22:41:35 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/06/04 22:41:35 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/06/04 22:41:35 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/06/04 22:41:35 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/06/04 22:41:35 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013/06/04 22:41:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/06/04 22:41:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/06/04 22:41:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/06/04 22:41:34 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/06/04 22:41:34 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/06/04 22:41:34 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/06/04 22:41:34 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/06/04 22:41:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/06/04 22:41:34 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/06/04 22:41:34 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/06/04 22:41:34 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/06/04 22:41:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/06/04 22:41:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/06/04 22:41:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/06/04 22:41:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/06/04 22:41:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/06/04 22:41:33 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/06/04 22:41:33 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/06/04 22:41:33 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/06/04 22:41:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/06/04 22:41:33 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/06/04 22:41:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/06/04 22:41:32 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/06/04 22:41:32 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/06/04 22:41:32 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/06/04 22:41:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/06/04 22:41:32 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/06/04 22:41:32 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/06/04 22:41:31 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/06/04 22:41:31 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/06/04 22:41:31 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/06/04 22:41:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/06/04 22:41:31 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/06/04 22:41:31 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/06/04 22:41:31 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/06/04 22:41:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/06/04 22:41:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/06/04 22:41:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013/06/04 22:41:30 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013/06/04 19:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American Audio [2013/06/04 19:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\American Audio [2013/05/22 06:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/05/21 12:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013/05/21 09:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/05/15 03:07:54 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013/05/15 03:07:54 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013/05/15 03:07:46 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013/05/15 03:07:46 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013/05/15 03:07:45 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013/05/15 03:07:45 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013/05/15 03:07:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2007/08/13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Nutzer\AppData\Local\CDRip.dll [2007/01/18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Nutzer\AppData\Local\No23 Recorder.exe [2006/12/11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Nutzer\AppData\Local\basscd.dll [2006/12/11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Nutzer\AppData\Local\bass.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/11 09:12:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nutzer\Desktop\OTL.exe [2013/06/11 08:56:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/06/11 08:54:02 | 000,075,274 | ---- | M] () -- C:\Users\Nutzer\Desktop\cc_20130611_085358.reg [2013/06/11 08:51:27 | 004,378,864 | ---- | M] (Piriform Ltd) -- C:\Users\Nutzer\Desktop\ccsetup402.exe [2013/06/11 08:27:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/06/11 08:27:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/06/11 08:22:53 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/06/11 08:22:51 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013/06/11 08:22:51 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job [2013/06/11 08:17:44 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/11 08:17:44 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/11 08:10:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/11 08:10:17 | 2076,819,455 | -HS- | M] () -- C:\hiberfil.sys [2013/06/10 10:38:29 | 000,009,148 | ---- | M] () -- C:\Users\Nutzer\Desktop\Ausschreibung Stelle Begleitung Reverse 130513.pdf [2013/06/04 22:41:38 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/06/04 22:41:38 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/06/04 22:41:38 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/06/04 22:41:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/06/04 22:41:37 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/06/04 22:41:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/06/04 22:41:37 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/06/04 22:41:37 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/06/04 22:41:37 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/06/04 22:41:37 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/06/04 22:41:37 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/06/04 22:41:36 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/06/04 22:41:36 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/06/04 22:41:36 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/06/04 22:41:36 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/06/04 22:41:36 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/06/04 22:41:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/06/04 22:41:36 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/06/04 22:41:36 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/06/04 22:41:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/06/04 22:41:36 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/06/04 22:41:35 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/06/04 22:41:35 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/06/04 22:41:35 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/06/04 22:41:35 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/06/04 22:41:35 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/06/04 22:41:35 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/06/04 22:41:35 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/06/04 22:41:35 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013/06/04 22:41:35 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/06/04 22:41:35 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/06/04 22:41:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013/06/04 22:41:35 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/06/04 22:41:34 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/06/04 22:41:34 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/06/04 22:41:34 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/06/04 22:41:34 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/06/04 22:41:34 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/06/04 22:41:34 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/06/04 22:41:34 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/06/04 22:41:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/06/04 22:41:34 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/06/04 22:41:34 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/06/04 22:41:34 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/06/04 22:41:34 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/06/04 22:41:34 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/06/04 22:41:34 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013/06/04 22:41:33 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/06/04 22:41:33 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/06/04 22:41:33 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/06/04 22:41:33 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/06/04 22:41:33 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/06/04 22:41:32 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/06/04 22:41:32 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/06/04 22:41:32 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/06/04 22:41:32 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/06/04 22:41:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/06/04 22:41:32 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/06/04 22:41:32 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/06/04 22:41:32 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/06/04 22:41:31 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/06/04 22:41:31 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/06/04 22:41:31 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/06/04 22:41:31 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/06/04 22:41:31 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/06/04 22:41:31 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/06/04 22:41:31 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/06/04 22:41:31 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/06/04 22:41:31 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013/06/04 22:41:30 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013/06/03 18:15:21 | 000,018,833 | ---- | M] () -- C:\Users\Nutzer\Desktop\Gästeliste adressen.ods [2013/05/28 12:34:09 | 000,025,071 | ---- | M] () -- C:\Users\Nutzer\Desktop\komprimierte Steuererklärung_ESt2012_Helmich_Guntram_und_Brümmer_Janine_1.pdf [2013/05/28 12:33:19 | 000,123,267 | ---- | M] () -- C:\Users\Nutzer\Desktop\ESt2012_Helmich_Guntram_und_Brümmer_Janine.elfo [2013/05/27 23:19:39 | 000,159,977 | ---- | M] () -- C:\Users\Nutzer\Desktop\20130726_XAVIER_7D9NED.pdf [2013/05/24 09:40:56 | 000,052,519 | ---- | M] () -- C:\Users\Nutzer\Desktop\CASHANTRAG_20130524_093947_7F2877DB900DAAB700C8699893D1B0E0cash_28023.pdf [2013/05/22 15:29:13 | 000,000,201 | ---- | M] () -- C:\Windows\Lexstat.ini [2013/05/22 14:19:19 | 000,026,714 | ---- | M] () -- C:\Users\Nutzer\Desktop\Evangelien.odt [2013/05/22 14:19:18 | 000,021,363 | ---- | M] () -- C:\Users\Nutzer\Desktop\sprüche.odt [2013/05/22 14:19:15 | 000,030,229 | ---- | M] () -- C:\Users\Nutzer\Desktop\lesungen.odt [2013/05/22 13:19:45 | 000,142,660 | ---- | M] () -- C:\Users\Nutzer\Desktop\hinweise_und_hilfen.pdf [2013/05/22 07:20:47 | 000,200,114 | ---- | M] () -- C:\Users\Nutzer\Desktop\Die_kirchliche_Trauung.pdf [2013/05/21 12:56:18 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013/05/17 08:16:03 | 000,309,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/16 01:09:38 | 001,521,386 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/16 01:09:38 | 000,654,622 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/05/16 01:09:38 | 000,616,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/16 01:09:38 | 000,130,204 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/05/16 01:09:38 | 000,106,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/15 14:01:11 | 000,138,812 | ---- | M] () -- C:\Users\Nutzer\Desktop\Pädagogische Fachkräfte gesucht.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/11 08:54:00 | 000,075,274 | ---- | C] () -- C:\Users\Nutzer\Desktop\cc_20130611_085358.reg [2013/06/10 10:38:29 | 000,009,148 | ---- | C] () -- C:\Users\Nutzer\Desktop\Ausschreibung Stelle Begleitung Reverse 130513.pdf [2013/06/08 10:34:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job [2013/06/04 22:41:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013/06/04 22:41:34 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013/06/03 20:00:53 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013/05/28 12:34:08 | 000,025,071 | ---- | C] () -- C:\Users\Nutzer\Desktop\komprimierte Steuererklärung_ESt2012_Helmich_Guntram_und_Brümmer_Janine_1.pdf [2013/05/27 23:19:38 | 000,159,977 | ---- | C] () -- C:\Users\Nutzer\Desktop\20130726_XAVIER_7D9NED.pdf [2013/05/24 09:40:55 | 000,052,519 | ---- | C] () -- C:\Users\Nutzer\Desktop\CASHANTRAG_20130524_093947_7F2877DB900DAAB700C8699893D1B0E0cash_28023.pdf [2013/05/23 11:25:15 | 000,018,833 | ---- | C] () -- C:\Users\Nutzer\Desktop\Gästeliste adressen.ods [2013/05/22 13:19:45 | 000,142,660 | ---- | C] () -- C:\Users\Nutzer\Desktop\hinweise_und_hilfen.pdf [2013/05/22 12:47:04 | 000,021,363 | ---- | C] () -- C:\Users\Nutzer\Desktop\sprüche.odt [2013/05/22 12:19:51 | 000,026,714 | ---- | C] () -- C:\Users\Nutzer\Desktop\Evangelien.odt [2013/05/22 12:17:32 | 000,030,229 | ---- | C] () -- C:\Users\Nutzer\Desktop\lesungen.odt [2013/05/22 07:20:47 | 000,200,114 | ---- | C] () -- C:\Users\Nutzer\Desktop\Die_kirchliche_Trauung.pdf [2013/05/15 14:01:09 | 000,138,812 | ---- | C] () -- C:\Users\Nutzer\Desktop\Pädagogische Fachkräfte gesucht.pdf [2013/04/26 09:15:50 | 000,002,016 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\recently-used.xbel [2013/04/17 14:06:16 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini [2013/03/18 13:48:34 | 000,001,472 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\RecConfig.xml [2012/11/29 00:08:50 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\mp3Media2.dll [2012/08/25 17:40:11 | 000,000,201 | ---- | C] () -- C:\Windows\Lexstat.ini [2012/08/25 17:19:58 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll [2012/08/25 17:19:58 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll [2012/08/25 17:19:58 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll [2012/08/25 17:19:57 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll [2012/08/25 17:19:57 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll [2012/08/25 17:19:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll [2012/08/25 17:19:57 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll [2012/08/25 17:19:57 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll [2012/08/25 17:19:56 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll [2012/08/25 17:19:56 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll [2012/08/25 17:19:56 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll [2012/08/25 17:19:56 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe [2012/08/25 17:19:56 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll [2012/08/25 17:19:56 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe [2012/08/25 17:19:56 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe [2012/08/25 17:19:56 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll [2012/08/25 17:19:55 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe [2012/08/05 14:22:29 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2012/08/05 14:22:29 | 000,000,859 | ---- | C] () -- C:\Windows\unins000.dat [2012/07/16 20:17:17 | 000,017,408 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\WebpageIcons.db [2012/07/16 16:16:34 | 000,000,000 | ---- | C] () -- C:\Users\Nutzer\.gtk-bookmarks [2012/07/11 10:23:57 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/06/15 10:36:29 | 000,007,605 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\Resmon.ResmonCfg [2011/11/16 14:17:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2007/08/13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\lame_enc.dll [2006/10/26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\vorbisenc.dll [2006/10/26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\vorbisfile.dll [2006/10/26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\vorbis.dll [2006/10/26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\ogg.dll [2005/08/23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:E7BA7168 < End of report > |
|
11.06.2013, 08:58
| #2 |
| /// Helfer-Team  | bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostet Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers dann: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
dann: OTL richtig einstellen: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
11.06.2013, 09:03
| #3 | |
| | bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostet Malwarebytes hat nix gefunden.
__________________Hier das Logfile. Mache jetzt weiter mit dem Adwcleaner. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.11.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Nutzer :: ROSWITHA-PC [administrator]
11.06.2013 10:01:12
mbar-log-2013-06-11 (10-01-12).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 247484
Time elapsed: 51 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Zitat:
Hier das Logfile vom AdwCleaner Code:
ATTFilter # AdwCleaner v2.303 - Datei am 11/06/2013 um 11:16:56 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Nutzer - ROSWITHA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Nutzer\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\roq1xq2y.default\extensions\gophoto@gophoto.it.xpi
Datei Gelöscht : C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\roq1xq2y.default\foxydeal.sqlite
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\1ClickDownload
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Wondershare
Ordner Gelöscht : C:\Program Files (x86)\Gophoto.it
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Program Files (x86)\Wondershare
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Nutzer\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Nutzer\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Nutzer\AppData\Local\Wondershare
Ordner Gelöscht : C:\Users\Nutzer\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\roq1xq2y.default\jetpack
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\roq1xq2y.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\Wondershare
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Zugo
Schlüssel Gelöscht : HKCU\Software\5a48fdcb33bba44
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclick
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclickmg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={2340C2BE-5103-48D9-8903-8A118BB55850}&mid=6bd65bbfc15b47d0a506d16d1207ad36-cb9821c46167f8360e13f207154d234b23563c7d&lang=de&ds=od011&pr=sa&d=2012-07-16 19:39:25&v=12.2.5.32&sap=hp --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\roq1xq2y.default\prefs.js
C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\roq1xq2y.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html")[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{8AA6F00F-196E-4830-BE7D-9245051480CB}");
Gelöscht : user_pref("sweetim.toolbar.version", "1.5.0.2");
*************************
AdwCleaner[S1].txt - [14577 octets] - [11/06/2013 11:16:56]
########## EOF - C:\AdwCleaner[S1].txt - [14638 octets] ##########
Folgt noch das OTL. Malwarebytes hat nix gefunden. Hier das Logfile. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.11.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Nutzer :: ROSWITHA-PC [administrator]
11.06.2013 10:01:12
mbar-log-2013-06-11 (10-01-12).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 247484
Time elapsed: 51 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Hier das Logfile vom AdwCleaner Code:
ATTFilter # AdwCleaner v2.303 - Datei am 11/06/2013 um 11:16:56 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Nutzer - ROSWITHA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Nutzer\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\roq1xq2y.default\extensions\gophoto@gophoto.it.xpi
Datei Gelöscht : C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\roq1xq2y.default\foxydeal.sqlite
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\1ClickDownload
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Wondershare
Ordner Gelöscht : C:\Program Files (x86)\Gophoto.it
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Program Files (x86)\Wondershare
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Nutzer\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Nutzer\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Nutzer\AppData\Local\Wondershare
Ordner Gelöscht : C:\Users\Nutzer\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\roq1xq2y.default\jetpack
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\roq1xq2y.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Nutzer\AppData\Roaming\Wondershare
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Zugo
Schlüssel Gelöscht : HKCU\Software\5a48fdcb33bba44
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclick
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclickmg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={2340C2BE-5103-48D9-8903-8A118BB55850}&mid=6bd65bbfc15b47d0a506d16d1207ad36-cb9821c46167f8360e13f207154d234b23563c7d&lang=de&ds=od011&pr=sa&d=2012-07-16 19:39:25&v=12.2.5.32&sap=hp --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\roq1xq2y.default\prefs.js
C:\Users\Nutzer\AppData\Roaming\Mozilla\Firefox\Profiles\roq1xq2y.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html")[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{8AA6F00F-196E-4830-BE7D-9245051480CB}");
Gelöscht : user_pref("sweetim.toolbar.version", "1.5.0.2");
*************************
AdwCleaner[S1].txt - [14577 octets] - [11/06/2013 11:16:56]
########## EOF - C:\AdwCleaner[S1].txt - [14638 octets] ##########
Folgt noch das OTL. Komischerweise hat sich beim OTL nur 1 Logfile geöffnet. Hab ich da was verkehrt gemacht? Hier ist das Logfile. Code:
ATTFilter OTL logfile created on: 6/11/2013 11:26:08 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nutzer\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.93 Gb Total Physical Memory | 4.04 Gb Available Physical Memory | 68.02% Memory free 11.87 Gb Paging File | 9.95 Gb Available in Paging File | 83.81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 138.99 Gb Total Space | 23.63 Gb Free Space | 17.00% Space Free | Partition Type: NTFS Drive D: | 139.00 Gb Total Space | 73.77 Gb Free Space | 53.07% Space Free | Partition Type: NTFS Computer Name: ROSWITHA-PC | User Name: Nutzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nutzer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Users\Nutzer\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.) PRC - C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (lxbk_device) -- C:\Windows\SysNative\lxbkcoms.exe ( ) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vToolbarUpdater15.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Akamai) -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_ca0e279.dll () SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxbk_device) -- C:\Windows\SysWOW64\lxbkcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (WsAudioDevice_383S(1) -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys (Wondershare) DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (sfvfs02) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology) DRV:64bit: - (sfdrv01) -- C:\Windows\SysNative\drivers\sfdrv01.sys (Protection Technology) DRV:64bit: - (sfhlp02) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology) DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-868785299-726797094-2297327714-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-868785299-726797094-2297327714-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-868785299-726797094-2297327714-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-868785299-726797094-2297327714-1001\..\SearchScopes\{C141038D-EB3F-4719-9220-D1C7528F4F53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=158 IE - HKU\S-1-5-21-868785299-726797094-2297327714-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-868785299-726797094-2297327714-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledAddons: morningCoffee%40shaneliesegang:1.35 FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0 FF - prefs.js..extensions.enabledAddons: periodicbrowsing%40masahal.info:0.8.1.1 FF - prefs.js..extensions.enabledAddons: unplug%40compunach:2.054 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~2\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/22 18:40:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/05/21 12:02:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/22 18:40:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/05/21 12:02:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/07/13 00:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Extensions [2012/07/16 19:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2013/06/11 08:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions [2013/06/11 11:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Firefox\Profiles\roq1xq2y.default\extensions [2013/05/29 11:11:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Firefox\Profiles\roq1xq2y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013/04/07 13:38:25 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Nutzer\AppData\Roaming\mozilla\Firefox\Profiles\roq1xq2y.default\extensions\ich@maltegoetz.de [2013/03/26 18:46:57 | 000,126,560 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\customizable-shortcuts@timtaubert.de.xpi [2013/04/11 17:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\ftdownloader3@ftdownloader.com.xpi [2012/08/16 07:55:52 | 000,107,019 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\morningCoffee@shaneliesegang.xpi [2013/03/20 17:33:59 | 000,052,715 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\periodicbrowsing@masahal.info.xpi [2013/04/02 03:19:15 | 000,142,907 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\unplug@compunach.xpi [2013/05/26 01:12:38 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012/12/23 14:23:28 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013/05/09 13:27:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/04/21 12:47:10 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013/04/04 12:30:10 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013/06/11 11:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/05/22 06:14:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/05/22 06:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/05/22 06:14:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/09/21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-868785299-726797094-2297327714-1001..\Run: [Akamai NetSession Interface] C:\Users\Nutzer\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Nutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk = C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64BCCFEF-BC9D-4DF7-A33E-7922E5F92A4E}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6bb2361c-5aaf-11e2-9025-002454e344c5}\Shell - "" = AutoRun O33 - MountPoints2\{6bb2361c-5aaf-11e2-9025-002454e344c5}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6bb23629-5aaf-11e2-9025-002454e344c5}\Shell - "" = AutoRun O33 - MountPoints2\{6bb23629-5aaf-11e2-9025-002454e344c5}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6bb23634-5aaf-11e2-9025-002454e344c5}\Shell - "" = AutoRun O33 - MountPoints2\{6bb23634-5aaf-11e2-9025-002454e344c5}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/11 10:16:01 | 000,000,000 | ---D | C] -- C:\Users\Nutzer\Desktop\b3st_of_la1th_00_08.rar (155,76 MB) - uploaded.net-Dateien [2013/06/11 10:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013/06/11 10:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/06/11 10:00:14 | 000,000,000 | ---D | C] -- C:\Users\Nutzer\Desktop\mbar [2013/06/11 09:12:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nutzer\Desktop\OTL.exe [2013/06/11 08:51:24 | 004,378,864 | ---- | C] (Piriform Ltd) -- C:\Users\Nutzer\Desktop\ccsetup402.exe [2013/06/04 22:41:38 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/06/04 22:41:38 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/06/04 22:41:38 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/06/04 22:41:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/06/04 22:41:37 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/06/04 22:41:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/06/04 22:41:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/06/04 22:41:37 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/06/04 22:41:37 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/06/04 22:41:37 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/06/04 22:41:37 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/06/04 22:41:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/06/04 22:41:36 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/06/04 22:41:36 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/06/04 22:41:36 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/06/04 22:41:36 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/06/04 22:41:36 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/06/04 22:41:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/06/04 22:41:36 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/06/04 22:41:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/06/04 22:41:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/06/04 22:41:35 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/06/04 22:41:35 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/06/04 22:41:35 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/06/04 22:41:35 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/06/04 22:41:35 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/06/04 22:41:35 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/06/04 22:41:35 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/06/04 22:41:35 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013/06/04 22:41:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/06/04 22:41:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/06/04 22:41:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/06/04 22:41:34 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/06/04 22:41:34 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/06/04 22:41:34 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/06/04 22:41:34 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/06/04 22:41:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/06/04 22:41:34 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/06/04 22:41:34 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/06/04 22:41:34 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/06/04 22:41:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/06/04 22:41:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/06/04 22:41:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/06/04 22:41:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/06/04 22:41:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/06/04 22:41:33 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/06/04 22:41:33 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/06/04 22:41:33 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/06/04 22:41:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/06/04 22:41:33 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/06/04 22:41:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/06/04 22:41:32 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/06/04 22:41:32 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/06/04 22:41:32 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/06/04 22:41:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/06/04 22:41:32 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/06/04 22:41:32 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/06/04 22:41:31 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/06/04 22:41:31 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/06/04 22:41:31 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/06/04 22:41:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/06/04 22:41:31 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/06/04 22:41:31 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/06/04 22:41:31 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/06/04 22:41:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/06/04 22:41:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/06/04 22:41:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013/06/04 22:41:30 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013/06/04 19:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American Audio [2013/06/04 19:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\American Audio [2013/05/22 06:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/05/21 12:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013/05/21 09:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/05/15 03:07:54 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013/05/15 03:07:54 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013/05/15 03:07:46 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013/05/15 03:07:46 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013/05/15 03:07:45 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013/05/15 03:07:45 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013/05/15 03:07:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2007/08/13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Nutzer\AppData\Local\CDRip.dll [2007/01/18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Nutzer\AppData\Local\No23 Recorder.exe [2006/12/11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Nutzer\AppData\Local\basscd.dll [2006/12/11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Nutzer\AppData\Local\bass.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/11 11:26:44 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/11 11:26:44 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/11 11:20:18 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/06/11 11:19:49 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013/06/11 11:19:49 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job [2013/06/11 11:19:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/11 11:19:12 | 2076,819,455 | -HS- | M] () -- C:\hiberfil.sys [2013/06/11 11:17:29 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/06/11 11:14:20 | 348,833,724 | ---- | M] () -- C:\Users\Nutzer\Desktop\pema_tts.rar [2013/06/11 10:56:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/06/11 10:16:02 | 000,023,036 | ---- | M] () -- C:\Users\Nutzer\Desktop\b3st_of_la1th_00_08.rar (155,76 MB) - uploaded.net.htm [2013/06/11 10:00:05 | 013,169,742 | ---- | M] () -- C:\Users\Nutzer\Desktop\mbar-1.06.0.1003.zip [2013/06/11 09:59:58 | 000,648,201 | ---- | M] () -- C:\Users\Nutzer\Desktop\adwcleaner.exe [2013/06/11 09:20:40 | 000,012,272 | ---- | M] () -- C:\Users\Nutzer\Desktop\Unbenannt 1.odt [2013/06/11 09:12:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nutzer\Desktop\OTL.exe [2013/06/11 08:54:02 | 000,075,274 | ---- | M] () -- C:\Users\Nutzer\Desktop\cc_20130611_085358.reg [2013/06/11 08:51:27 | 004,378,864 | ---- | M] (Piriform Ltd) -- C:\Users\Nutzer\Desktop\ccsetup402.exe [2013/06/11 08:27:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/06/11 08:27:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/06/10 10:38:29 | 000,009,148 | ---- | M] () -- C:\Users\Nutzer\Desktop\Ausschreibung Stelle Begleitung Reverse 130513.pdf [2013/06/04 22:41:38 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/06/04 22:41:38 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/06/04 22:41:38 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/06/04 22:41:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/06/04 22:41:37 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/06/04 22:41:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/06/04 22:41:37 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/06/04 22:41:37 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/06/04 22:41:37 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/06/04 22:41:37 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/06/04 22:41:37 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/06/04 22:41:36 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/06/04 22:41:36 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/06/04 22:41:36 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/06/04 22:41:36 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/06/04 22:41:36 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/06/04 22:41:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/06/04 22:41:36 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/06/04 22:41:36 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/06/04 22:41:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/06/04 22:41:36 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/06/04 22:41:35 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/06/04 22:41:35 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/06/04 22:41:35 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/06/04 22:41:35 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/06/04 22:41:35 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/06/04 22:41:35 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/06/04 22:41:35 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/06/04 22:41:35 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013/06/04 22:41:35 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/06/04 22:41:35 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/06/04 22:41:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013/06/04 22:41:35 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/06/04 22:41:34 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/06/04 22:41:34 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/06/04 22:41:34 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/06/04 22:41:34 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/06/04 22:41:34 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/06/04 22:41:34 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/06/04 22:41:34 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/06/04 22:41:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/06/04 22:41:34 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/06/04 22:41:34 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/06/04 22:41:34 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/06/04 22:41:34 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/06/04 22:41:34 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/06/04 22:41:34 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013/06/04 22:41:33 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/06/04 22:41:33 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/06/04 22:41:33 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/06/04 22:41:33 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/06/04 22:41:33 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/06/04 22:41:32 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/06/04 22:41:32 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/06/04 22:41:32 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/06/04 22:41:32 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/06/04 22:41:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/06/04 22:41:32 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/06/04 22:41:32 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/06/04 22:41:32 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/06/04 22:41:31 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/06/04 22:41:31 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/06/04 22:41:31 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/06/04 22:41:31 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/06/04 22:41:31 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/06/04 22:41:31 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/06/04 22:41:31 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/06/04 22:41:31 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/06/04 22:41:31 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013/06/04 22:41:30 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013/06/03 18:15:21 | 000,018,833 | ---- | M] () -- C:\Users\Nutzer\Desktop\Gästeliste adressen.ods [2013/05/28 12:34:09 | 000,025,071 | ---- | M] () -- C:\Users\Nutzer\Desktop\komprimierte Steuererklärung_ESt2012_Helmich_Guntram_und_Brümmer_Janine_1.pdf [2013/05/28 12:33:19 | 000,123,267 | ---- | M] () -- C:\Users\Nutzer\Desktop\ESt2012_Helmich_Guntram_und_Brümmer_Janine.elfo [2013/05/27 23:19:39 | 000,159,977 | ---- | M] () -- C:\Users\Nutzer\Desktop\20130726_XAVIER_7D9NED.pdf [2013/05/24 09:40:56 | 000,052,519 | ---- | M] () -- C:\Users\Nutzer\Desktop\CASHANTRAG_20130524_093947_7F2877DB900DAAB700C8699893D1B0E0cash_28023.pdf [2013/05/22 15:29:13 | 000,000,201 | ---- | M] () -- C:\Windows\Lexstat.ini [2013/05/22 14:19:19 | 000,026,714 | ---- | M] () -- C:\Users\Nutzer\Desktop\Evangelien.odt [2013/05/22 14:19:18 | 000,021,363 | ---- | M] () -- C:\Users\Nutzer\Desktop\sprüche.odt [2013/05/22 14:19:15 | 000,030,229 | ---- | M] () -- C:\Users\Nutzer\Desktop\lesungen.odt [2013/05/22 13:19:45 | 000,142,660 | ---- | M] () -- C:\Users\Nutzer\Desktop\hinweise_und_hilfen.pdf [2013/05/22 07:20:47 | 000,200,114 | ---- | M] () -- C:\Users\Nutzer\Desktop\Die_kirchliche_Trauung.pdf [2013/05/21 12:56:18 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013/05/17 08:16:03 | 000,309,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/16 01:09:38 | 001,521,386 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/16 01:09:38 | 000,654,622 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/05/16 01:09:38 | 000,616,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/16 01:09:38 | 000,130,204 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/05/16 01:09:38 | 000,106,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/15 14:01:11 | 000,138,812 | ---- | M] () -- C:\Users\Nutzer\Desktop\Pädagogische Fachkräfte gesucht.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/11 11:17:08 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/06/11 10:16:09 | 348,833,724 | ---- | C] () -- C:\Users\Nutzer\Desktop\pema_tts.rar [2013/06/11 10:16:00 | 000,023,036 | ---- | C] () -- C:\Users\Nutzer\Desktop\b3st_of_la1th_00_08.rar (155,76 MB) - uploaded.net.htm [2013/06/11 09:59:57 | 000,648,201 | ---- | C] () -- C:\Users\Nutzer\Desktop\adwcleaner.exe [2013/06/11 09:59:53 | 013,169,742 | ---- | C] () -- C:\Users\Nutzer\Desktop\mbar-1.06.0.1003.zip [2013/06/11 09:20:37 | 000,012,272 | ---- | C] () -- C:\Users\Nutzer\Desktop\Unbenannt 1.odt [2013/06/11 08:54:00 | 000,075,274 | ---- | C] () -- C:\Users\Nutzer\Desktop\cc_20130611_085358.reg [2013/06/10 10:38:29 | 000,009,148 | ---- | C] () -- C:\Users\Nutzer\Desktop\Ausschreibung Stelle Begleitung Reverse 130513.pdf [2013/06/08 10:34:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job [2013/06/04 22:41:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013/06/04 22:41:34 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013/06/03 20:00:53 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013/05/28 12:34:08 | 000,025,071 | ---- | C] () -- C:\Users\Nutzer\Desktop\komprimierte Steuererklärung_ESt2012_Helmich_Guntram_und_Brümmer_Janine_1.pdf [2013/05/27 23:19:38 | 000,159,977 | ---- | C] () -- C:\Users\Nutzer\Desktop\20130726_XAVIER_7D9NED.pdf [2013/05/24 09:40:55 | 000,052,519 | ---- | C] () -- C:\Users\Nutzer\Desktop\CASHANTRAG_20130524_093947_7F2877DB900DAAB700C8699893D1B0E0cash_28023.pdf [2013/05/23 11:25:15 | 000,018,833 | ---- | C] () -- C:\Users\Nutzer\Desktop\Gästeliste adressen.ods [2013/05/22 13:19:45 | 000,142,660 | ---- | C] () -- C:\Users\Nutzer\Desktop\hinweise_und_hilfen.pdf [2013/05/22 12:47:04 | 000,021,363 | ---- | C] () -- C:\Users\Nutzer\Desktop\sprüche.odt [2013/05/22 12:19:51 | 000,026,714 | ---- | C] () -- C:\Users\Nutzer\Desktop\Evangelien.odt [2013/05/22 12:17:32 | 000,030,229 | ---- | C] () -- C:\Users\Nutzer\Desktop\lesungen.odt [2013/05/22 07:20:47 | 000,200,114 | ---- | C] () -- C:\Users\Nutzer\Desktop\Die_kirchliche_Trauung.pdf [2013/05/15 14:01:09 | 000,138,812 | ---- | C] () -- C:\Users\Nutzer\Desktop\Pädagogische Fachkräfte gesucht.pdf [2013/04/26 09:15:50 | 000,002,016 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\recently-used.xbel [2013/04/17 14:06:16 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini [2013/03/18 13:48:34 | 000,001,472 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\RecConfig.xml [2012/11/29 00:08:50 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\mp3Media2.dll [2012/08/25 17:40:11 | 000,000,201 | ---- | C] () -- C:\Windows\Lexstat.ini [2012/08/25 17:19:58 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll [2012/08/25 17:19:58 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll [2012/08/25 17:19:58 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll [2012/08/25 17:19:57 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll [2012/08/25 17:19:57 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll [2012/08/25 17:19:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll [2012/08/25 17:19:57 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll [2012/08/25 17:19:57 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll [2012/08/25 17:19:56 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll [2012/08/25 17:19:56 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll [2012/08/25 17:19:56 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll [2012/08/25 17:19:56 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe [2012/08/25 17:19:56 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll [2012/08/25 17:19:56 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe [2012/08/25 17:19:56 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe [2012/08/25 17:19:56 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll [2012/08/25 17:19:55 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe [2012/08/05 14:22:29 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2012/08/05 14:22:29 | 000,000,859 | ---- | C] () -- C:\Windows\unins000.dat [2012/07/16 20:17:17 | 000,017,408 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\WebpageIcons.db [2012/07/16 16:16:34 | 000,000,000 | ---- | C] () -- C:\Users\Nutzer\.gtk-bookmarks [2012/07/11 10:23:57 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/06/15 10:36:29 | 000,007,605 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\Resmon.ResmonCfg [2011/11/16 14:17:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2007/08/13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\lame_enc.dll [2006/10/26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\vorbisenc.dll [2006/10/26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\vorbisfile.dll [2006/10/26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\vorbis.dll [2006/10/26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\ogg.dll [2005/08/23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Nutzer\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/01/11 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013/01/11 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013/04/12 14:07:36 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\Apowersoft [2013/06/05 16:23:54 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\Audacity [2012/12/11 21:16:43 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\AVG2013 [2013/04/17 14:06:51 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\Buhl Data Service [2013/03/28 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/10/29 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\DAEMON Tools Lite [2013/06/11 08:54:40 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\DVDVideoSoft [2012/08/28 10:12:23 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\elsterformular [2012/10/03 00:53:07 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\EssentialPIM [2012/08/05 14:22:29 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\Flatcast [2012/10/17 18:59:02 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\Free PDF to Word Converter [2013/06/11 10:01:35 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\FreeDoko [2013/03/02 14:36:10 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\KastorStreamRecorder [2013/03/27 19:58:57 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\KDE [2013/04/12 14:06:35 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\NCH Swift Sound [2013/03/28 02:23:38 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\Need for Speed World [2012/07/22 15:02:56 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\OpenOffice.org [2013/04/03 14:56:11 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\Orbit [2012/08/24 10:22:34 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\PhotoScape [2012/08/15 11:30:56 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\pokerth [2012/09/30 13:42:55 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\ProgSense [2013/03/15 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\Rapid Evolution 2 [2013/05/26 01:09:42 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\SoftGrid Client [2013/03/28 00:34:10 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\Thunderbird [2012/07/11 10:24:45 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\TP [2013/03/28 00:30:34 | 000,000,000 | ---D | M] -- C:\Users\Nutzer\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:E7BA7168 < End of report > Geändert von kampfrabe (11.06.2013 um 10:00 Uhr) |
|
11.06.2013, 11:35
| #4 |
| /// Helfer-Team | bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostet Bitte mehrfachposts unterlassen! Welche Browser sind betroffen? Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
|
|
11.06.2013, 11:41
| #5 |
| | bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostet Sorry. Mehrfachpost war unbeabsichtigt. Arbeite nur mit dem Firefox. Soll ich den IE öffnen, um zu probieren, ob dort dasselbe passiert? Kümmere mich jetzt um das nächste Tool und melde mich dann wieder. Vielen Dank soweit! Hm, das ging nun sehr schnell. Hier das jrt-logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Nutzer on 11.06.2013 at 12:43:47,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C141038D-EB3F-4719-9220-D1C7528F4F53}
~~~ Files
Successfully deleted: [File] "C:\Users\Nutzer\documents\1click.cfg"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Nutzer\appdata\local\directdownloader"
~~~ FireFox
Successfully deleted: [File] C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\invalidprefs.js
Successfully deleted: [File] "C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\extensions\ftdownloader3@ftdownloader.com.xpi"
Successfully deleted: [Folder] C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\jetpack
Emptied folder: C:\Users\Nutzer\AppData\Roaming\mozilla\firefox\profiles\roq1xq2y.default\minidumps [363 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.06.2013 at 12:49:51,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Soll / Muss ich denn noch irgend etwas tun. Danke nochmals. |
|
11.06.2013, 15:15
| #6 |
| /// Helfer-Team | bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostet Gut. Downloade Dir bitte  SecurityCheck und:
__________________ --> bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostet |
|
11.06.2013, 15:32
| #7 |
| | bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostet Hier der checkup Code:
ATTFilter Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 21
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader 9
Adobe Reader XI
Mozilla Firefox (21.0)
Mozilla Thunderbird (17.0.6)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Hallo nochmal! Nun gibt es etwas Neues: Bei Umleitungen zu ul.to wird bei mir folgende Seite angezeigt: "Welcome to nginx!" Liegt das an den gestern durchgeführten Scans etc.? Muss / Kann / Soll ich noch weitere Dinge vornehmen?  |
|
12.06.2013, 09:11
| #8 | |
| /// Helfer-Team | bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostetZitat:
Sehr gut!  damit bist Du sauber und entlassen!  Tool-Bereinigung Die Reihenfolge ist hier entscheidend.
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
12.06.2013, 09:15
| #9 |
| | bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostet supergeil! Dankeschön! |
|
12.06.2013, 09:21
| #10 |
| /// Helfer-Team | bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostet wuensche eine virenfreie Zeit  |
|
| Themen zu bannersdontwork und survey.central öffnen sich im Firefox - OTL Logfiles gepostet |
| 7-zip, adobe reader xi, akamai, avg secure search, bho, ccsetup, cid, converter, error, firefox, flash player, ftdownloader, google, gophoto, home, homepage, iexplore.exe, install.exe, microsoft office starter 2010, mozilla, mp3, msiexec.exe, msiinstaller, problem, realtek, recuva, registry, scan, secure search, security, sekunden, server, software, svchost.exe, visual studio, vtoolbarupdater, windows, wiso |
Linear-Darstellung
