| |
| |||||||
Log-Analyse und Auswertung: Google lädt falsche Seiten in Firefox und IEWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
14.06.2013, 19:16
| #1 |
 |  Google lädt falsche Seiten in Firefox und IE Hallo, ich bin neu hier und hoffe, dass ihr mir helfen könnt auch wenn meine PC- und Internetkenntnisse recht übersichtlich sind und ich wahrscheinlich auch mal nachfragen muss. Seit einigen Tagen kann ich nicht mehr die von mir gewünschten Seiten über Google öffnen. Dies passiert in Firefox aber auch im IE. Eine Wiederherstellung zu einem früheren Zeitpunkt ist auch nicht mehr möglich, da die Wiederherstellungsfunktion deaktiviert wurde. Avira hat im Scan nichts gefunden, jedoch Malwarebytes und Spybot. Diese Funde habe ich gelöscht. Jedoch ist das Problem leider nicht gelöst. Wenn ich Seiten in Google aufrufe, dann werden diese auch ordnungsgemäß geladen allerdings nur 2 oder 3 Mal und dann werde ich wieder umgeleitet auf Pokerseiten oder newsbusters.org oder sureonlinefind.com oder extremsportman.com oder ihavenet oder die Seite bleibt weiß. Ich kann den PC normal hochfahren und auch die Lesezeichen-Seiten werden ordnungsgemäß geladen. Allerdings ist mir aufgefallen, dass z.B. Java öfter nicht mehr vorhanden ist, obwohl ich es immer wieder neu installierte. Außerdem wird unter Extras – Einstellungen – Datenschutz – Chronik bei jedem Start die benutzerdefinierte Variante angezeigt, statt die von mir jedes Mal korrigierte Variante „niemals anlegen“. Auch macht Google bei der Stichworteingabe öfter mal keine Vorschläge mehr. Ich arbeite mit Windows XP Professional. Beim Lesen im Forum habe ich gesehen, dass ihr Rückfragen zu der Professional-Software habt: Ich habe einen älteren HP-Rechner sowie eine Lizenz beim PC-Abverkauf von einer Firma gekauft. Kurz nach Inbetriebnahme des Rechners wurde ich im Internet dazu aufgefordert, meine Software überprüfen zu lassen und die Lizenz wurde als legal bestätigt. Beim scannen mit GMER habe ich noch eine Frage: Es heisst "Entferne rechts den Haken bei". Bei IAT/EAT ist es mir klar. Doch dann komme ich mit "angehakt und abgehakt" nicht mehr so recht weiter, denn wenn ich etwas abhake, dann mache ich einen Haken dran. Soll ich nun einen Haken setzen bei c: oder den Haken bei Quick scan, der obendrüber steht, belassen? Es gibt bei mir nur diese beiden Optionen. Und bei "show all" soll da nun ein Haken sein oder nicht? Wahrscheinlich stehe ich nur auf dem Schlauch. Sorry Ich wäre froh über eure Hilfe, da ich nun nicht mehr weiter weiß. Vielen Dank schon mal im voraus. defogger hat nichts gemeldet Ansonsten hier die Scan-Ergebnisse von: OTL Extras Malwarebytes Spybot (Die Probleme traten ungefähr zeitgleich auf, nachdem ich mit Spybot meinen Rechner immunisiert hatte. Da ich anfangs dachte, dass das Problem damit zusammenhängen könnte, habe ich die Immunizierung rückgängig gemacht. Deshalb poste ich hier mehrere Scans, da ich nicht weiss, was zur Immunisierung gehört und was zum normalen Scannen) Code:
ATTFilter OTL logfile created on: 14.06.2013 18:06:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Gudrun\Favoriten\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 503,43 Mb Total Physical Memory | 317,84 Mb Available Physical Memory | 63,13% Memory free 1,20 Gb Paging File | 0,81 Gb Available in Paging File | 67,59% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,53 Gb Total Space | 39,06 Gb Free Space | 52,41% Space Free | Partition Type: NTFS Computer Name: HP29421126778 | User Name: Gudrun | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.14 18:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gudrun\Favoriten\Eigene Dateien\Downloads\OTL.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.07 17:53:32 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.30 09:31:59 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.30 09:31:34 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.30 09:31:32 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.09.19 20:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.08.23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll MOD - [2012.04.03 17:06:14 | 000,565,640 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\av\BDSmartDB.dll MOD - [2011.05.19 20:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Programme\Spybot - Search & Destroy 2\av\avxdisk.dll MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Programme\Spybot -- (SDScannerService) SRV - [2013.06.12 12:07:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.25 10:23:06 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.30 09:31:59 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.30 09:31:32 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010.12.17 10:28:07 | 000,065,536 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\afasrv32.exe -- (AfaService) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2002.09.20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [On_Demand | Stopped] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.03.30 09:32:06 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.30 09:32:06 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.30 09:32:06 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 16:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.11.10 04:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) DRV - [2010.11.10 04:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2010.06.14 15:04:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs) DRV - [2010.06.14 15:04:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd) DRV - [2010.03.04 17:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd) DRV - [2009.10.07 10:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2009.10.07 10:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.08.26 16:10:26 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2008.05.27 11:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MHIKEY10.sys -- (MHIKEY10) DRV - [2004.08.04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004.08.04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004.08.04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004.08.04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004.08.04 01:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004.08.04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004.08.04 01:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004.08.04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004.08.04 01:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004.08.04 01:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004.08.04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004.08.04 01:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004.08.04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004.08.04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004.08.04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2004.02.04 12:34:16 | 000,051,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp) DRV - [2002.04.04 08:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://go.compaq.com/1Q00CDT/0407/bl8.asp IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://go.compaq.com/1Q00CDT/0407/bl8.asp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{6C914997-2338-4B4E-9E1D-79E036E628A9}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{76482EC3-5E9F-490B-8838-0EF988185C74}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{ED71C649-7A9D-432C-AE99-1241B710E5A9}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{F8437D60-1B35-4220-9A58-BD4EB2848412}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "WEB.DE Suche" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\Mozilla Firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre1.6.0_20\lib\deploy\jqs\ff FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\ff\ [2012.12.27 14:35:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.05.25 10:22:50 | 000,000,000 | ---D | M] [2010.03.31 10:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Extensions [2013.06.05 17:49:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Firefox\Profiles\am13whh1.default\extensions [2012.09.12 21:40:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Firefox\Profiles\am13whh1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}(2) [2013.06.05 17:49:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Firefox\Profiles\am13whh1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.02.23 21:36:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Firefox\Profiles\am13whh1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) [2013.05.09 15:46:27 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Firefox\Profiles\am13whh1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.12.20 10:51:12 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Firefox\Profiles\am13whh1.default\searchplugins\11-suche.xml [2011.12.20 10:51:12 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Firefox\Profiles\am13whh1.default\searchplugins\englische-ergebnisse.xml [2011.12.20 10:51:12 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Firefox\Profiles\am13whh1.default\searchplugins\gmx-suche.xml [2011.12.20 10:51:12 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Firefox\Profiles\am13whh1.default\searchplugins\lastminute.xml [2012.09.12 21:35:34 | 000,000,642 | ---- | M] () -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Firefox\Profiles\am13whh1.default\searchplugins\search-safer.xml [2011.12.20 10:51:12 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Firefox\Profiles\am13whh1.default\searchplugins\webde-suche.xml [2013.05.25 10:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.25 10:22:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.05.25 10:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.25 10:23:08 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv522.dll [2011.09.23 14:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv530.dll Hosts file not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility) O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E039CC7-8070-4CE7-8344-135A21421A94}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.04 14:06:08 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Gudrun\Recent [2013.05.28 17:07:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2 [2013.05.28 15:47:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.05.28 15:47:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.05.28 14:23:33 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2 [2013.05.27 18:10:10 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe [2013.05.25 10:22:43 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.07.05 13:09:54 | 000,640,512 | ---- | C] (hxxp://lame.sf.net) -- C:\Programme\lame.exe [2012.05.18 19:31:36 | 314,306,328 | ---- | C] (Microsoft Corporation) -- C:\Programme\X16-publisher.exe [2010.12.04 00:03:52 | 008,803,144 | ---- | C] (Glarysoft Ltd ) -- C:\Programme\gu230setup.exe [2010.11.22 21:46:01 | 005,254,968 | ---- | C] (Nexway) -- C:\Programme\dlmgr.714351.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.14 18:07:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.06.14 18:01:35 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Gudrun\defogger_reenable [2013.06.14 17:20:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.06.14 17:18:53 | 000,000,636 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.06.14 17:18:40 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1379574645-815484552-451258434-1005.job [2013.06.14 17:18:37 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\aiyzpr.job [2013.06.14 17:18:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.14 17:18:33 | 527,962,112 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 17:18:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2013.06.14 12:55:06 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Gudrun\Desktop\Word.lnk [2013.06.13 19:05:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.06.12 11:22:31 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2013.05.28 17:08:24 | 000,000,608 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.05.28 17:08:24 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013.05.28 17:07:57 | 000,001,818 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk [2013.05.28 15:47:11 | 000,000,774 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.27 21:20:02 | 000,598,528 | RHS- | M] () -- C:\WINDOWS\System32\lmhsvcp.dll [2013.05.27 19:46:16 | 000,001,635 | ---- | M] () -- C:\Quarantine.lst [2013.05.27 18:34:49 | 000,446,998 | R--- | M] () -- C:\WINDOWS\hosts.20130528-131246.backup [2013.05.16 13:05:58 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.15 22:22:57 | 000,499,070 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.15 22:22:57 | 000,475,008 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.15 22:22:57 | 000,101,612 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.15 22:22:57 | 000,085,012 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.14 18:01:35 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Gudrun\defogger_reenable [2013.06.13 19:05:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2013.05.28 17:07:58 | 000,001,824 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk [2013.05.28 17:07:57 | 000,001,818 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk [2013.05.28 15:47:11 | 000,000,774 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.28 15:34:32 | 527,962,112 | -HS- | C] () -- C:\hiberfil.sys [2013.05.28 14:30:46 | 000,001,635 | ---- | C] () -- C:\Quarantine.lst [2013.05.28 14:25:04 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013.05.28 14:25:03 | 000,000,608 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.05.28 14:25:01 | 000,000,636 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.05.28 13:12:46 | 000,446,998 | R--- | C] () -- C:\WINDOWS\hosts.20130528-131246.backup [2013.05.27 21:20:03 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\aiyzpr.job [2013.05.27 21:20:02 | 000,598,528 | RHS- | C] () -- C:\WINDOWS\System32\lmhsvcp.dll [2013.05.25 10:43:22 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk [2012.12.25 13:51:17 | 000,316,317 | ---- | C] () -- C:\Programme\fast_video_download-4.2.4-fx.xpi [2012.09.12 21:28:06 | 000,199,396 | ---- | C] () -- C:\Programme\easy_youtube_video_downloader-6.5-fx.xpi [2012.07.05 17:14:19 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins001.exe [2012.07.05 17:14:18 | 000,002,383 | ---- | C] () -- C:\WINDOWS\unins001.dat [2012.07.05 13:09:54 | 000,104,627 | ---- | C] () -- C:\Programme\history.html [2012.07.05 13:09:54 | 000,052,475 | ---- | C] () -- C:\Programme\detailed.html [2012.07.05 13:09:54 | 000,025,559 | ---- | C] () -- C:\Programme\links.html [2012.07.05 13:09:54 | 000,007,791 | ---- | C] () -- C:\Programme\introduction.html [2012.07.05 13:09:54 | 000,005,998 | ---- | C] () -- C:\Programme\contributors.html [2012.07.05 13:09:54 | 000,005,695 | ---- | C] () -- C:\Programme\usage.html [2012.07.05 13:09:54 | 000,005,639 | ---- | C] () -- C:\Programme\ms_stereo.html [2012.07.05 13:09:54 | 000,005,406 | ---- | C] () -- C:\Programme\about.html [2012.07.05 13:09:54 | 000,004,764 | ---- | C] () -- C:\Programme\basic.html [2012.07.05 13:09:54 | 000,004,645 | ---- | C] () -- C:\Programme\cbr.html [2012.07.05 13:09:54 | 000,004,519 | ---- | C] () -- C:\Programme\contact.html [2012.07.05 13:09:54 | 000,004,349 | ---- | C] () -- C:\Programme\abr.html [2012.07.05 13:09:54 | 000,003,421 | ---- | C] () -- C:\Programme\vbr.html [2012.07.05 13:09:54 | 000,002,898 | ---- | C] () -- C:\Programme\index.html [2012.07.05 13:09:54 | 000,002,532 | ---- | C] () -- C:\Programme\list.html [2012.02.15 14:38:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.24 20:12:19 | 000,713,352 | ---- | C] () -- C:\Programme\DVSUninstall.exe [2011.10.15 21:51:33 | 000,000,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\xpy.ini [2011.01.17 15:03:53 | 000,018,944 | ---- | C] () -- C:\Dokumente und Einstellungen\Gudrun\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.16 23:20:36 | 000,000,002 | ---- | C] () -- C:\Dokumente und Einstellungen\Gudrun\Blocked [2010.11.16 10:40:24 | 000,000,002 | ---- | C] () -- C:\Dokumente und Einstellungen\Gudrun\Allowed [2010.03.31 10:16:00 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Gudrun\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2009.11.17 17:24:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.08 13:24:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ClubSanDisk [2010.12.28 14:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\createonepart [2010.12.25 20:58:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\df9e0d [2010.12.28 14:31:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher [2012.12.25 13:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake [2012.03.04 20:44:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IMSIDesign [2010.12.28 14:30:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\launcher [2012.10.08 12:18:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache [2010.09.07 18:47:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2011.02.25 19:57:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCPitstop [2010.11.15 20:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCPitstopDat [2010.12.25 20:51:59 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PIZANAOTS [2010.09.13 17:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Publish Data [2013.04.27 19:21:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SoftPerfect [2012.06.12 21:30:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2011.01.02 17:48:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2010.02.11 17:51:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2011.12.20 10:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\1&1 Mail & Media GmbH [2011.06.04 10:38:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\AliceHilfe [2012.07.14 10:54:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Amazon [2010.09.27 16:25:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\concept design [2012.12.27 14:35:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\DVDVideoSoft [2012.12.25 13:42:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.09.19 17:05:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\FinalMediaPlayer [2012.07.05 17:12:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Flatcast [2010.04.13 11:08:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Foxit [2010.09.28 13:01:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Foxit Software [2010.12.04 00:08:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\GlarySoft [2010.08.29 21:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Hansenet [2010.04.02 11:30:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\InterVideo [2010.05.16 23:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Leadertech [2013.06.14 18:11:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\NetSpeedMonitor [2010.11.11 11:51:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\OpenOffice.org [2012.07.02 09:28:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Oracle [2012.09.12 21:35:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\Toolbar4 [2011.01.02 17:50:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\TuneUp Software [2013.01.12 23:17:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\XnView [2012.10.08 11:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gudrun\Anwendungsdaten\xVideoServiceThief ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.06.2013 18:06:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Gudrun\Favoriten\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
503,43 Mb Total Physical Memory | 317,84 Mb Available Physical Memory | 63,13% Memory free
1,20 Gb Paging File | 0,81 Gb Available in Paging File | 67,59% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 39,06 Gb Free Space | 52,41% Space Free | Partition Type: NTFS
Computer Name: HP29421126778 | User Name: Gudrun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX-Diagnoseprogramm -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Mozilla Firefox\plugin-container.exe" = C:\Programme\Mozilla Firefox\plugin-container.exe:*:Disabled:Plugin Container for Firefox -- (Mozilla Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Management Programs
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PUBLISHERR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PUBLISHERR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PUBLISHERR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PUBLISHERR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PUBLISHERR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alice Software" = Alice Software 4.9.2
"AliceHilfe 1.0.0.1" = AliceHilfe
"Amazon Kindle" = Amazon Kindle
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CAEB60F7C64A33BA5101FE57B2D85A72F1AE8D79" = Windows-Treiberpaket - Broadcom (b57w2k) Net (07/31/2009 12.2.2.0)
"Card Reader Driver and USIM Editor Program_is1" = USIM Editor 1.0.25.70
"CCleaner" = CCleaner
"Digital Editions" = Adobe Digital Editions
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"ie8" = Windows Internet Explorer 8
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Management Programs
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Office14.PUBLISHERR" = Microsoft Publisher 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.85
"VLC media player" = VLC media player 2.0.6
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"STANLY Track" = STANLY Track
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.05.2013 03:10:16 | Computer Name = HP29421126778 | Source = MsiInstaller | ID = 11609
Description =
Error - 27.05.2013 12:50:08 | Computer Name = HP29421126778 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 27.05.2013 12:50:08 | Computer Name = HP29421126778 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 28.05.2013 09:27:04 | Computer Name = HP29421126778 | Source = EventSystem | ID = 4614
Description = Das COM+-Ereignissystem hat eine Inkonsistenz in seinem internen Status
erkannt. Fehler bei der Assertion "GetLastError() == 122L" in Zeile 162 von d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
Error - 04.06.2013 07:06:14 | Computer Name = HP29421126778 | Source = MsiInstaller | ID = 11609
Description =
Error - 06.06.2013 12:43:34 | Computer Name = HP29421126778 | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x8
Error - 11.06.2013 06:47:44 | Computer Name = HP29421126778 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00ea0fef.
Error - 11.06.2013 06:48:08 | Computer Name = HP29421126778 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
Error - 12.06.2013 05:26:30 | Computer Name = HP29421126778 | Source = MsiInstaller | ID = 11609
Description =
Error - 13.06.2013 12:56:01 | Computer Name = HP29421126778 | Source = Avira Antivirus | ID = 4104
Description = Die Virendefinitionsdatei konnte nicht gefunden werden! Fehlercode:
0x3
[ System Events ]
Error - 13.06.2013 12:55:27 | Computer Name = HP29421126778 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 13.06.2013 12:56:01 | Computer Name = HP29421126778 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: 306 (0x132).
Error - 13.06.2013 13:34:25 | Computer Name = HP29421126778 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Security Center Service.
Error - 13.06.2013 13:34:25 | Computer Name = HP29421126778 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 13.06.2013 14:09:26 | Computer Name = HP29421126778 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Security Center Service.
Error - 13.06.2013 14:09:26 | Computer Name = HP29421126778 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 14.06.2013 06:32:28 | Computer Name = HP29421126778 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Security Center Service.
Error - 14.06.2013 06:32:28 | Computer Name = HP29421126778 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 14.06.2013 11:20:43 | Computer Name = HP29421126778 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Security Center Service.
Error - 14.06.2013 11:20:43 | Computer Name = HP29421126778 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
[ TuneUp Events ]
Error - 25.12.2010 18:59:31 | Computer Name = HP29421126778 | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 25.12.2010 20:05:45 | Computer Name = HP29421126778 | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 26.12.2010 05:34:06 | Computer Name = HP29421126778 | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 27.12.2010 17:10:03 | Computer Name = HP29421126778 | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 31.12.2010 15:56:22 | Computer Name = HP29421126778 | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 31.12.2010 16:04:28 | Computer Name = HP29421126778 | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 02.01.2011 09:21:23 | Computer Name = HP29421126778 | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 02.01.2011 09:21:48 | Computer Name = HP29421126778 | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 02.01.2011 09:22:58 | Computer Name = HP29421126778 | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 02.01.2011 09:23:18 | Computer Name = HP29421126778 | Source = TuneUp Program Statistics | ID = 131840
Description =
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.28.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Gudrun :: HP29421126778 [Administrator] 28.05.2013 15:51:44 mbam-log-2013-05-28 (15-51-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 299419 Laufzeit: 53 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\WINDOWS\hosts (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Search results from Spybot - Search & Destroy
27.05.2013 19:38:24
Scan took 00:44:52.
77 items found.
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\flash.quantserve.com\com.quantserve.sol
Properties.size=72
Properties.md5=F58CFAC474F4299EABDB96F11A248B32
Properties.filedate=1269880670
Properties.filedatetext=2010-03-29 18:37:50
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\s.ytimg.com\hdTooltipClue2.sol
Properties.size=53
Properties.md5=22EEF6EA0B04293CD0A34CF946A5BC58
Properties.filedate=1269852509
Properties.filedatetext=2010-03-29 10:48:28
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\s.ytimg.com\restore.sol
Properties.size=62
Properties.md5=B001FB1F8D674491778BF58DF9A09455
Properties.filedate=1269960409
Properties.filedatetext=2010-03-30 16:46:48
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=080DF4E08956B50072B5D3B19F3DB5FC
Properties.filedate=1269856178
Properties.filedatetext=2010-03-29 11:49:38
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\s.ytimg.com\videostats.sol
Properties.size=199
Properties.md5=DA609BAAA0FD35490A1752095B7D1AE3
Properties.filedate=1269960595
Properties.filedatetext=2010-03-30 16:49:54
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\widget-cdn.meebo.com\com.quantserve.sol
Properties.size=72
Properties.md5=C64786E51FDE34982738509B0225764A
Properties.filedate=1269880670
Properties.filedatetext=2010-03-29 18:37:50
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\widget-cdn.meebo.com\mm.sol
Properties.size=250
Properties.md5=5CCF9D86D86D5118FCA1E3A6EE89F4DE
Properties.filedate=1269880698
Properties.filedatetext=2010-03-29 18:38:17
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\d1.scribdassets.com\ScribdViewer.swf\instance_identifier.sol
Properties.size=79
Properties.md5=2678F0B4C990E541889CE4F88227F347
Properties.filedate=1269961027
Properties.filedatetext=2010-03-30 16:57:06
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\d1.scribdassets.com\ScribdViewer.swf\scribdSettings.sol
Properties.size=80
Properties.md5=63F41F0DCED7AAC5C5C2D2D38615FD2D
Properties.filedate=1269961217
Properties.filedatetext=2010-03-30 17:00:16
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\skype.com\#ui\preferences.sol
Properties.size=233
Properties.md5=CC3A13DA3E07DF85C79C13706DF6D1F5
Properties.filedate=1269966731
Properties.filedatetext=2010-03-30 18:32:11
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\ui-portal.de\brbtpixel\brbtpixel_03042007.swf\webdecookie.sol
Properties.size=110
Properties.md5=C7734719158B5380D214686EB249FB1E
Properties.filedate=1269967569
Properties.filedatetext=2010-03-30 18:46:08
MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): Gudrun) (Browser: Cookie, nothing done)
Common Dialogs: [SBI $8E73A7FB] History (2 files) (Registry Key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $D5C3373A] AutoComplete data (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Internet Explorer\IntelliForms\SPW
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Office 12.0: [SBI $31A61065] Internet history (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Office\12.0\Common\Internet\UseRWHlinkNavigation
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Search Assistant\ACMru
MS Windows Backup 5.0: [SBI $9CE336F6] Last created backup set (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Ntbackup\Hardware\Logical Disk File
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $48691F6C] Open with list - .ASD extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASD\OpenWithList
Windows.OpenWith: [SBI $48691F6C] Open with list - .ASD extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASD\OpenWithList
Windows.OpenWith: [SBI $50F69B2B] Open with list - .AU extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AU\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $DCEE25EC] Open with list - .BAK extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BAK\OpenWithList
Windows.OpenWith: [SBI $DCEE25EC] Open with list - .BAK extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BAK\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-500\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Browser: Cookie (9) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (134) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (194) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (7) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (5) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-05-16 blindman.exe (2.1.18.151)
2013-05-16 explorer.exe (2.1.18.177)
2013-05-16 SDBootCD.exe (2.1.18.109)
2013-05-16 SDCleaner.exe (2.1.18.110)
2013-05-16 SDDelFile.exe (2.1.18.94)
2013-05-16 SDFiles.exe (2.1.18.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2013-05-16 SDFSSvc.exe (2.1.18.208)
2013-05-16 SDHookHelper.exe (2.1.18.2)
2013-05-16 SDHookInst32.exe (2.1.18.2)
2013-05-16 SDImmunize.exe (2.1.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-05-16 SDOnAccess.exe (2.1.18.4)
2013-05-16 SDPESetup.exe (2.1.18.3)
2013-05-16 SDPEStart.exe (2.1.18.86)
2013-05-16 SDPhoneScan.exe (2.1.18.28)
2013-05-16 SDPRE.exe (2.1.18.22)
2013-05-16 SDPrepPos.exe (2.1.18.10)
2013-05-16 SDQuarantine.exe (2.1.18.103)
2013-05-16 SDRootAlyzer.exe (2.1.18.116)
2013-05-16 SDSBIEdit.exe (2.1.18.39)
2013-05-16 SDScan.exe (2.1.18.177)
2013-05-16 SDScript.exe (2.1.18.53)
2013-05-16 SDSettings.exe (2.1.18.136)
2013-05-16 SDShell.exe (2.1.18.2)
2013-05-16 SDShred.exe (2.1.18.107)
2013-05-16 SDSysRepair.exe (2.1.18.101)
2013-05-16 SDTools.exe (2.1.18.150)
2013-05-16 SDTray.exe (2.1.18.127)
2013-05-16 SDUpdate.exe (2.1.18.91)
2013-05-16 SDUpdSvc.exe (2.1.18.76)
2013-05-16 SDWelcome.exe (2.1.18.129)
2013-05-15 SDWSCSvc.exe (2.1.18.2)
2013-05-27 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-05-16 SDFileScanLibrary.dll (2.1.18.12)
2013-05-16 SDHook32.dll (2.1.18.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2012-12-18 Includes\Adware.sbi (*)
2013-05-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2013-05-22 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-05-22 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-05-08 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-05-22 Includes\TrojansC-03.sbi (*)
2013-03-14 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
Code:
ATTFilter Search results from Spybot - Search & Destroy
28.05.2013 17:53:22
Scan took 00:43:41.
31 items found.
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\flash.quantserve.com\com.quantserve.sol
Properties.size=72
Properties.md5=F58CFAC474F4299EABDB96F11A248B32
Properties.filedate=1269880670
Properties.filedatetext=2010-03-29 18:37:50
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\s.ytimg.com\hdTooltipClue2.sol
Properties.size=53
Properties.md5=22EEF6EA0B04293CD0A34CF946A5BC58
Properties.filedate=1269852508
Properties.filedatetext=2010-03-29 10:48:28
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\s.ytimg.com\restore.sol
Properties.size=62
Properties.md5=B001FB1F8D674491778BF58DF9A09455
Properties.filedate=1269960408
Properties.filedatetext=2010-03-30 16:46:48
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=080DF4E08956B50072B5D3B19F3DB5FC
Properties.filedate=1269856178
Properties.filedatetext=2010-03-29 11:49:38
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\s.ytimg.com\videostats.sol
Properties.size=199
Properties.md5=DA609BAAA0FD35490A1752095B7D1AE3
Properties.filedate=1269960594
Properties.filedatetext=2010-03-30 16:49:54
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\widget-cdn.meebo.com\com.quantserve.sol
Properties.size=72
Properties.md5=C64786E51FDE34982738509B0225764A
Properties.filedate=1269880670
Properties.filedatetext=2010-03-29 18:37:50
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\widget-cdn.meebo.com\mm.sol
Properties.size=250
Properties.md5=5CCF9D86D86D5118FCA1E3A6EE89F4DE
Properties.filedate=1269880696
Properties.filedatetext=2010-03-29 18:38:16
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\d1.scribdassets.com\ScribdViewer.swf\instance_identifier.sol
Properties.size=79
Properties.md5=2678F0B4C990E541889CE4F88227F347
Properties.filedate=1269961026
Properties.filedatetext=2010-03-30 16:57:06
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\d1.scribdassets.com\ScribdViewer.swf\scribdSettings.sol
Properties.size=80
Properties.md5=63F41F0DCED7AAC5C5C2D2D38615FD2D
Properties.filedate=1269961216
Properties.filedatetext=2010-03-30 17:00:16
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\skype.com\#ui\preferences.sol
Properties.size=233
Properties.md5=CC3A13DA3E07DF85C79C13706DF6D1F5
Properties.filedate=1269966730
Properties.filedatetext=2010-03-30 18:32:10
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\62AKB9LB\ui-portal.de\brbtpixel\brbtpixel_03042007.swf\webdecookie.sol
Properties.size=110
Properties.md5=C7734719158B5380D214686EB249FB1E
Properties.filedate=1269967568
Properties.filedatetext=2010-03-30 18:46:08
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Microsoft Management Console\Recent File List
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Search Assistant\ACMru
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\WinRAR\ArcHistory
WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\WinRAR\General\LastFolder
WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\WinRAR\DialogEditHistory\ExtrPath
Cookie: [SBI $49804B54] Browser: Cookie (4) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (169) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (12) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (7) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (5) (Browser: History, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-05-16 blindman.exe (2.1.18.151)
2013-05-16 explorer.exe (2.1.18.177)
2013-05-16 SDBootCD.exe (2.1.18.109)
2013-05-16 SDCleaner.exe (2.1.18.110)
2013-05-16 SDDelFile.exe (2.1.18.94)
2013-05-16 SDFiles.exe (2.1.18.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2013-05-16 SDFSSvc.exe (2.1.18.208)
2013-05-16 SDHookHelper.exe (2.1.18.2)
2013-05-16 SDHookInst32.exe (2.1.18.2)
2013-05-16 SDImmunize.exe (2.1.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-05-16 SDOnAccess.exe (2.1.18.4)
2013-05-16 SDPESetup.exe (2.1.18.3)
2013-05-16 SDPEStart.exe (2.1.18.86)
2013-05-16 SDPhoneScan.exe (2.1.18.28)
2013-05-16 SDPRE.exe (2.1.18.22)
2013-05-16 SDPrepPos.exe (2.1.18.10)
2013-05-16 SDQuarantine.exe (2.1.18.103)
2013-05-16 SDRootAlyzer.exe (2.1.18.116)
2013-05-16 SDSBIEdit.exe (2.1.18.39)
2013-05-16 SDScan.exe (2.1.18.177)
2013-05-16 SDScript.exe (2.1.18.53)
2013-05-16 SDSettings.exe (2.1.18.136)
2013-05-16 SDShell.exe (2.1.18.2)
2013-05-16 SDShred.exe (2.1.18.107)
2013-05-16 SDSysRepair.exe (2.1.18.101)
2013-05-16 SDTools.exe (2.1.18.150)
2013-05-16 SDTray.exe (2.1.18.127)
2013-05-16 SDUpdate.exe (2.1.18.91)
2013-05-16 SDUpdSvc.exe (2.1.18.76)
2013-05-16 SDWelcome.exe (2.1.18.129)
2013-05-15 SDWSCSvc.exe (2.1.18.2)
2013-05-28 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-05-16 SDFileScanLibrary.dll (2.1.18.12)
2013-05-16 SDHook32.dll (2.1.18.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2012-12-18 Includes\Adware.sbi (*)
2013-05-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2013-05-22 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-05-22 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-05-08 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-05-22 Includes\TrojansC-03.sbi (*)
2013-03-14 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
Code:
ATTFilter Search results from Spybot - Search & Destroy
11.06.2013 14:05:31
Scan took 00:42:03.
17 items found.
Win32.Downloader.gen: [SBI $E6AD2227] Program directory (Directory, nothing done)
C:\Dokumente und Einstellungen\Gudrun\Lokale Einstellungen\Anwendungsdaten\Conduit\
Directory.subfile=C:\Dokumente und Einstellungen\Gudrun\Lokale Einstellungen\Anwendungsdaten\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=de&browserType=IE&toolbarVersion=5_3_4_2.xml
Directory.subfile.size=11092
Directory.subfile.md5=DFE1156D289BCE111E7C1EEA48E3EC78
Directory.subfile.filedate=1283940393
Directory.subfile.filedatetext=2010-09-08 12:06:32
Directory.subfile=C:\Dokumente und Einstellungen\Gudrun\Lokale Einstellungen\Anwendungsdaten\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=de&browserType=IE&toolbarVersion=5_7_3_1.xml
Directory.subfile.size=11092
Directory.subfile.md5=DFE1156D289BCE111E7C1EEA48E3EC78
Directory.subfile.filedate=1284707064
Directory.subfile.filedatetext=2010-09-17 09:04:24
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Search Assistant\ACMru
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1379574645-815484552-451258434-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cookie: [SBI $49804B54] Browser: Cookie (5) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (77) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (22) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (7) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (5) (Browser: History, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-05-16 blindman.exe (2.1.18.151)
2013-05-16 explorer.exe (2.1.18.177)
2013-05-16 SDBootCD.exe (2.1.18.109)
2013-05-16 SDCleaner.exe (2.1.18.110)
2013-05-16 SDDelFile.exe (2.1.18.94)
2013-05-16 SDFiles.exe (2.1.18.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2013-05-16 SDFSSvc.exe (2.1.18.208)
2013-05-16 SDHookHelper.exe (2.1.18.2)
2013-05-16 SDHookInst32.exe (2.1.18.2)
2013-05-16 SDImmunize.exe (2.1.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-05-16 SDOnAccess.exe (2.1.18.4)
2013-05-16 SDPESetup.exe (2.1.18.3)
2013-05-16 SDPEStart.exe (2.1.18.86)
2013-05-16 SDPhoneScan.exe (2.1.18.28)
2013-05-16 SDPRE.exe (2.1.18.22)
2013-05-16 SDPrepPos.exe (2.1.18.10)
2013-05-16 SDQuarantine.exe (2.1.18.103)
2013-05-16 SDRootAlyzer.exe (2.1.18.116)
2013-05-16 SDSBIEdit.exe (2.1.18.39)
2013-05-16 SDScan.exe (2.1.18.177)
2013-05-16 SDScript.exe (2.1.18.53)
2013-05-16 SDSettings.exe (2.1.18.136)
2013-05-16 SDShell.exe (2.1.18.2)
2013-05-16 SDShred.exe (2.1.18.107)
2013-05-16 SDSysRepair.exe (2.1.18.101)
2013-05-16 SDTools.exe (2.1.18.150)
2013-05-16 SDTray.exe (2.1.18.127)
2013-05-16 SDUpdate.exe (2.1.18.91)
2013-05-16 SDUpdSvc.exe (2.1.18.76)
2013-05-16 SDWelcome.exe (2.1.18.129)
2013-05-15 SDWSCSvc.exe (2.1.18.2)
2013-05-28 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-05-16 SDFileScanLibrary.dll (2.1.18.12)
2013-05-16 SDHook32.dll (2.1.18.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2012-12-18 Includes\Adware.sbi (*)
2013-06-04 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-06-06 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-06-04 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-05-08 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-06-04 Includes\TrojansC-03.sbi (*)
2013-03-14 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
|
|
14.06.2013, 19:23
| #2 |
| /// TB-Ausbilder   | Google lädt falsche Seiten in Firefox und IE Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen. |
|
14.06.2013, 19:27
| #3 |
| /// TB-Ausbilder | Google lädt falsche Seiten in Firefox und IE Servus,
__________________Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
[2013.05.27 21:20:03 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\aiyzpr.job
[2013.05.27 21:20:02 | 000,598,528 | RHS- | C] () -- C:\WINDOWS\System32\lmhsvcp.dll
:Commands
[resethosts]
[emptytemp]
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. Hast du immer noch Probleme mit falschen Seiten in FF und IE? Bitte poste mit deiner nächsten Antwort
|
|
14.06.2013, 19:59
| #4 |
| | Google lädt falsche Seiten in Firefox und IE Hallo Matthias, vielen Dank für die schnelle Antwort. Ich habe noch eine Frage zu der OTL.exe: Soll ich die angegebenen Einstellung wie Minimal-Ausgabe, LOP-Prüfung mit Haken versehen etc. nur beim reinen Scannen benutzen oder auch bei dem von dir vorgeschlagenen benutzerdefinierten Scan? |
|
15.06.2013, 13:35
| #5 | |
| /// TB-Ausbilder | Google lädt falsche Seiten in Firefox und IEZitat:
Beim Scan (Schritt 3) nur das machen, was ich schreibe, sonst nichts.  |
|
15.06.2013, 17:29
| #6 |
| | Google lädt falsche Seiten in Firefox und IE Beim Fixen mit OTL.exe bekam ich folgende Meldung: _____________ avgnt.exe hat ein Problem festgestellt und muss beendet werden. Problemsignatur AppName:avgnt.exe AppVersion: 13.6.0.1194 ModName: ccmsg.dll ModVer: 13.6.0.1274 offset: 0006cfc Infos über den Zustand von avgnt.exe zum Zeitpunkt als das Problem auftrat .... Die folgende Datei wird im Problembericht aufgenommen:[/I] C:\DOKUME~1\Gudrun\LOKALE~1\Temp\675b_appcompat.txt ------- Es kommt die Meldung, dass ein Neustart nötig ist, um die Dateien zu löschen. Da ich nun nicht weiß, ob diese Meldung, das von euch beschriebene Alarmschlagen der Anti Viren Software ist oder etwas anderes, möchte ich doch erst mal nachfragen. Deshalb meine Frage: Soll ich trotzdem den Neustart zulassen? (Diese Nachricht sende ich über einen geliehenen Laptop.) _______________________________ Inzwischen habe ich den Rechner mehrmals aus dem Standby-Modus geholt und nun ist er neugestartet. Soll ich den Bericht erst mal posten, da im Bericht u.a. steht: "Error, unable to create default HOSTS file" oder soll ich weiter die Punkte abarbeiten? Geändert von Runi (15.06.2013 um 18:28 Uhr) |
|
| Themen zu Google lädt falsche Seiten in Firefox und IE |
| antivir, bho, converter, desktop, error, falsche seiten bei google, fehler, firefox, flash player, google, helper.exe, hängen, installation, logfile, mozilla, msiinstaller, object, origin, pc normal, pixel, problem, refresh, registry, registry key, revo uninstaller, rückgängig, safer networking, scan, security, senden, starten, usb, user agent, windows, windows internet, windows xp |
Textbox. 
Hybrid-Darstellung
