| |
| |||||||
Log-Analyse und Auswertung: Spybot meldet: Win32.Downloader.gen - Maleware CWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.12.2013, 00:13
| #1 |
| |  Spybot meldet: Win32.Downloader.gen - Maleware C Hallo, Spybot meldet die im Titel genannte Maleware. Avira Free und Malewarebytes finden diese nicht. Ich kann keine Veränderung am Rechner feststellen. Bei googlen zum Thema bin ich auf Eure Seite gestoßen und möchte der Sache nun nachgehen. Der komplette Scan mit Avira Free hat zuletzt 0 Treffer ergeben, der Echtzeit-Scanner hat am früheren Abend jedoch was gefunden, hier die Logs: 1. Additional; 2. FRST; 3. GMER; 4. Malewarebytes; 5. Avira Free Vorab schon einmal danke! 1. AdditionalFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-12-2013
Ran by Admin at 2013-12-19 19:50:25
Running from C:\Firefox Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958)
1&1 Surf-Stick (Version: 1.0.0.2)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
AC3Filter 1.63b (Version: 1.63b)
Acer Arcade Deluxe (Version: 1.14.5018)
Acer Crystal Eye webcam (Version: 1.0.14)
Acer Crystal Eye webcam (Version: 5.7.29.500-1.0)
Acer GridVista (Version: 2.72.317)
Acer Mobility Center Plug-In (Version: 1.0.4301)
Acer ScreenSaver (Version: 1.21.20071207)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
Amazon MP3-Downloader 1.0.9
Anki
Apple Application Support (Version: 2.3.4)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 12.7.0.2390) <==== ATTENTION
ATI Catalyst Install Manager (Version: 3.0.664.0)
Avira Free Antivirus (Version: 14.0.2.286)
Avira SearchFree Toolbar (Version: 12.6.0.1900)
Bamboo Dock (Version: 4.0.0)
Bamboo Dock 3.3 (Version: 3.3)
Bass Audio Decoder (remove only)
Boxcryptor 2.0 (Version: 2.0.402.252)
Broadcom Gigabit Integrated Controller (Version: 10.15.10)
Camera RAW Plug-In for EPSON Creativity Suite (Version: 2.2.0.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Full Existing (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Full New (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Light (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Czech (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Danish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Dutch (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Finnish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization French (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization German (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Greek (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Hungarian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Italian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Japanese (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Korean (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Norwegian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Polish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Portuguese (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Russian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Spanish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Swedish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Thai (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Turkish (Version: 2008.0508.2151.37248)
CCC Help Chinese Standard (Version: 2008.0508.2150.37248)
CCC Help Chinese Traditional (Version: 2008.0508.2150.37248)
CCC Help Czech (Version: 2008.0508.2150.37248)
CCC Help Danish (Version: 2008.0508.2150.37248)
CCC Help Dutch (Version: 2008.0508.2150.37248)
CCC Help English (Version: 2008.0508.2150.37248)
CCC Help Finnish (Version: 2008.0508.2150.37248)
CCC Help French (Version: 2008.0508.2150.37248)
CCC Help German (Version: 2008.0508.2150.37248)
CCC Help Greek (Version: 2008.0508.2150.37248)
CCC Help Hungarian (Version: 2008.0508.2150.37248)
CCC Help Italian (Version: 2008.0508.2150.37248)
CCC Help Japanese (Version: 2008.0508.2150.37248)
CCC Help Korean (Version: 2008.0508.2150.37248)
CCC Help Norwegian (Version: 2008.0508.2150.37248)
CCC Help Polish (Version: 2008.0508.2150.37248)
CCC Help Portuguese (Version: 2008.0508.2150.37248)
CCC Help Russian (Version: 2008.0508.2150.37248)
CCC Help Spanish (Version: 2008.0508.2150.37248)
CCC Help Swedish (Version: 2008.0508.2150.37248)
CCC Help Thai (Version: 2008.0508.2150.37248)
CCC Help Turkish (Version: 2008.0508.2150.37248)
ccc-core-static (Version: 2008.0508.2151.37248)
ccc-utility (Version: 2008.0508.2151.37248)
CCleaner (Version: 4.08)
CD Audio Reader Filter (remove only)
DCoder Image Source (remove only)
DirectVobSub (remove only)
DivX-Setup (Version: 2.6.1.44)
DScaler 5 Mpeg Decoders
EaseUS Partition Master 9.2.2
ElsterFormular (Version: 14.4.20130909)
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.3.0.0)
EPSON Easy Photo Print (Version: 1.5.0.0)
EPSON File Manager (Version: 1.3.0.0)
EPSON Scan
EPSON Scan Assistant (Version: 1.10.00)
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
EPSON-Drucker-Software
ESET Online Scanner v3
f4 2012
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
FireJump (Version: 1.0.2.5)
Foxit Creator (Version: 3,0,2,0506)
Foxit PDF Editor (Version: 2.2.0.0205)
Foxit PDF IFilter (Version: 2.1.1.1503)
Free 3D Photo Maker version 2.0
Free FLV Converter V 6.92.0 (Version: 6.92.0.0)
Free Studio version 2013 (Version: 6.1.12.925)
Free Video to MP3 Converter version 5.0.28.827 (Version: 5.0.28.827)
Free YouTube Download version 3.2.11.812 (Version: 3.2.11.812)
Free YouTube to MP3 Converter version 3.12.8.717 (Version: 3.12.8.717)
FreeRIP 4.1.1 (Version: 4.1.1)
Gabest MPEG Splitter (remove only)
Google Chrome (Version: 31.0.1650.63)
Google Earth (Version: 5.1.7938.4346)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.22.3)
GPL Ghostscript 8.71
Haali Media Splitter
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2 (Version: 2.0.2)
Intel® Matrix Storage Manager
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java(TM) 6 Update 35 (Version: 6.0.350)
Launch Manager
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.10)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Image Composite Editor (Version: 1.3.5)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0822)
MONOGRAM AMR Splitter/Decoder (remove only)
MOV Player 1.0.1
Mozilla Firefox 11.0 (x86 de) (Version: 11.0)
Mozilla Thunderbird (3.1.6) (Version: 3.1.6 (de))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MyFreeCodec
NCH DE Toolbar (Version: 6.10.2.5)
No23 Recorder (Version: 2.1.0.3)
Nokia Connectivity Cable Driver (Version: 6.80.5.1)
OpenOffice.org 3.1 (Version: 3.1.9420)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Paint.NET v3.5.11 (Version: 3.61.0)
PandoraRecovery (Remove Only)
PHOTOfunSTUDIO 6.0 (Version: 6.00.135)
Picasa 3 (Version: 3.9)
Pinnacle TVCenter Pro
PowerProducer (Version: 4.1.2821)
QuickTime (Version: 7.74.80.86)
RealMedia (remove only)
Realtek High Definition Audio Driver (Version: 6.0.1.5470)
Revo Uninstaller 1.94 (Version: 1.94)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (Version: 3.55.01)
Samsung Kies (Version: 2.3.0.12035_16)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0)
Sentinel Protection Installer 7.2.2 (Version: 7.2.2)
SHOUTcast Source (remove only)
Similarity 1.1.0 (Version: 1.1.0)
Skins (Version: 2008.0508.2151.37248)
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.11 (Version: 6.11.102)
Spybot - Search & Destroy (Version: 1.6.2)
Super LoiLoScope WebShortcut (Version: 1.0.0)
Synaptics Pointing Device Driver (Version: 10.0.15.0)
Tinypic 3.18 (Version: Tinypic 3.18)
TreeSize Free V2.4 (Version: 2.4)
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 1.1.11 (Version: 1.1.11)
WDR RadioRecorder
WebTablet IE Plugin (Version: 1.1.0.5)
WebTablet Netscape Plugin (Version: 1.1.0.4)
Winbond CIR Drivers (Version: 7.60.1002)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Winload Toolbar (Version: )
WinRAR archiver
Yahoo! Toolbar
YTD Video Downloader 4.7.2 (Version: 4.7.2)
Zattoo4 4.0.5 (Version: 4.0.5)
Zoom Player (remove only)
==================== Restore Points =========================
==================== Hosts content: ==========================
2006-11-02 11:23 - 2010-01-29 19:34 - 00377782 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F3965DE-07AB-4512-9FB8-1EC6129ECEA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {209AC4DD-A31C-458F-AF5B-87EDEA8A27BC} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files\PC Beschleunigen\PCSUSD.exe
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {42B5C135-A18C-4040-B00F-B770309AA7C7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => C:\Program Files\Windows Defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4F080D81-EC90-4690-8946-3A725C871404} - System32\Tasks\{85125C2B-B683-495F-A717-C8BE4C7F6868} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/de/go/help.faq.installer?LastError=1601
Task: {662A469B-80FD-4D23-A956-B2A1BE6B8B00} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)
Task: {6C87FA89-24D7-4AD9-A3C3-5B68E36AC389} - System32\Tasks\Microsoft\Windows\RestartManager\{D6CA3FFF-2561-4ddc-A062-142F27973501} => C:\Windows\System32\RmClient.exe [2006-11-02] (Microsoft Corporation)
Task: {8991C7F1-55F2-4E06-A272-2265BF86FA3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {976A5FEF-9A3E-405A-ABF0-813B392966C9} - System32\Tasks\NCH Software\ExpressReminder => C:\Users\Guido\AppData\Roaming\NCH Software\Program Files\Express\express.exe [2012-11-18] (NCH Software)
Task: {A4C21FE3-82C6-4924-A36F-6E1C2BC1C107} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {C1B48E07-5F90-496E-8A3D-3285F91BE838} - System32\Tasks\NCH Software\ScribeDowngrade => C:\Users\Guido\AppData\Roaming\NCH Software\Program Files\Scribe\scribe.exe [2012-10-05] (NCH Software)
Task: {C1C280CE-86A3-4DB6-AD07-8AEE038EE3FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-22] (Google Inc.)
Task: {DD769FD6-D6F4-440D-B304-3AA167D7AA79} - System32\Tasks\{B9071283-9FC5-4588-9D88-9452394366F9} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F68CA666-231E-43ED-B37D-A9C71CB15C30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-22] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-12 00:53 - 2008-05-08 23:14 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2010-02-06 11:36 - 2009-12-12 15:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2010-03-24 11:52 - 2011-08-01 13:20 - 08617472 _____ () C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
2010-03-24 11:52 - 2011-08-02 11:15 - 00213504 _____ () C:\Program Files\Tobit Radio.fx\Client\rfx-client$.ger
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Guido\AppData\Roaming\Dropbox\bin\libcef.dll
2009-08-18 15:54 - 2009-08-18 15:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2009-08-19 10:28 - 2009-08-19 10:28 - 00139264 _____ () C:\Program Files\OpenOffice.org 3\Basis\program\NSLDAP32V50.dll
2009-04-16 13:03 - 2009-04-16 13:03 - 00166400 _____ () C:\Program Files\OpenOffice.org 3\Basis\program\libxslt.dll
2011-06-23 14:20 - 2011-06-23 14:20 - 00638560 ____N () C:\Program Files\Conduit\Community Alerts\Alert.dll
2013-11-16 16:28 - 2013-11-16 16:28 - 03363952 _____ () C:\Users\Guido\AppData\Local\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SYMTDI => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
==================== Faulty Device Manager Devices =============
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (12/19/2013 02:53:04 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Hr = 0x80070422).
Error: (12/19/2013 02:15:12 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{121A3D04-95C4-49BC-A2BF-08C5A64657CC}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/19/2013 02:14:54 PM) (Source: Application Hang) (User: )
Description: Programm SpybotSD.exe, Version 1.6.2.46 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 15a0
Anfangszeit: 01cefcb59f4c40cf
Zeitpunkt der Beendigung: 26
Error: (12/19/2013 00:59:59 PM) (Source: EventSystem) (User: )
Description: 80070005{121A3D04-95C4-49BC-A2BF-08C5A64657CC}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/19/2013 11:23:38 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Pen_Tablet.exe, Version 5.2.3.4, Zeitstempel 0x4c3cd8eb, fehlerhaftes Modul Pen_Tablet.exe, Version 5.2.3.4, Zeitstempel 0x4c3cd8eb, Ausnahmecode 0xc0000005, Fehleroffset 0x000481e3,
Prozess-ID 0xc70, Anwendungsstartzeit Pen_Tablet.exe0.
Error: (12/19/2013 11:19:24 AM) (Source: .NET Runtime) (User: )
Description: Application: Kies.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
Stack:
at System.Diagnostics.ProcessManager.OpenProcess(Int32, Int32, Boolean)
at System.Diagnostics.Process.GetProcessHandle(Int32, Boolean)
at System.Diagnostics.Process.OpenProcessHandle(Int32)
at System.Diagnostics.Process.get_Handle()
at Kies.App.CheckExistenceTrayAgent()
at Kies.App..ctor()
at Kies.App.Main()
Error: (12/19/2013 11:11:29 AM) (Source: Windows Search Service) (User: )
Description: Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (12/19/2013 11:11:23 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\LH0WUO84\ZZZZZZZZZZZZZZZZZZZZZ.ZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/19/2013 11:11:23 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\YZPHRV46\ZZZZZZZZZZZZZZZZZZZZZ.ZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/19/2013 11:11:23 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\M3YLWNA2\ZZZZZZZZZZZZZZZZZZZZZ.ZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (12/19/2013 00:59:35 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (12/19/2013 09:11:51 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/18/2013 06:04:03 PM) (Source: Service Control Manager) (User: )
Description: 30000AntiVirSchedulerService
Error: (12/18/2013 08:04:43 AM) (Source: DCOM) (User: )
Description: {CC957078-B838-47C4-A7CF-626E7A82FC58}
Error: (12/18/2013 08:04:13 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst%%1053
Error: (12/18/2013 08:04:00 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Media Player-Netzwerkfreigabedienst
Error: (12/18/2013 08:03:28 AM) (Source: Service Control Manager) (User: )
Description: Avira Browser-Schutz%%1053
Error: (12/18/2013 08:03:27 AM) (Source: Service Control Manager) (User: )
Description: 30000Avira Browser-Schutz
Error: (12/18/2013 08:02:08 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/17/2013 07:35:37 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Microsoft Office Sessions:
=========================
Error: (08/18/2012 08:20:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 58%
Total physical RAM: 3069.5 MB
Available physical RAM: 1261.12 MB
Total Pagefile: 6343.29 MB
Available Pagefile: 4065.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.1 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:68.45 GB) (Free:8.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:211.63 GB) (Free:16.84 GB) NTFS
Drive e: (APACER) (Removable) (Total:28.86 GB) (Free:10.27 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: BF6A0DB7)
Partition 1: (Not Active) - (Size=15 GB) - (Type=12)
Partition 2: (Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=212 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0C)
==================== End Of Log ============================
2. FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-12-2013
Ran by Admin (administrator) on GUIDO-PC on 19-12-2013 19:49:37
Running from C:\Firefox Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
() C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
() C:\Program Files\Bamboo Dock\BambooCore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Users\Admin\Downloads\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Tobit.Software) C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Dropbox, Inc.) C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Realtek Semiconductor Corp.) C:\Users\Guido\AppData\Local\temp\RtkBtMnt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
(Mozilla Corporation) C:\Users\Guido\AppData\Local\Mozilla Firefox\firefox.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2008-01-24] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712 2007-11-22] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2008-01-24] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WarReg_PopUp] - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [PLFSet] - rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
HKLM\...\Run: [UIExec] - C:\Program Files\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] ()
HKLM\...\Run: [BambooCore] - C:\Program Files\Bamboo Dock\BambooCore.exe [646232 2011-10-10] ()
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [EaseUS EPM tray] - C:\Users\Admin\Downloads\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1707472 2013-11-07] (APN)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2008-01-24] (Realtek Semiconductor Corp.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [4324120 2013-11-22] (Piriform Ltd)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\ACER\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\ACER\run_NB.exe [ 2007-08-21] ()
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (No File)
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
URLSearchHook: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
URLSearchHook: HKLM - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - No File
URLSearchHook: HKCU - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {D74A3892-F57E-480B-8501-3A03683A21BD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {DB9733F3-39C3-43BD-A7AA-278EFF59C77F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=8e284242-30a3-4c3c-b7f3-7774ec3caf3b&apn_sauid=4157D447-68F3-482C-A260-D87C26D2C9CF
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
Toolbar: HKLM - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKCU - Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - NCH DE Toolbar - {B106B661-3E1B-4015-AF5C-195E909F35C6} - C:\Program Files\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\user.js
FF DefaultSearchEngine: NCH DE Customized Web Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: www.ecosia.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: FireJump - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\firejump@firejump.net
FF Extension: BrowseToolE0191 Community Toolbar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
FF Extension: Yahoo! Toolbar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: NCH DE - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
FF Extension: Ecosia (eco-friendly search engine) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
FF Extension: preisspion.de - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\finder@meingutscheincode.de.xpi
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: Ask Toolbar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\toolbar_SGT-V7@apn.ask.com.xpi
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\extensions\firejump@firejump.net
FF Extension: FireJump - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\extensions\firejump@firejump.net
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0
CHR Extension: (Skype Click to Call) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM\...\Chrome\Extension: [ommhmgednjnodcljhlljkaiidghdmikk] - C:\Users\Admin\AppData\Local\CRE\ommhmgednjnodcljhlljkaiidghdmikk.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-11-07] (APN LLC.)
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] ()
R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3673944 2011-11-18] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
S3 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2013-03-07] ()
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 mod7700; C:\Windows\System32\Drivers\mod7700.sys [596352 2008-06-11] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-10-19] (DiBcom S.A.)
U0 recvtk; C:\Windows\System32\drivers\igakf.sys [54016 2013-12-19] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-17] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2008-01-24] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)
U3 al53qzg5; C:\Windows\System32\Drivers\al53qzg5.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-19 19:48 - 2013-12-19 19:48 - 00000000 ____D C:\FRST
2013-12-19 19:40 - 2013-12-19 19:46 - 00001011 _____ C:\Users\Admin\Desktop\Continue Mipony Download Accelerator Installation.lnk
2013-12-19 12:58 - 2013-12-19 12:58 - 00054016 _____ C:\Windows\system32\Drivers\igakf.sys
2013-12-19 11:04 - 2013-12-19 11:04 - 00000000 ____D C:\Users\Admin\AppData\Local\AskPartnerNetwork
2013-12-18 14:14 - 2013-12-19 10:49 - 00009352 _____ C:\Users\Guido\Desktop\Zugangsdaten.odt
2013-12-17 21:26 - 2013-12-18 14:15 - 00008799 _____ C:\Users\Guido\Desktop\Silvester Liederliste.odt
2013-12-15 13:57 - 2013-12-15 13:58 - 555514226 _____ C:\Users\Guido\Desktop\Pascal Schumacher Quartet live - XIX Festiwal Jazz na Starówce 2013.mp4
2013-12-13 08:10 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 08:10 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 08:10 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-13 08:10 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 08:10 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-13 08:10 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-13 08:10 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 08:10 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-13 08:10 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 08:10 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-13 08:10 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 08:10 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 08:09 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 08:09 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 08:09 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 08:09 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 08:56 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 08:56 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 08:56 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 08:56 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 08:56 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 08:56 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 08:56 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 08:56 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-12 08:56 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 08:56 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-08 13:51 - 2013-12-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-02 09:04 - 2013-12-02 09:04 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-11-29 10:16 - 2013-12-06 10:16 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-29 10:16 - 2013-11-29 10:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-27 11:39 - 2013-11-27 11:39 - 00008988 _____ C:\Users\Guido\Desktop\Adecco.odt
2013-11-24 10:32 - 2013-11-24 10:40 - 00000000 ____D C:\Users\Guido\Desktop\Boney M
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-22 12:39 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-22 12:38 - 2013-11-22 12:38 - 00004874 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-11-22 12:38 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-22 12:38 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-22 12:38 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
==================== One Month Modified Files and Folders =======
2013-12-19 19:48 - 2013-12-19 19:48 - 00000000 ____D C:\FRST
2013-12-19 19:46 - 2013-12-19 19:40 - 00001011 _____ C:\Users\Admin\Desktop\Continue Mipony Download Accelerator Installation.lnk
2013-12-19 19:12 - 2012-04-04 12:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-19 19:12 - 2010-02-22 09:15 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-19 18:26 - 2012-10-10 14:31 - 01499916 _____ C:\Windows\WindowsUpdate.log
2013-12-19 15:12 - 2006-11-02 13:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-19 15:12 - 2006-11-02 13:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-19 13:32 - 2010-01-29 18:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-19 13:27 - 2010-02-22 09:15 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-19 12:58 - 2013-12-19 12:58 - 00054016 _____ C:\Windows\system32\Drivers\igakf.sys
2013-12-19 12:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Speech
2013-12-19 12:57 - 2013-08-28 13:31 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-12-19 12:18 - 2011-01-03 18:04 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-12-19 11:09 - 2010-01-14 21:17 - 00000000 ____D C:\Program Files\CCleaner
2013-12-19 11:07 - 2010-01-14 16:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-19 11:04 - 2013-12-19 11:04 - 00000000 ____D C:\Users\Admin\AppData\Local\AskPartnerNetwork
2013-12-19 10:49 - 2013-12-18 14:14 - 00009352 _____ C:\Users\Guido\Desktop\Zugangsdaten.odt
2013-12-19 10:21 - 2010-01-14 17:19 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Skype
2013-12-19 10:13 - 2008-01-21 08:16 - 00006626 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-19 09:22 - 2011-07-28 10:50 - 00000000 ___RD C:\Users\Guido\Dropbox
2013-12-19 09:22 - 2011-07-28 10:48 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Dropbox
2013-12-19 09:19 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-19 09:11 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-18 21:56 - 2006-11-02 14:01 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-18 21:50 - 2013-05-01 14:10 - 00000000 ____D C:\Users\Guido\Documents\Anki
2013-12-18 14:15 - 2013-12-17 21:26 - 00008799 _____ C:\Users\Guido\Desktop\Silvester Liederliste.odt
2013-12-17 18:56 - 2010-04-29 16:25 - 00017408 _____ C:\Users\Guido\AppData\Local\WebpageIcons.db
2013-12-17 13:42 - 2013-08-05 14:21 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 13:42 - 2013-08-05 14:21 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-16 03:00 - 2010-02-19 19:05 - 00007620 _____ C:\Users\Guido\AppData\Local\d3d9caps.dat
2013-12-15 13:58 - 2013-12-15 13:57 - 555514226 _____ C:\Users\Guido\Desktop\Pascal Schumacher Quartet live - XIX Festiwal Jazz na Starówce 2013.mp4
2013-12-13 08:23 - 2010-01-11 15:58 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-13 08:20 - 2008-03-25 15:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-13 08:16 - 2013-08-02 15:12 - 00000000 ____D C:\Windows\system32\MRT
2013-12-13 08:12 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-11 19:12 - 2012-04-04 12:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 19:12 - 2011-05-20 07:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 18:54 - 2010-01-14 17:35 - 00000000 ____D C:\Program Files\Google
2013-12-09 16:07 - 2011-07-14 16:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Foxit Software
2013-12-08 13:53 - 2010-01-14 15:34 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Adobe
2013-12-08 13:52 - 2010-03-24 16:05 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-12-08 13:51 - 2013-12-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-08 13:51 - 2010-12-20 23:17 - 00000000 ____D C:\Program Files\Adobe
2013-12-08 13:51 - 2008-03-25 15:09 - 00000000 ____D C:\ProgramData\Adobe
2013-12-07 17:32 - 2013-10-13 16:54 - 00000000 ____D C:\Users\Guido\Desktop\Webseite
2013-12-07 17:23 - 2013-09-24 13:21 - 00000000 ____D C:\Users\Guido\AppData\Local\Paint.NET
2013-12-06 10:16 - 2013-11-29 10:16 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-12-04 13:05 - 2011-07-08 09:38 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Foxit Software
2013-12-02 12:38 - 2010-01-14 17:19 - 00000000 ___RD C:\Program Files\Skype
2013-12-02 12:38 - 2010-01-14 17:19 - 00000000 ____D C:\ProgramData\Skype
2013-12-02 09:04 - 2013-12-02 09:04 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-02 08:34 - 2012-05-13 15:16 - 00000000 ____D C:\Users\Guido\Documents\SelfMV
2013-11-30 18:45 - 2013-08-05 14:21 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-29 10:35 - 2013-11-02 14:43 - 00007934 _____ C:\Users\Guido\Desktop\Wohnungsanzeigen.odt
2013-11-29 10:16 - 2013-11-29 10:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-27 11:39 - 2013-11-27 11:39 - 00008988 _____ C:\Users\Guido\Desktop\Adecco.odt
2013-11-24 10:40 - 2013-11-24 10:32 - 00000000 ____D C:\Users\Guido\Desktop\Boney M
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-22 12:38 - 2013-11-22 12:38 - 00004874 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-11-22 12:38 - 2010-01-14 17:00 - 00000000 ____D C:\Program Files\Java
2013-11-19 18:12 - 2013-11-01 14:32 - 00025065 _____ C:\Users\Guido\Desktop\Wohnungsanschreiben.odt
2013-11-19 03:33 - 2010-01-15 09:31 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Files to move or delete:
====================
C:\Users\Admin\BackupResult.DAT
C:\Users\Admin\HiJackThis204.exe
C:\Users\Admin\SCHDLR.DAT
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\temp\avgnt.exe
C:\Users\Admin\AppData\Local\temp\ICReinstall_DownloadAcceleratorSetup.exe
C:\Users\Admin\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Gast\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Guido\AppData\Local\temp\avgnt.exe
C:\Users\Guido\AppData\Local\temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-19 09:25
==================== End Of Log ============================
3. GMER GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-19 20:21:07
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fwdoqpob.sys
---- System - GMER 2.1 ----
SSDT 8F887936 ZwCreateSection
SSDT 8F887940 ZwRequestWaitReplyPort
SSDT 8F88793B ZwSetContextThread
SSDT 8F887945 ZwSetSecurityObject
SSDT 8F88794A ZwSystemDebugControl
SSDT 8F8878D7 ZwTerminateProcess
INT 0x52 ? 875AECD0
INT 0x62 ? 875AECD0
INT 0x72 ? 85371BF8
INT 0x82 ? 85371BF8
INT 0x92 ? 85375BF8
INT 0xA3 ? 875AECD0
INT 0xB0 ? 90B6BCD0
INT 0xB2 ? 875AECD0
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 828C8860 4 Bytes [36, 79, 88, 8F]
.text ntkrnlpa.exe!KeSetEvent + 539 828C8B84 4 Bytes [40, 79, 88, 8F]
.text ntkrnlpa.exe!KeSetEvent + 56D 828C8BB8 4 Bytes [3B, 79, 88, 8F]
.text ntkrnlpa.exe!KeSetEvent + 5D1 828C8C1C 4 Bytes [45, 79, 88, 8F]
.text ntkrnlpa.exe!KeSetEvent + 619 828C8C64 4 Bytes [4A, 79, 88, 8F]
.text ...
? System32\Drivers\spsm.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC04000, 0x1FB95A, 0xE8000020]
C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl entry point in "" section [0xA351A000]
.clc C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl unknown last section [0xA351B000, 0x1000, 0x00000000]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe[2212] kernel32.dll!SetUnhandledExceptionFilter 7602A8B5 5 Bytes JMP 00641870 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] ADVAPI32.dll!RegSetValueExA 75BB3BEC 7 Bytes JMP 10162050 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] ADVAPI32.dll!RegSetValueExW 75BC3D5A 7 Bytes JMP 10162110 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] ADVAPI32.dll!RegSetValueW 75BDB3E4 5 Bytes JMP 10161F90 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] ADVAPI32.dll!RegSetValueA 75C15811 5 Bytes JMP 10161ED0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!CreateDialogParamW 770472A2 5 Bytes JMP 101622E0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!EnableWindow 7704CD8B 5 Bytes JMP 68019ECC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!TrackPopupMenu 770614F3 5 Bytes JMP 101615C0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!CreateDialogParamA 770617AA 5 Bytes JMP 10162460 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!TrackPopupMenuEx 77070CE7 5 Bytes JMP 10161720 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxParamW 770710B0 5 Bytes JMP 10162640 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxIndirectParamW 77072EF5 5 Bytes JMP 6816915E C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxParamA 77088152 5 Bytes JMP 10162550 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxIndirectParamA 7708847D 5 Bytes JMP 681691C3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxIndirectA 7709D4D9 5 Bytes JMP 68169080 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxIndirectW 7709D5D3 5 Bytes JMP 68169007 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxExA 7709D639 5 Bytes JMP 68168FA3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxExW 7709D65D 5 Bytes JMP 68168F3F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxA 7709D681 5 Bytes JMP 101627C0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxW 7709D6CF 5 Bytes JMP 101628A0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!SetScrollRange 7704D185 5 Bytes JMP 1006DE70 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!DefWindowProcA 7704DB88 7 Bytes JMP 10036120 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!GetSysColorBrush 7704E21C 5 Bytes JMP 100604D0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!GetScrollInfo 7704F073 7 Bytes JMP 1006DD40 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!ShowScrollBar 7704F8AE 5 Bytes JMP 1006DEC0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!SetScrollInfo 770571D8 7 Bytes JMP 1006DDF0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!GetSysColor 77059BF6 5 Bytes JMP 10060490 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!DrawFrameControl 7706676D 7 Bytes JMP 1005E040 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!EnableScrollBar 7706AF53 7 Bytes JMP 1006DD00 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!EndDialog 7707326E 5 Bytes JMP 10036100 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!GetScrollPos 7707337D 5 Bytes JMP 1006DD80 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!GetScrollRange 770734A5 5 Bytes JMP 1006DDB0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!SetScrollPos 77073602 5 Bytes JMP 1006DE30 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] kernel32.dll!CreateThread 7604CB0E 5 Bytes JMP 67FD75CB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!CreateDialogParamW 770472A2 5 Bytes JMP 0AD722E0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!SetWindowsHookExW 770487AD 5 Bytes JMP 680125C4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!CallNextHookEx 77048E3B 5 Bytes JMP 6803800F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!UnhookWindowsHookEx 770498DB 5 Bytes JMP 6805ED18 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!EnableWindow 7704CD8B 5 Bytes JMP 68019ECC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DefWindowProcA 7704DB88 3 Bytes JMP 67FD97F5 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DefWindowProcA + 4 7704DB8C 3 Bytes [F0, CC, CC] {INT 3 ; INT 3 }
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!CreateWindowExA 7704DC2A 5 Bytes JMP 67FE362B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!CreateWindowExW 77051305 5 Bytes JMP 680403FF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DefWindowProcW 770603B4 7 Bytes JMP 68038072 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!TrackPopupMenu 770614F3 5 Bytes JMP 0AD715C0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!CreateDialogParamA 770617AA 5 Bytes JMP 0AD72460 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!TrackPopupMenuEx 77070CE7 5 Bytes JMP 0AD71720 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DialogBoxParamW 770710B0 5 Bytes JMP 0AD72640 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DialogBoxIndirectParamW 77072EF5 5 Bytes JMP 6816915E C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DialogBoxParamA 77088152 5 Bytes JMP 0AD72550 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DialogBoxIndirectParamA 7708847D 5 Bytes JMP 681691C3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!MessageBoxIndirectA 7709D4D9 5 Bytes JMP 68169080 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!MessageBoxIndirectW 7709D5D3 5 Bytes JMP 68169007 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!MessageBoxExA 7709D639 5 Bytes JMP 68168FA3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!MessageBoxExW 7709D65D 5 Bytes JMP 68168F3F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!MessageBoxA 7709D681 5 Bytes JMP 0AD727C0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!MessageBoxW 7709D6CF 5 Bytes JMP 0AD728A0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] ole32.dll!OleLoadFromStream 75A61E80 5 Bytes JMP 68169937 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] kernel32.dll!CreateThread 7604CB0E 5 Bytes JMP 67FD75CB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!CreateDialogParamW 770472A2 5 Bytes JMP 095C22E0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!SetWindowsHookExW 770487AD 5 Bytes JMP 680125C4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!CallNextHookEx 77048E3B 5 Bytes JMP 6803800F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!UnhookWindowsHookEx 770498DB 5 Bytes JMP 6805ED18 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!EnableWindow 7704CD8B 5 Bytes JMP 68019ECC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DefWindowProcA 7704DB88 3 Bytes JMP 67FD97F5 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DefWindowProcA + 4 7704DB8C 3 Bytes [F0, CC, CC] {INT 3 ; INT 3 }
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!CreateWindowExA 7704DC2A 5 Bytes JMP 67FE362B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!CreateWindowExW 77051305 5 Bytes JMP 680403FF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DefWindowProcW 770603B4 7 Bytes JMP 68038072 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!TrackPopupMenu 770614F3 5 Bytes JMP 095C15C0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!CreateDialogParamA 770617AA 5 Bytes JMP 095C2460 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!TrackPopupMenuEx 77070CE7 5 Bytes JMP 095C1720 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DialogBoxParamW 770710B0 5 Bytes JMP 095C2640 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DialogBoxIndirectParamW 77072EF5 5 Bytes JMP 6816915E C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DialogBoxParamA 77088152 5 Bytes JMP 095C2550 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DialogBoxIndirectParamA 7708847D 5 Bytes JMP 681691C3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!MessageBoxIndirectA 7709D4D9 5 Bytes JMP 68169080 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!MessageBoxIndirectW 7709D5D3 5 Bytes JMP 68169007 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!MessageBoxExA 7709D639 5 Bytes JMP 68168FA3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!MessageBoxExW 7709D65D 5 Bytes JMP 68168F3F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!MessageBoxA 7709D681 5 Bytes JMP 095C27C0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!MessageBoxW 7709D6CF 5 Bytes JMP 095C28A0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] ole32.dll!OleLoadFromStream 75A61E80 5 Bytes JMP 68169937 C:\Windows\system32\IEFRAME.dll
.text C:\Users\Guido\AppData\Local\Mozilla Firefox\firefox.exe[7080] ntdll.dll!LdrLoadDll 76EA9378 5 Bytes JMP 5558E210 C:\Users\Guido\AppData\Local\Mozilla Firefox\xul.dll
.text C:\Users\Guido\AppData\Local\Mozilla Firefox\firefox.exe[7080] kernel32.dll!HeapSetInformation + 26 7602A8B0 7 Bytes JMP 55592C10 C:\Users\Guido\AppData\Local\Mozilla Firefox\xul.dll
.text C:\Users\Guido\AppData\Local\Mozilla Firefox\firefox.exe[7080] kernel32.dll!LockResource + C 76046ACB 7 Bytes JMP 55D522AA C:\Users\Guido\AppData\Local\Mozilla Firefox\xul.dll
.text C:\Users\Guido\AppData\Local\Mozilla Firefox\firefox.exe[7080] kernel32.dll!VirtualAllocEx + 54 7604AF50 7 Bytes JMP 55D522CD C:\Users\Guido\AppData\Local\Mozilla Firefox\xul.dll
.text C:\Users\Guido\AppData\Local\Mozilla Firefox\firefox.exe[7080] GDI32.dll!SetStretchBltMode + 256 75C6745C 7 Bytes JMP 55D5222B C:\Users\Guido\AppData\Local\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs 853771F8
Device \FileSystem\fastfat \FatCdrom 85AF5500
Device \Driver\netbt \Device\NetBT_Tcpip_{D9164FCC-8A83-403C-87EE-36B52E47082B} 8A35E500
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\volmgr \Device\VolMgrControl 853731F8
Device \Driver\usbuhci \Device\USBPDO-0 876101F8
Device \Driver\usbuhci \Device\USBPDO-1 876101F8
Device \Driver\sptd \Device\3813547644 spsm.sys
Device \Driver\usbehci \Device\USBPDO-2 876141F8
Device \Driver\usbuhci \Device\USBPDO-3 876101F8
Device \Driver\usbuhci \Device\USBPDO-4 876101F8
Device \Driver\usbuhci \Device\USBPDO-5 876101F8
Device \Driver\usbehci \Device\USBPDO-6 876141F8
Device \Driver\volmgr \Device\HarddiskVolume1 853731F8
Device \Driver\volmgr \Device\HarddiskVolume2 853731F8
Device \Driver\cdrom \Device\CdRom0 876481F8
Device \Driver\volmgr \Device\HarddiskVolume3 853731F8
Device \Driver\cdrom \Device\CdRom1 876481F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 853761F8
Device \Driver\iaStor \Device\Ide\iaStor0 [8AACA580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 853761F8
Device \Driver\atapi \Device\Ide\IdePort1 853761F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8AACA580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\USBSTOR \Device\000000b1 85C3E500
Device \Driver\USBSTOR \Device\000000b2 85C3E500
Device \Driver\volmgr \Device\HarddiskVolume4 853731F8
Device \Driver\volmgr \Device\HarddiskVolume5 853731F8
Device \Driver\PCI_PNP3630 \Device\00000081 spsm.sys
Device \Driver\netbt \Device\NetBt_Wins_Export 8A35E500
Device \Driver\netbt \Device\NetBT_Tcpip_{54C50031-D5E3-4E0D-B5E7-560B76AB4CD0} 8A35E500
Device \Driver\Smb \Device\NetbiosSmb 8A3532A0
Device \Driver\iScsiPrt \Device\RaidPort0 876A51F8
Device \Driver\usbuhci \Device\USBFDO-0 876101F8
Device \Driver\usbuhci \Device\USBFDO-1 876101F8
Device \Driver\usbehci \Device\USBFDO-2 876141F8
Device \Driver\usbuhci \Device\USBFDO-3 876101F8
Device \Driver\usbuhci \Device\USBFDO-4 876101F8
Device \Driver\usbuhci \Device\USBFDO-5 876101F8
Device \Driver\usbehci \Device\USBFDO-6 876141F8
Device \Driver\al53qzg5 \Device\Scsi\al53qzg51 876491F8
Device \Driver\al53qzg5 \Device\Scsi\al53qzg51Port4Path0Target0Lun0 876491F8
Device \FileSystem\fastfat \Fat 85AF5500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
Device \FileSystem\cdfs \Cdfs 8598A1F8
---- Trace I/O - GMER 2.1 ----
Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spsm.sys >>UNKNOWN [0x85ce2938]<< 85ce2938
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868f8ac8] 868f8ac8
Trace 3 CLASSPNP.SYS[8b1a38b3] -> nt!IofCallDriver -> [0x85dbc700] 85dbc700
Trace 5 acpi.sys[82fbc6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85dc6028] 85dc6028
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3D 0x27 0x30 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0x06 0x22 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4A 0x2A 0x53 0xB2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3D 0x27 0x30 0x62 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0x06 0x22 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4A 0x2A 0x53 0xB2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
4. Malewarebytes Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.19.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: GUIDO-PC [Administrator] 19.12.2013 12:43:09 mbam-log-2013-12-19 (12-43-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 313700 Laufzeit: 12 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 6 C:\Users\Admin\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\97BC2FA91E9046EEACF44C263AACDADE (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\E36ACFF993CE41E895088E601386BA8D (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\E9707EFC9E7646D2A42F1EE53917746A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\EAB0D2D68EEE453691B9ED905D1F5BB4 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\F2E0EC9E667F49358F74F8E04454C7BB (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 10 C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Löschen bei Neustart. C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\F2E0EC9E667F49358F74F8E04454C7BB\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\97BC2FA91E9046EEACF44C263AACDADE\speedupmypcDE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\E36ACFF993CE41E895088E601386BA8D\PCSU_SL_3.1.2.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\E9707EFC9E7646D2A42F1EE53917746A\speedupmypcDE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\EAB0D2D68EEE453691B9ED905D1F5BB4\speedupmypcDE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\F2E0EC9E667F49358F74F8E04454C7BB\5472.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\F2E0EC9E667F49358F74F8E04454C7BB\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\F2E0EC9E667F49358F74F8E04454C7BB\OCBrowserHelper_1.0.6.125.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 5. Avira 19:50 Uhr Echtzeit-Scanner In der Datei 'C:\Program Files\Conduit\Community Alerts\Alert.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 23:50 Uhr Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 669014 Anzahl Verzeichnisse: 36372 Anzahl Malware: 0 Anzahl Warnungen: 0 Geändert von MaraMara (20.12.2013 um 00:31 Uhr) |
|
20.12.2013, 08:15
| #2 |
| /// the machine /// TB-Ausbilder    | Spybot meldet: Win32.Downloader.gen - Maleware C hi,
__________________Scan mit Combofix
__________________ |
|
20.12.2013, 09:27
| #3 |
| | Spybot meldet: Win32.Downloader.gen - Maleware C Hi,
__________________das ging schnell, danke! Hier das Log von Combofix: <code>Combofix Logfile: Code:
ATTFilter ComboFix 13-12-18.01 - Admin 20.12.2013 9:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1476 [GMT 1:00]
ausgeführt von:: c:\users\Guido\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files\c
c:\program files\c\gs8.71\bin\gsdll32.dll
c:\program files\c\gs8.71\bin\gsdll32.lib
c:\program files\c\gs8.71\bin\gswin32.exe
c:\program files\c\gs8.71\bin\gswin32c.exe
c:\program files\c\gs8.71\doc\API.htm
c:\program files\c\gs8.71\doc\AUTHORS
c:\program files\c\gs8.71\doc\C-style.htm
c:\program files\c\gs8.71\doc\Changes.htm
c:\program files\c\gs8.71\doc\Color_Architecture.pdf
c:\program files\c\gs8.71\doc\Color_Architecture.tex
c:\program files\c\gs8.71\doc\Commprod.htm
c:\program files\c\gs8.71\doc\COPYING
c:\program files\c\gs8.71\doc\Deprecated.htm
c:\program files\c\gs8.71\doc\Details.htm
c:\program files\c\gs8.71\doc\Details8.htm
c:\program files\c\gs8.71\doc\Develop.htm
c:\program files\c\gs8.71\doc\Devices.htm
c:\program files\c\gs8.71\doc\DLL.htm
c:\program files\c\gs8.71\doc\Drivers.htm
c:\program files\c\gs8.71\doc\figures\Ghost.eps
c:\program files\c\gs8.71\doc\figures\Overview.eps
c:\program files\c\gs8.71\doc\figures\PDF_Render.eps
c:\program files\c\gs8.71\doc\figures\PDF_Spec.eps
c:\program files\c\gs8.71\doc\figures\PS_Render.eps
c:\program files\c\gs8.71\doc\figures\PS_Spec.eps
c:\program files\c\gs8.71\doc\figures\XPS_DeviceN.eps
c:\program files\c\gs8.71\doc\figures\XPS_Integer_Gray_RGB_Image.eps
c:\program files\c\gs8.71\doc\figures\XPS_Render.eps
c:\program files\c\gs8.71\doc\figures\XPS_RGB_Image_Float.eps
c:\program files\c\gs8.71\doc\figures\XPS_Vector_Color.eps
c:\program files\c\gs8.71\doc\Fonts.htm
c:\program files\c\gs8.71\doc\gs-vms.hlp
c:\program files\c\gs8.71\doc\gs.css
c:\program files\c\gs8.71\doc\gsdoc.el
c:\program files\c\gs8.71\doc\Helpers.htm
c:\program files\c\gs8.71\doc\Hershey.htm
c:\program files\c\gs8.71\doc\History1.htm
c:\program files\c\gs8.71\doc\History2.htm
c:\program files\c\gs8.71\doc\History3.htm
c:\program files\c\gs8.71\doc\History4.htm
c:\program files\c\gs8.71\doc\History5.htm
c:\program files\c\gs8.71\doc\History6.htm
c:\program files\c\gs8.71\doc\History7.htm
c:\program files\c\gs8.71\doc\History8.htm
c:\program files\c\gs8.71\doc\index.html
c:\program files\c\gs8.71\doc\Install.htm
c:\program files\c\gs8.71\doc\Issues.htm
c:\program files\c\gs8.71\doc\Language.htm
c:\program files\c\gs8.71\doc\Lib.htm
c:\program files\c\gs8.71\doc\Make.htm
c:\program files\c\gs8.71\doc\News.htm
c:\program files\c\gs8.71\doc\Projects.htm
c:\program files\c\gs8.71\doc\Ps-style.htm
c:\program files\c\gs8.71\doc\Ps2epsi.htm
c:\program files\c\gs8.71\doc\Ps2pdf.htm
c:\program files\c\gs8.71\doc\Ps2ps2.htm
c:\program files\c\gs8.71\doc\pscet_status.txt
c:\program files\c\gs8.71\doc\Psfiles.htm
c:\program files\c\gs8.71\doc\Readme.htm
c:\program files\c\gs8.71\doc\Release.htm
c:\program files\c\gs8.71\doc\Source.htm
c:\program files\c\gs8.71\doc\Unix-lpr.htm
c:\program files\c\gs8.71\doc\Use.htm
c:\program files\c\gs8.71\doc\Xfonts.htm
c:\program files\c\gs8.71\examples\alphabet.ps
c:\program files\c\gs8.71\examples\annots.pdf
c:\program files\c\gs8.71\examples\chess.ps
c:\program files\c\gs8.71\examples\cjk\all_ac1.ps
c:\program files\c\gs8.71\examples\cjk\all_ag1.ps
c:\program files\c\gs8.71\examples\cjk\all_aj1.ps
c:\program files\c\gs8.71\examples\cjk\all_aj2.ps
c:\program files\c\gs8.71\examples\cjk\all_ak1.ps
c:\program files\c\gs8.71\examples\cjk\article9.ps
c:\program files\c\gs8.71\examples\cjk\gscjk_ac.ps
c:\program files\c\gs8.71\examples\cjk\gscjk_ag.ps
c:\program files\c\gs8.71\examples\cjk\gscjk_aj.ps
c:\program files\c\gs8.71\examples\cjk\gscjk_ak.ps
c:\program files\c\gs8.71\examples\cjk\iso2022.ps
c:\program files\c\gs8.71\examples\cjk\iso2022v.ps
c:\program files\c\gs8.71\examples\colorcir.ps
c:\program files\c\gs8.71\examples\doretree.ps
c:\program files\c\gs8.71\examples\escher.ps
c:\program files\c\gs8.71\examples\golfer.eps
c:\program files\c\gs8.71\examples\grayalph.ps
c:\program files\c\gs8.71\examples\ridt91.eps
c:\program files\c\gs8.71\examples\snowflak.ps
c:\program files\c\gs8.71\examples\tiger.eps
c:\program files\c\gs8.71\examples\vasarely.ps
c:\program files\c\gs8.71\examples\waterfal.ps
c:\program files\c\gs8.71\lib\acctest.ps
c:\program files\c\gs8.71\lib\addxchar.ps
c:\program files\c\gs8.71\lib\afmdiff.awk
c:\program files\c\gs8.71\lib\align.ps
c:\program files\c\gs8.71\lib\bdftops
c:\program files\c\gs8.71\lib\bdftops.bat
c:\program files\c\gs8.71\lib\bdftops.cmd
c:\program files\c\gs8.71\lib\bdftops.ps
c:\program files\c\gs8.71\lib\bj8.rpd
c:\program files\c\gs8.71\lib\bj8gc12f.upp
c:\program files\c\gs8.71\lib\bj8hg12f.upp
c:\program files\c\gs8.71\lib\bj8oh06n.upp
c:\program files\c\gs8.71\lib\bj8pa06n.upp
c:\program files\c\gs8.71\lib\bj8pp12f.upp
c:\program files\c\gs8.71\lib\bj8ts06n.upp
c:\program files\c\gs8.71\lib\bjc610a0.upp
c:\program files\c\gs8.71\lib\bjc610a1.upp
c:\program files\c\gs8.71\lib\bjc610a2.upp
c:\program files\c\gs8.71\lib\bjc610a3.upp
c:\program files\c\gs8.71\lib\bjc610a4.upp
c:\program files\c\gs8.71\lib\bjc610a5.upp
c:\program files\c\gs8.71\lib\bjc610a6.upp
c:\program files\c\gs8.71\lib\bjc610a7.upp
c:\program files\c\gs8.71\lib\bjc610a8.upp
c:\program files\c\gs8.71\lib\bjc610b1.upp
c:\program files\c\gs8.71\lib\bjc610b2.upp
c:\program files\c\gs8.71\lib\bjc610b3.upp
c:\program files\c\gs8.71\lib\bjc610b4.upp
c:\program files\c\gs8.71\lib\bjc610b6.upp
c:\program files\c\gs8.71\lib\bjc610b7.upp
c:\program files\c\gs8.71\lib\bjc610b8.upp
c:\program files\c\gs8.71\lib\caption.ps
c:\program files\c\gs8.71\lib\cat.ps
c:\program files\c\gs8.71\lib\cbjc600.ppd
c:\program files\c\gs8.71\lib\cbjc800.ppd
c:\program files\c\gs8.71\lib\cdj550.upp
c:\program files\c\gs8.71\lib\cdj690.upp
c:\program files\c\gs8.71\lib\cdj690ec.upp
c:\program files\c\gs8.71\lib\cid2code.ps
c:\program files\c\gs8.71\lib\decrypt.ps
c:\program files\c\gs8.71\lib\dnj750c.upp
c:\program files\c\gs8.71\lib\dnj750m.upp
c:\program files\c\gs8.71\lib\docie.ps
c:\program files\c\gs8.71\lib\dumphint
c:\program files\c\gs8.71\lib\dumphint.bat
c:\program files\c\gs8.71\lib\dumphint.ps
c:\program files\c\gs8.71\lib\dvipdf
c:\program files\c\gs8.71\lib\EndOfTask.ps
c:\program files\c\gs8.71\lib\eps2eps
c:\program files\c\gs8.71\lib\eps2eps.bat
c:\program files\c\gs8.71\lib\eps2eps.cmd
c:\program files\c\gs8.71\lib\FAPIcidfmap
c:\program files\c\gs8.71\lib\FAPIconfig-FCO
c:\program files\c\gs8.71\lib\FAPIconfig
c:\program files\c\gs8.71\lib\FAPIfontmap
c:\program files\c\gs8.71\lib\FCOfontmap-PCLPS3
c:\program files\c\gs8.71\lib\FCOfontmap-PS3
c:\program files\c\gs8.71\lib\fixmswrd.pl
c:\program files\c\gs8.71\lib\font2c
c:\program files\c\gs8.71\lib\font2c.bat
c:\program files\c\gs8.71\lib\font2c.cmd
c:\program files\c\gs8.71\lib\font2c.ps
c:\program files\c\gs8.71\lib\font2pcl.ps
c:\program files\c\gs8.71\lib\Fontmap.ATB
c:\program files\c\gs8.71\lib\Fontmap.ATM
c:\program files\c\gs8.71\lib\Fontmap.OS2
c:\program files\c\gs8.71\lib\Fontmap.OSF
c:\program files\c\gs8.71\lib\Fontmap.SGI
c:\program files\c\gs8.71\lib\Fontmap.Sol
c:\program files\c\gs8.71\lib\Fontmap.Ult
c:\program files\c\gs8.71\lib\Fontmap.VMS
c:\program files\c\gs8.71\lib\ghostpdf.inf
c:\program files\c\gs8.71\lib\ghostpdf.ppd
c:\program files\c\gs8.71\lib\gs_ce_e.ps
c:\program files\c\gs8.71\lib\gs_cmdl.ps
c:\program files\c\gs8.71\lib\gs_fform.ps
c:\program files\c\gs8.71\lib\gs_il2_e.ps
c:\program files\c\gs8.71\lib\gs_kanji.ps
c:\program files\c\gs8.71\lib\gs_ksb_e.ps
c:\program files\c\gs8.71\lib\gs_l.xbm
c:\program files\c\gs8.71\lib\gs_l.xpm
c:\program files\c\gs8.71\lib\gs_l_m.xbm
c:\program files\c\gs8.71\lib\gs_lgo_e.ps
c:\program files\c\gs8.71\lib\gs_lgx_e.ps
c:\program files\c\gs8.71\lib\gs_m.xbm
c:\program files\c\gs8.71\lib\gs_m.xpm
c:\program files\c\gs8.71\lib\gs_m_m.xbm
c:\program files\c\gs8.71\lib\gs_pfile.ps
c:\program files\c\gs8.71\lib\gs_rdlin.ps
c:\program files\c\gs8.71\lib\gs_s.xbm
c:\program files\c\gs8.71\lib\gs_s.xpm
c:\program files\c\gs8.71\lib\gs_s_m.xbm
c:\program files\c\gs8.71\lib\gs_t.xbm
c:\program files\c\gs8.71\lib\gs_t.xpm
c:\program files\c\gs8.71\lib\gs_t_m.xbm
c:\program files\c\gs8.71\lib\gs_wl1_e.ps
c:\program files\c\gs8.71\lib\gs_wl2_e.ps
c:\program files\c\gs8.71\lib\gs_wl5_e.ps
c:\program files\c\gs8.71\lib\gsbj
c:\program files\c\gs8.71\lib\gsbj.bat
c:\program files\c\gs8.71\lib\gsdj
c:\program files\c\gs8.71\lib\gsdj.bat
c:\program files\c\gs8.71\lib\gsdj500
c:\program files\c\gs8.71\lib\gsdj500.bat
c:\program files\c\gs8.71\lib\gslj
c:\program files\c\gs8.71\lib\gslj.bat
c:\program files\c\gs8.71\lib\gslp
c:\program files\c\gs8.71\lib\gslp.bat
c:\program files\c\gs8.71\lib\gslp.ps
c:\program files\c\gs8.71\lib\gsnd
c:\program files\c\gs8.71\lib\gsnd.bat
c:\program files\c\gs8.71\lib\gsndt.bat
c:\program files\c\gs8.71\lib\gsnup.ps
c:\program files\c\gs8.71\lib\gssetgs.bat
c:\program files\c\gs8.71\lib\gst.bat
c:\program files\c\gs8.71\lib\gstt.bat
c:\program files\c\gs8.71\lib\ht_ccsto.ps
c:\program files\c\gs8.71\lib\image-qa.ps
c:\program files\c\gs8.71\lib\impath.ps
c:\program files\c\gs8.71\lib\Info-macos.plist
c:\program files\c\gs8.71\lib\jispaper.ps
c:\program files\c\gs8.71\lib\jobseparator.ps
c:\program files\c\gs8.71\lib\landscap.ps
c:\program files\c\gs8.71\lib\level1.ps
c:\program files\c\gs8.71\lib\lines.ps
c:\program files\c\gs8.71\lib\lp386.bat
c:\program files\c\gs8.71\lib\lp386r2.bat
c:\program files\c\gs8.71\lib\lpgs.bat
c:\program files\c\gs8.71\lib\lpr2.bat
c:\program files\c\gs8.71\lib\lprsetup.sh
c:\program files\c\gs8.71\lib\markhint.ps
c:\program files\c\gs8.71\lib\markpath.ps
c:\program files\c\gs8.71\lib\mkcidfm.ps
c:\program files\c\gs8.71\lib\necp2x.upp
c:\program files\c\gs8.71\lib\necp2x6.upp
c:\program files\c\gs8.71\lib\packfile.ps
c:\program files\c\gs8.71\lib\pcharstr.ps
c:\program files\c\gs8.71\lib\pdf2dsc
c:\program files\c\gs8.71\lib\pdf2dsc.bat
c:\program files\c\gs8.71\lib\pdf2dsc.ps
c:\program files\c\gs8.71\lib\pdf2ps
c:\program files\c\gs8.71\lib\pdf2ps.bat
c:\program files\c\gs8.71\lib\pdf2ps.cmd
c:\program files\c\gs8.71\lib\PDFA_def.ps
c:\program files\c\gs8.71\lib\pdfopt
c:\program files\c\gs8.71\lib\pdfopt.bat
c:\program files\c\gs8.71\lib\pdfopt.ps
c:\program files\c\gs8.71\lib\pdfwrite.ps
c:\program files\c\gs8.71\lib\PDFX_def.ps
c:\program files\c\gs8.71\lib\pf2afm
c:\program files\c\gs8.71\lib\pf2afm.bat
c:\program files\c\gs8.71\lib\pf2afm.cmd
c:\program files\c\gs8.71\lib\pf2afm.ps
c:\program files\c\gs8.71\lib\pfbtopfa
c:\program files\c\gs8.71\lib\pfbtopfa.bat
c:\program files\c\gs8.71\lib\pfbtopfa.ps
c:\program files\c\gs8.71\lib\pftogsf.bat
c:\program files\c\gs8.71\lib\ppath.ps
c:\program files\c\gs8.71\lib\pphs
c:\program files\c\gs8.71\lib\pphs.ps
c:\program files\c\gs8.71\lib\prfont.ps
c:\program files\c\gs8.71\lib\printafm
c:\program files\c\gs8.71\lib\printafm.ps
c:\program files\c\gs8.71\lib\ps2ai.ps
c:\program files\c\gs8.71\lib\ps2ascii
c:\program files\c\gs8.71\lib\ps2ascii.bat
c:\program files\c\gs8.71\lib\ps2ascii.cmd
c:\program files\c\gs8.71\lib\ps2ascii.ps
c:\program files\c\gs8.71\lib\ps2epsi
c:\program files\c\gs8.71\lib\ps2epsi.bat
c:\program files\c\gs8.71\lib\ps2epsi.cmd
c:\program files\c\gs8.71\lib\ps2epsi.ps
c:\program files\c\gs8.71\lib\ps2pdf
c:\program files\c\gs8.71\lib\ps2pdf.bat
c:\program files\c\gs8.71\lib\ps2pdf.cmd
c:\program files\c\gs8.71\lib\ps2pdf12
c:\program files\c\gs8.71\lib\ps2pdf12.bat
c:\program files\c\gs8.71\lib\ps2pdf12.cmd
c:\program files\c\gs8.71\lib\ps2pdf13
c:\program files\c\gs8.71\lib\ps2pdf13.bat
c:\program files\c\gs8.71\lib\ps2pdf13.cmd
c:\program files\c\gs8.71\lib\ps2pdf14
c:\program files\c\gs8.71\lib\ps2pdf14.bat
c:\program files\c\gs8.71\lib\ps2pdf14.cmd
c:\program files\c\gs8.71\lib\ps2pdfwr
c:\program files\c\gs8.71\lib\ps2pdfxx.bat
c:\program files\c\gs8.71\lib\ps2ps
c:\program files\c\gs8.71\lib\ps2ps.bat
c:\program files\c\gs8.71\lib\ps2ps.cmd
c:\program files\c\gs8.71\lib\ps2ps2
c:\program files\c\gs8.71\lib\ps2ps2.bat
c:\program files\c\gs8.71\lib\ps2ps2.cmd
c:\program files\c\gs8.71\lib\pv.sh
c:\program files\c\gs8.71\lib\quit.ps
c:\program files\c\gs8.71\lib\ras1.upp
c:\program files\c\gs8.71\lib\ras24.upp
c:\program files\c\gs8.71\lib\ras3.upp
c:\program files\c\gs8.71\lib\ras32.upp
c:\program files\c\gs8.71\lib\ras4.upp
c:\program files\c\gs8.71\lib\ras8m.upp
c:\program files\c\gs8.71\lib\rinkj-2200-setup
c:\program files\c\gs8.71\lib\rollconv.ps
c:\program files\c\gs8.71\lib\showchar.ps
c:\program files\c\gs8.71\lib\showpage.ps
c:\program files\c\gs8.71\lib\st640ih.upp
c:\program files\c\gs8.71\lib\st640ihg.upp
c:\program files\c\gs8.71\lib\st640p.upp
c:\program files\c\gs8.71\lib\st640pg.upp
c:\program files\c\gs8.71\lib\st640pl.upp
c:\program files\c\gs8.71\lib\st640plg.upp
c:\program files\c\gs8.71\lib\stc.upp
c:\program files\c\gs8.71\lib\stc_h.upp
c:\program files\c\gs8.71\lib\stc_l.upp
c:\program files\c\gs8.71\lib\stc1520h.upp
c:\program files\c\gs8.71\lib\stc2.upp
c:\program files\c\gs8.71\lib\stc2_h.upp
c:\program files\c\gs8.71\lib\stc200_h.upp
c:\program files\c\gs8.71\lib\stc2s_h.upp
c:\program files\c\gs8.71\lib\stc300.upp
c:\program files\c\gs8.71\lib\stc300bl.upp
c:\program files\c\gs8.71\lib\stc300bm.upp
c:\program files\c\gs8.71\lib\stc500p.upp
c:\program files\c\gs8.71\lib\stc500ph.upp
c:\program files\c\gs8.71\lib\stc600ih.upp
c:\program files\c\gs8.71\lib\stc600p.upp
c:\program files\c\gs8.71\lib\stc600pl.upp
c:\program files\c\gs8.71\lib\stc640p.upp
c:\program files\c\gs8.71\lib\stc800ih.upp
c:\program files\c\gs8.71\lib\stc800p.upp
c:\program files\c\gs8.71\lib\stc800pl.upp
c:\program files\c\gs8.71\lib\stcany.upp
c:\program files\c\gs8.71\lib\stcany_h.upp
c:\program files\c\gs8.71\lib\stcinfo.ps
c:\program files\c\gs8.71\lib\stcolor.ps
c:\program files\c\gs8.71\lib\stocht.ps
c:\program files\c\gs8.71\lib\traceimg.ps
c:\program files\c\gs8.71\lib\traceop.ps
c:\program files\c\gs8.71\lib\type1enc.ps
c:\program files\c\gs8.71\lib\type1ops.ps
c:\program files\c\gs8.71\lib\uninfo.ps
c:\program files\c\gs8.71\lib\unix-lpr.sh
c:\program files\c\gs8.71\lib\unprot.ps
c:\program files\c\gs8.71\lib\viewcmyk.ps
c:\program files\c\gs8.71\lib\viewgif.ps
c:\program files\c\gs8.71\lib\viewjpeg.ps
c:\program files\c\gs8.71\lib\viewmiff.ps
c:\program files\c\gs8.71\lib\viewpbm.ps
c:\program files\c\gs8.71\lib\viewpcx.ps
c:\program files\c\gs8.71\lib\viewps2a.ps
c:\program files\c\gs8.71\lib\viewrgb.ps
c:\program files\c\gs8.71\lib\wftopfa
c:\program files\c\gs8.71\lib\wftopfa.ps
c:\program files\c\gs8.71\lib\winmaps.ps
c:\program files\c\gs8.71\lib\wmakebat.bat
c:\program files\c\gs8.71\lib\wrfont.ps
c:\program files\c\gs8.71\lib\zeroline.ps
c:\program files\c\gs8.71\uninstal.txt
c:\program files\c\uninstgs.exe
c:\programdata\xml8930.tmp
c:\programdata\xml8E5F.tmp
c:\programdata\xml8EBE.tmp
c:\users\Guido\AppData\Local\lame_enc.dll
c:\users\Guido\AppData\Local\no23xwrapper.dll
c:\users\Guido\AppData\Local\ogg.dll
c:\users\Guido\AppData\Local\vorbisenc.dll
c:\users\Guido\AppData\Local\vorbisfile.dll
c:\windows\_detmp.2
c:\windows\IsUn0407.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-11-20 bis 2013-12-20 ))))))))))))))))))))))))))))))
.
.
2013-12-20 08:14 . 2013-12-20 08:14 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-12-20 08:14 . 2013-12-20 08:14 -------- d-----w- c:\users\Guido\AppData\Local\temp
2013-12-20 08:14 . 2013-12-20 08:14 -------- d-----w- c:\users\TxR\AppData\Local\temp
2013-12-20 08:14 . 2013-12-20 08:14 -------- d-----w- c:\users\systemprofile\AppData\Local\temp
2013-12-20 08:14 . 2013-12-20 08:14 -------- d-----w- c:\users\RegBack\AppData\Local\temp
2013-12-20 07:41 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCFF3CFF-3D6E-4894-83D6-366C257CC046}\mpengine.dll
2013-12-19 18:48 . 2013-12-19 18:48 -------- d-----w- C:\FRST
2013-12-19 10:04 . 2013-12-19 10:04 -------- d-----w- c:\users\Admin\AppData\Local\AskPartnerNetwork
2013-12-13 07:09 . 2013-11-14 22:44 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-12-13 07:09 . 2013-11-14 22:43 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-12-13 07:09 . 2013-11-14 22:43 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-12-13 07:09 . 2013-11-14 22:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-12 07:56 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 07:56 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 07:56 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 07:56 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 07:56 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 07:56 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-12 07:56 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 07:56 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 07:56 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 07:56 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-08 12:51 . 2013-12-08 12:51 -------- d-----w- c:\program files\Common Files\Adobe
2013-11-29 09:16 . 2013-11-29 09:16 -------- d-----w- c:\programdata\McAfee Security Scan
2013-11-29 09:16 . 2013-12-06 09:16 -------- d-----w- c:\program files\McAfee Security Scan
2013-11-22 11:39 . 2013-11-22 11:39 -------- d-----w- c:\programdata\Oracle
2013-11-22 11:39 . 2013-11-22 11:39 -------- d-----w- c:\program files\Common Files\Java
2013-11-22 11:38 . 2013-10-08 06:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 12:42 . 2013-08-05 13:21 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-17 12:42 . 2013-08-05 13:21 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-11 18:12 . 2012-04-04 11:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 18:12 . 2011-05-20 06:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-30 17:45 . 2013-08-05 13:21 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-19 02:33 . 2010-01-15 08:31 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-30 02:13 . 2008-01-21 02:23 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-11 02:08 . 2013-11-14 13:29 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-14 13:29 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-03 12:45 . 2013-11-14 13:29 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45 . 2013-11-14 13:29 993792 ----a-w- c:\windows\system32\crypt32.dll
2012-03-17 11:24 . 2011-03-23 10:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\program files\NCH_DE\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-10-23 19:52 12240 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{b106b661-3e1b-4015-af5c-195e909f35c6}]
2011-05-09 08:49 176936 ----a-w- c:\program files\NCH_DE\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\program files\NCH_DE\prxtbNCH_.dll" [2011-05-09 176936]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-10-23 12240]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-10-23 12240]
"{B106B661-3E1B-4015-AF5C-195E909F35C6}"= "c:\program files\NCH_DE\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2013-11-22 4324120]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-02-13 844144]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-10-10 646232]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"EaseUS EPM tray"="c:\users\Admin\Downloads\EaseUS Partition Master 9.2.2\bin\EpmNews.exe" [2013-03-29 2081792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-17 684600]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-11-07 1707472]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
.
c:\users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
PHOTOfunSTUDIO 6.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files\Panasonic\PHOTOfunSTUDIO 6.0\PHOTOfunSTUDIO.exe" [2011-11-26 174064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SETAUDIO.EXE]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE
backup=c:\windows\pss\SETAUDIO.EXE.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SETRES.EXE]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE
backup=c:\windows\pss\SETRES.EXE.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-02 13:17 707080 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-01-22 10:14 200704 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 09:13 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:12]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 08:15]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 08:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://de.intl.acer.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.ecosia.de
FF - ExtSQL: !HIDDEN! 2010-01-17 00:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-05-21 19:35; firejump@firejump.net; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\extensions\firejump@firejump.net
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
c:\users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
c:\users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk - c:\program files\FRITZ!DSL\FritzDsl.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
AddRemove-f42012 - c:\program files\f4_2012\uninstall.exe
AddRemove-Free 3D Photo Maker_is1 - c:\program files\DVDVideoSoft\Free 3D Photo Maker\unins000.exe
AddRemove-GPL Ghostscript 8.71 - c:\program files\c\uninstgs.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-12-20 09:14
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\windows\TEMP\TMP0000004F14B2BE02CF24090B 524288 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1920)
c:\users\Guido\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
Zeit der Fertigstellung: 2013-12-20 09:16:34
ComboFix-quarantined-files.txt 2013-12-20 08:16
ComboFix2.txt 2010-02-24 20:11
.
Vor Suchlauf: 9.177.743.360 Bytes frei
Nach Suchlauf: 9.180.377.088 Bytes frei
.
- - End Of File - - 592162173A5B023D7F48F942105B4FDC
0DCE9A450E9979B9640D57E81152A29D </code> |
|
20.12.2013, 17:56
| #4 |
| /// the machine /// TB-Ausbilder | Spybot meldet: Win32.Downloader.gen - Maleware C Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.12.2013, 11:02
| #5 |
| | Spybot meldet: Win32.Downloader.gen - Maleware C Hi, hier nun die weiteren Logs. Ich weiß nicht warum die teilweise in einer Box sind und teilweise nicht, habe sie alle mit copy - paste zwischen die Code-Tags gesetzt: <code> Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.20.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: ***** [Administrator] 20.12.2013 18:15:38 mbam-log-2013-12-20 (18-15-38).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 527146 Laufzeit: 2 Stunde(n), 28 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) </code> <code>AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.015 - Bericht erstellt am 20/12/2013 um 23:49:53
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Admin - *****
# Gestartet von : C:\Firefox Downloads\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gefunden : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\user.js
Datei Gefunden : C:\Windows\System32\Tasks\NCH Software
Datei Gefunden : C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator
Ordner Gefunden : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommhmgednjnodcljhlljkaiidghdmikk
Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\firejump@firejump.net
Ordner Gefunden : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommhmgednjnodcljhlljkaiidghdmikk
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\Extensions\{38542454-dfb6-44f5-b052-d4e071a3d073}
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\Extensions\engine@conduit.com
Ordner Gefunden C:\Program Files\Conduit
Ordner Gefunden C:\Program Files\FreeRIP3
Ordner Gefunden C:\Program Files\GreenTree Applications
Ordner Gefunden C:\Program Files\myfree codec
Ordner Gefunden C:\Program Files\NCH_DE
Ordner Gefunden C:\Program Files\Winload
Ordner Gefunden C:\ProgramData\FreeRIP
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gefunden C:\ProgramData\NCH Software
Ordner Gefunden C:\Users\Admin\AppData\LocalLow\Conduit
Ordner Gefunden C:\Users\Admin\AppData\LocalLow\NCH_DE
Ordner Gefunden C:\Users\Admin\AppData\LocalLow\Winload
Ordner Gefunden C:\Users\Admin\AppData\Roaming\DesktopIconForAmazon
Ordner Gefunden C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP
Ordner Gefunden C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Conduit
Ordner Gefunden C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\CT2319825
Ordner Gefunden C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\CT2801937
Ordner Gefunden C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Smartbar
Ordner Gefunden C:\Users\Gast\AppData\LocalLow\Conduit
Ordner Gefunden C:\Users\Gast\AppData\LocalLow\Winload
Ordner Gefunden C:\Users\Guido\AppData\LocalLow\boost_interprocess
Ordner Gefunden C:\Users\Guido\AppData\LocalLow\Conduit
Ordner Gefunden C:\Users\Guido\AppData\LocalLow\Dealio
Ordner Gefunden C:\Users\Guido\AppData\LocalLow\FreeRIP
Ordner Gefunden C:\Users\Guido\AppData\LocalLow\NCH_DE
Ordner Gefunden C:\Users\Guido\AppData\LocalLow\Search Settings
Ordner Gefunden C:\Users\Guido\AppData\LocalLow\Winload
Ordner Gefunden C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\Conduit
Ordner Gefunden C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\ConduitEngine
Ordner Gefunden C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\CT2857572
Ordner Gefunden C:\Users\Guido\AppData\Roaming\NCH Software
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\NCH_DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\ommhmgednjnodcljhlljkaiidghdmikk
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winload Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gefunden : HKCU\Software\Myfree Codec
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0C81D953-FF93-477D-A248-8ABEFBCA6757}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8EEB1C24-43B2-4210-B48A-87FE0EAE6267}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gefunden : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ommhmgednjnodcljhlljkaiidghdmikk
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9E96457-2AD3-4C07-943E-F8AA548FB885}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDF5803D-C886-4CCD-9349-C31A63E78D0E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\PC SpeedUp Service Deactivator
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{209AC4DD-A31C-458F-AF5B-87EDEA8A27BC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94CD4152-2E72-49EF-B51A-AF3FE73D14A1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1B48E07-5F90-496E-8A3D-3285F91BE838}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0C81D953-FF93-477D-A248-8ABEFBCA6757}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8EEB1C24-43B2-4210-B48A-87FE0EAE6267}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH_DE Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gefunden : HKLM\Software\Myfree Codec
Schlüssel Gefunden : HKLM\Software\NCH_DE
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\Software\Speedchecker Limited
Schlüssel Gefunden : HKLM\Software\Uniblue
Schlüssel Gefunden : HKLM\Software\Uniblue\DriverScanner
Schlüssel Gefunden : HKLM\Software\Winload
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [firejump@firejump.net]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16526
-\\ Mozilla Firefox v11.0 (de)
[ Datei : C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\prefs.js ]
Zeile gefunden : user_pref("CT2857572..clientLogIsEnabled", true);
Zeile gefunden : user_pref("CT2857572..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gefunden : user_pref("CT2857572..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gefunden : user_pref("CT2857572.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gefunden : user_pref("CT2857572.AppTrackingLastCheckTime", "Sat Jan 15 2011 15:49:57 GMT+0100");
Zeile gefunden : user_pref("CT2857572.CT2857572", "CT2857572");
Zeile gefunden : user_pref("CT2857572.CurrentServerDate", "24-3-2011");
Zeile gefunden : user_pref("CT2857572.DialogsAlignMode", "LTR");
Zeile gefunden : user_pref("CT2857572.DialogsGetterLastCheckTime", "Sat Jan 15 2011 15:49:46 GMT+0100");
Zeile gefunden : user_pref("CT2857572.DownloadReferralCookieData", "");
Zeile gefunden : user_pref("CT2857572.ExternalComponentPollDate129356796046694434", "Thu Mar 24 2011 16:44:55 GMT+0100");
Zeile gefunden : user_pref("CT2857572.FirstServerDate", "15-1-2011");
Zeile gefunden : user_pref("CT2857572.FirstTime", true);
Zeile gefunden : user_pref("CT2857572.FirstTimeFF3", true);
Zeile gefunden : user_pref("CT2857572.FixPageNotFoundErrors", false);
Zeile gefunden : user_pref("CT2857572.GroupingServerCheckInterval", 1440);
Zeile gefunden : user_pref("CT2857572.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gefunden : user_pref("CT2857572.HasUserGlobalKeys", true);
Zeile gefunden : user_pref("CT2857572.Initialize", true);
Zeile gefunden : user_pref("CT2857572.InitializeCommonPrefs", true);
Zeile gefunden : user_pref("CT2857572.InstallationAndCookieDataSentCount", 3);
Zeile gefunden : user_pref("CT2857572.InstalledDate", "Sat Jan 15 2011 15:49:47 GMT+0100");
Zeile gefunden : user_pref("CT2857572.InvalidateCache", false);
Zeile gefunden : user_pref("CT2857572.IsGrouping", false);
Zeile gefunden : user_pref("CT2857572.IsMulticommunity", false);
Zeile gefunden : user_pref("CT2857572.IsOpenThankYouPage", true);
Zeile gefunden : user_pref("CT2857572.IsOpenUninstallPage", true);
Zeile gefunden : user_pref("CT2857572.LanguagePackLastCheckTime", "Thu Mar 24 2011 16:44:56 GMT+0100");
Zeile gefunden : user_pref("CT2857572.LanguagePackReloadIntervalMM", 1440);
Zeile gefunden : user_pref("CT2857572.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gefunden : user_pref("CT2857572.LastLogin_3.3.0.19", "Sat Jan 15 2011 15:49:47 GMT+0100");
Zeile gefunden : user_pref("CT2857572.LastLogin_3.3.3.2", "Thu Mar 24 2011 20:44:55 GMT+0100");
Zeile gefunden : user_pref("CT2857572.LatestVersion", "3.2.5.2");
Zeile gefunden : user_pref("CT2857572.Locale", "en");
Zeile gefunden : user_pref("CT2857572.MCDetectTooltipHeight", "83");
Zeile gefunden : user_pref("CT2857572.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gefunden : user_pref("CT2857572.MCDetectTooltipWidth", "295");
Zeile gefunden : user_pref("CT2857572.RadioIsPodcast", false);
Zeile gefunden : user_pref("CT2857572.RadioLastCheckTime", "Thu Mar 24 2011 16:44:56 GMT+0100");
Zeile gefunden : user_pref("CT2857572.RadioLastUpdateIPServer", "3");
Zeile gefunden : user_pref("CT2857572.RadioLastUpdateServer", "129400870958430000");
Zeile gefunden : user_pref("CT2857572.RadioMediaID", "21753723");
Zeile gefunden : user_pref("CT2857572.RadioMediaType", "Media Player");
Zeile gefunden : user_pref("CT2857572.RadioMenuSelectedID", "EBRadioMenu_CT285757221753723");
Zeile gefunden : user_pref("CT2857572.RadioShrinked", "shrinked");
Zeile gefunden : user_pref("CT2857572.RadioStationName", "California%20Rock%20-%20Rock");
Zeile gefunden : user_pref("CT2857572.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Zeile gefunden : user_pref("CT2857572.SHRINK_TOOLBAR", 1);
Zeile gefunden : user_pref("CT2857572.SavedHomepage", "hxxp://ecosia.org/");
Zeile gefunden : user_pref("CT2857572.SearchBoxWidth", 392);
Zeile gefunden : user_pref("CT2857572.SearchFromAddressBarIsInit", true);
Zeile gefunden : user_pref("CT2857572.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857572&q=");
Zeile gefunden : user_pref("CT2857572.SearchInNewTabEnabled", true);
Zeile gefunden : user_pref("CT2857572.SearchInNewTabIntervalMM", 1440);
Zeile gefunden : user_pref("CT2857572.SearchInNewTabLastCheckTime", "Thu Mar 24 2011 16:44:56 GMT+0100");
Zeile gefunden : user_pref("CT2857572.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gefunden : user_pref("CT2857572.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gefunden : user_pref("CT2857572.ServiceMapLastCheckTime", "Thu Mar 24 2011 16:44:55 GMT+0100");
Zeile gefunden : user_pref("CT2857572.SettingsLastCheckTime", "Thu Mar 24 2011 16:44:54 GMT+0100");
Zeile gefunden : user_pref("CT2857572.SettingsLastUpdate", "1300788505");
Zeile gefunden : user_pref("CT2857572.ThirdPartyComponentsInterval", 504);
Zeile gefunden : user_pref("CT2857572.ThirdPartyComponentsLastCheck", "Thu Mar 24 2011 16:44:54 GMT+0100");
Zeile gefunden : user_pref("CT2857572.ThirdPartyComponentsLastUpdate", "1246790578");
Zeile gefunden : user_pref("CT2857572.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2857572");
Zeile gefunden : user_pref("CT2857572.UserID", "UN03559203793413468");
Zeile gefunden : user_pref("CT2857572.ValidationData_Toolbar", 2);
Zeile gefunden : user_pref("CT2857572.WeatherNetwork", "");
Zeile gefunden : user_pref("CT2857572.WeatherPollDate", "Thu Mar 24 2011 16:44:56 GMT+0100");
Zeile gefunden : user_pref("CT2857572.WeatherUnit", "C");
Zeile gefunden : user_pref("CT2857572.alertChannelId", "1249594");
Zeile gefunden : user_pref("CT2857572.approveUntrustedApps", true);
Zeile gefunden : user_pref("CT2857572.backendstorage._fb_dailyactivity", "31333030393831343936373638");
Zeile gefunden : user_pref("CT2857572.backendstorage._fb_lifetimesent", "54525545");
Zeile gefunden : user_pref("CT2857572.backendstorage.facebook_ctid_connect_send", "73656E646564");
Zeile gefunden : user_pref("CT2857572.components.1000082", false);
Zeile gefunden : user_pref("CT2857572.components.1000234", false);
Zeile gefunden : user_pref("CT2857572.components.129356796046694434", false);
Zeile gefunden : user_pref("CT2857572.components.129356796047006936", false);
Zeile gefunden : user_pref("CT2857572.components.129400803056288017", false);
Zeile gefunden : user_pref("CT2857572.components.129435747711838079", false);
Zeile gefunden : user_pref("CT2857572.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com\"}");
Zeile gefunden : user_pref("CT2857572.globalFirstTimeInfoLastCheckTime", "Thu Mar 24 2011 20:44:55 GMT+0100");
Zeile gefunden : user_pref("CT2857572.isAppTrackingManagerOn", true);
Zeile gefunden : user_pref("CT2857572.myStuffEnabled", true);
Zeile gefunden : user_pref("CT2857572.myStuffPublihserMinWidth", 400);
Zeile gefunden : user_pref("CT2857572.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gefunden : user_pref("CT2857572.myStuffServiceIntervalMM", 1440);
Zeile gefunden : user_pref("CT2857572.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gefunden : user_pref("CT2857572.oldAppsList", "129356796045131912,129356796046381930,129356796046694434,1000082,129435747711838079,129400803056288017,1000234,129356796047006936,1000034,1000080,1000,1001,1002,100[...]
Zeile gefunden : user_pref("CT2857572.testingCtid", "");
Zeile gefunden : user_pref("CT2857572.toolbarAppMetaDataLastCheckTime", "Thu Mar 24 2011 16:44:56 GMT+0100");
Zeile gefunden : user_pref("CT2857572.toolbarContextMenuLastCheckTime", "Sat Jan 15 2011 15:49:47 GMT+0100");
Zeile gefunden : user_pref("CT2857572.usagesFlag", 2);
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249594/1245267/DE", "\"0\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2857572", "\"0\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "poKjTfHs0NrVUIalKI8jyg==");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0.19", "\"8039ce950b0cb1:0\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.0.19", "\"8039ce950b0cb1:0\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2857572", "\"634333631231730000\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634303635100000000");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2857572/CT2857572", "\"1300788505\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634351849102130000\"");
Zeile gefunden : user_pref("CommunityToolbar.EngineOwner", "CT2857572");
Zeile gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}");
Zeile gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.12");
Zeile gefunden : user_pref("CommunityToolbar.IsEngineShown", false);
Zeile gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857572");
Zeile gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}");
Zeile gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.12");
Zeile gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=");
Zeile gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2857572,ConduitEngine");
Zeile gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2857572");
Zeile gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Oct 26 2011 19:46:21 GMT+0200");
Zeile gefunden : user_pref("CommunityToolbar.alert.alertEnabled", true);
Zeile gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Mar 04 2012 01:00:49 GMT+0100");
Zeile gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Mar 17 2012 04:47:06 GMT+0100");
Zeile gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Zeile gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gefunden : user_pref("CommunityToolbar.alert.userId", "30b2d9ce-5a7f-4fb0-9133-d4961387ed74");
Zeile gefunden : user_pref("CommunityToolbar.globalUserId", "6e615807-1ec5-4543-9233-f9d97716f6b2");
Zeile gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2857572");
Zeile gefunden : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jan 15 2011 15:49:47 GMT+0100");
Zeile gefunden : user_pref("ConduitEngine.FirstServerDate", "01/15/2011 17");
Zeile gefunden : user_pref("ConduitEngine.FirstTime", true);
Zeile gefunden : user_pref("ConduitEngine.FirstTimeFF3", true);
Zeile gefunden : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Zeile gefunden : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Zeile gefunden : user_pref("ConduitEngine.Initialize", true);
Zeile gefunden : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Zeile gefunden : user_pref("ConduitEngine.InstalledDate", "Sat Jan 15 2011 15:49:47 GMT+0100");
Zeile gefunden : user_pref("ConduitEngine.IsMulticommunity", false);
Zeile gefunden : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Zeile gefunden : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Zeile gefunden : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jan 15 2011 15:49:47 GMT+0100");
Zeile gefunden : user_pref("ConduitEngine.LastLogin_3.3.0.19", "Sat Jan 15 2011 15:49:47 GMT+0100");
Zeile gefunden : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Zeile gefunden : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Zeile gefunden : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jan 15 2011 15:49:46 GMT+0100");
Zeile gefunden : user_pref("ConduitEngine.UserID", "UN00681800113764452");
Zeile gefunden : user_pref("ConduitEngine.engineLocale", "de");
Zeile gefunden : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jan 15 2011 15:49:47 GMT+0100");
Zeile gefunden : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jan 15 2011 15:49:47 GMT+0100");
Zeile gefunden : user_pref("ConduitEngine.initDone", true);
Zeile gefunden : user_pref("ConduitEngine.isAppTrackingManagerOn", false);
Zeile gefunden : user_pref("browser.search.defaultthis.engineName", "Elf 1.12 Customized Web Search");
Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857572&SearchSource=3&q={searchTerms}");
Zeile gefunden : user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.1,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5,{D4DD63FA-01E4-46a7-B6B1-EDA[...]
Zeile gefunden : user_pref("extensions.engine@conduit.com.install-event-fired", true);
[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\prefs.js ]
Zeile gefunden : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gefunden : user_pref("CT2319825.CTID", "CT2319825");
Zeile gefunden : user_pref("CT2319825.CurrentServerDate", "27-7-2010");
Zeile gefunden : user_pref("CT2319825.DialogsAlignMode", "LTR");
Zeile gefunden : user_pref("CT2319825.EMailNotifierPollDate", "Tue Jul 27 2010 09:50:10 GMT+0200");
Zeile gefunden : user_pref("CT2319825.FeedLastCount128902288263982011", 77);
Zeile gefunden : user_pref("CT2319825.FeedLastCount129056115025381886", 10);
Zeile gefunden : user_pref("CT2319825.FeedPollDate11908299", "Tue Jul 27 2010 09:50:09 GMT+0200");
Zeile gefunden : user_pref("CT2319825.FeedPollDate128902288263982011", "Tue Jul 27 2010 09:11:53 GMT+0200");
Zeile gefunden : user_pref("CT2319825.FeedPollDate129056115025381886", "Tue Jul 27 2010 09:11:53 GMT+0200");
Zeile gefunden : user_pref("CT2319825.FeedPollDate129228016461601757", "Tue Jul 27 2010 09:11:53 GMT+0200");
Zeile gefunden : user_pref("CT2319825.FeedPollDate129228019840048158", "Tue Jul 27 2010 09:11:53 GMT+0200");
Zeile gefunden : user_pref("CT2319825.FeedPollDate129228021559110981", "Tue Jul 27 2010 09:11:53 GMT+0200");
Zeile gefunden : user_pref("CT2319825.FeedPollDate129228022849107630", "Tue Jul 27 2010 09:11:53 GMT+0200");
Zeile gefunden : user_pref("CT2319825.FirstServerDate", "27-7-2010");
Zeile gefunden : user_pref("CT2319825.FirstTime", true);
Zeile gefunden : user_pref("CT2319825.FirstTimeFF3", true);
Zeile gefunden : user_pref("CT2319825.FixPageNotFoundErrors", true);
Zeile gefunden : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Zeile gefunden : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gefunden : user_pref("CT2319825.Initialize", true);
Zeile gefunden : user_pref("CT2319825.InitializeCommonPrefs", true);
Zeile gefunden : user_pref("CT2319825.InstalledDate", "Tue Jul 27 2010 09:11:52 GMT+0200");
Zeile gefunden : user_pref("CT2319825.InvalidateCache", false);
Zeile gefunden : user_pref("CT2319825.IsGrouping", false);
Zeile gefunden : user_pref("CT2319825.IsMulticommunity", false);
Zeile gefunden : user_pref("CT2319825.IsOpenThankYouPage", false);
Zeile gefunden : user_pref("CT2319825.IsOpenUninstallPage", true);
Zeile gefunden : user_pref("CT2319825.LanguagePackLastCheckTime", "Tue Jul 27 2010 09:11:54 GMT+0200");
Zeile gefunden : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Zeile gefunden : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gefunden : user_pref("CT2319825.LastLogin_2.5.8.6", "Tue Jul 27 2010 09:11:53 GMT+0200");
Zeile gefunden : user_pref("CT2319825.LatestVersion", "2.1.0.18");
Zeile gefunden : user_pref("CT2319825.Locale", "de");
Zeile gefunden : user_pref("CT2319825.LoginCache", 4);
Zeile gefunden : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Zeile gefunden : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gefunden : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Zeile gefunden : user_pref("CT2319825.RadioIsPodcast", false);
Zeile gefunden : user_pref("CT2319825.RadioLastCheckTime", "Tue Jul 27 2010 09:11:53 GMT+0200");
Zeile gefunden : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Zeile gefunden : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Zeile gefunden : user_pref("CT2319825.RadioMediaID", "11949532");
Zeile gefunden : user_pref("CT2319825.RadioMediaType", "Media Player");
Zeile gefunden : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Zeile gefunden : user_pref("CT2319825.RadioStationName", "1Live");
Zeile gefunden : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a");
Zeile gefunden : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Zeile gefunden : user_pref("CT2319825.SavedHomepage", "resource:/browserconfig.properties");
Zeile gefunden : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2319825&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gefunden : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Zeile gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
Zeile gefunden : user_pref("CT2319825.SearchInNewTabEnabled", true);
Zeile gefunden : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Zeile gefunden : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Tue Jul 27 2010 09:11:53 GMT+0200");
Zeile gefunden : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gefunden : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gefunden : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Zeile gefunden : user_pref("CT2319825.SettingsLastCheckTime", "Tue Jul 27 2010 09:11:52 GMT+0200");
Zeile gefunden : user_pref("CT2319825.SettingsLastUpdate", "1279443065");
Zeile gefunden : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Zeile gefunden : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Tue Jul 27 2010 09:11:52 GMT+0200");
Zeile gefunden : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Zeile gefunden : user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gefunden : user_pref("CT2319825.UserID", "UN10971236462069622");
Zeile gefunden : user_pref("CT2319825.ValidationData_Toolbar", 0);
Zeile gefunden : user_pref("CT2319825.WeatherNetwork", "");
Zeile gefunden : user_pref("CT2319825.WeatherPollDate", "Tue Jul 27 2010 09:50:10 GMT+0200");
Zeile gefunden : user_pref("CT2319825.WeatherUnit", "C");
Zeile gefunden : user_pref("CT2319825.alertChannelId", "715912");
Zeile gefunden : user_pref("CT2319825.backendstorage.shpngrd_evnts", "30");
Zeile gefunden : user_pref("CT2319825.backendstorage.shpngrdglblcfg", "7B202772656627203A2027776E6C64272C2027636E74727927203A20276465272C20276C616E6727203A207B2027636F6D706172655F707269636573273A2027507265697365207665[...]
Zeile gefunden : user_pref("CT2319825.clientLogIsEnabled", true);
Zeile gefunden : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gefunden : user_pref("CT2319825.myStuffEnabled", true);
Zeile gefunden : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Zeile gefunden : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gefunden : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Zeile gefunden : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gefunden : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gefunden : user_pref("CT2801937.1000082.isDisplayHidden", "true");
Zeile gefunden : user_pref("CT2801937.1000082.isPlayDisplay", "true");
Zeile gefunden : user_pref("CT2801937.1000082.state", "{\"state\":\"stopped\",\"text\":\"GermanyFM...\",\"description\":\"GermanyFM Info\",\"url\":\"hxxp://www.1000mikes.com/audio/1000mikes.m3u?channelId=6680\"}");
Zeile gefunden : user_pref("CT2801937.1000234.TWC_TMP_city", "BERLIN");
Zeile gefunden : user_pref("CT2801937.1000234.TWC_TMP_country", "DE");
Zeile gefunden : user_pref("CT2801937.1000234.TWC_locId", "GMXX0007");
Zeile gefunden : user_pref("CT2801937.1000234.TWC_location", "Berlin, Deutschland");
Zeile gefunden : user_pref("CT2801937.1000234.TWC_region", "DE");
Zeile gefunden : user_pref("CT2801937.1000234.TWC_temp_dis", "c");
Zeile gefunden : user_pref("CT2801937.1000234.TWC_wind_dis", "kmh");
Zeile gefunden : user_pref("CT2801937.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"19°C\",\"temperatureClear\":\"19°C\",\"highTemperature\":\"19°C\",\"lowTemperature\":\"9°C\",\"feelsLike\":\"19°[...]
Zeile gefunden : user_pref("CT2801937.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2801937.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2801937.Facebook_Mode.enc", "Mg==");
Zeile gefunden : user_pref("CT2801937.Facebook_User_Locale.enc", "ZW4=");
Zeile gefunden : user_pref("CT2801937.FirstTime", "true");
Zeile gefunden : user_pref("CT2801937.FirstTimeFF3", "true");
Zeile gefunden : user_pref("CT2801937.LoginRevertSettingsEnabled", true);
Zeile gefunden : user_pref("CT2801937.RevertSettingsEnabled", true);
Zeile gefunden : user_pref("CT2801937.UserID", "UN47317047019917092");
Zeile gefunden : user_pref("CT2801937.XING_APP_MARKETPLACE_APP_LANG.enc", "ZW4=");
Zeile gefunden : user_pref("CT2801937.XING_APP_MARKETPLACE_GADGET_HEIGHT_NORMAL.enc", "NTY5");
Zeile gefunden : user_pref("CT2801937.XING_APP_MARKETPLACE_GADGET_HEIGHT_SHORT.enc", "NDE1");
Zeile gefunden : user_pref("CT2801937.XING_APP_MARKETPLACE_GADGET_WIDTH.enc", "MzUz");
Zeile gefunden : user_pref("CT2801937.addressBarTakeOverEnabledInHidden", "true");
Zeile gefunden : user_pref("CT2801937.autoDisableScopes", -1);
Zeile gefunden : user_pref("CT2801937.countryCode", "DE");
Zeile gefunden : user_pref("CT2801937.defaultSearch", "false");
Zeile gefunden : user_pref("CT2801937.embeddedsData", "[{\"appId\":\"129306877457319611\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gefunden : user_pref("CT2801937.enableAlerts", "always");
Zeile gefunden : user_pref("CT2801937.enableFix404ByUser", "TRUE");
Zeile gefunden : user_pref("CT2801937.enableSearchFromAddressBar", "true");
Zeile gefunden : user_pref("CT2801937.firstTimeDialogOpened", "true");
Zeile gefunden : user_pref("CT2801937.fixPageNotFoundError", "true");
Zeile gefunden : user_pref("CT2801937.fixPageNotFoundErrorByUser", "true");
Zeile gefunden : user_pref("CT2801937.fixPageNotFoundErrorInHidden", "true");
Zeile gefunden : user_pref("CT2801937.fixUrls", true);
Zeile gefunden : user_pref("CT2801937.fullUserID", "UN47317047019917092.UP.20130908215637");
Zeile gefunden : user_pref("CT2801937.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Zeile gefunden : user_pref("CT2801937.installId", "conduitinstaller.exe");
Zeile gefunden : user_pref("CT2801937.installType", "conduitnsisintegration");
Zeile gefunden : user_pref("CT2801937.isCheckedStartAsHidden", true);
Zeile gefunden : user_pref("CT2801937.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2801937.isFirstTimeToolbarLoading", "false");
Zeile gefunden : user_pref("CT2801937.isNewTabEnabled", false);
Zeile gefunden : user_pref("CT2801937.isPerformedSmartBarTransition", "true");
Zeile gefunden : user_pref("CT2801937.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gefunden : user_pref("CT2801937.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2801937&octid=CT2801937&SearchSource=15&CUI=UN47317047019917092&SSPV=&Lay=1&UM=\"}");
Zeile gefunden : user_pref("CT2801937.lastVersion", "10.19.2.505");
Zeile gefunden : user_pref("CT2801937.migrateAppsAndComponents", true);
Zeile gefunden : user_pref("CT2801937.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.trojaner-board.de%2F136099-win32-downloader-gen.html\",\"EB_MAIN_FRAME_TITLE\":\"Win32.Downloader.gen%20-%20Troj[...]
Zeile gefunden : user_pref("CT2801937.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2801937.openThankYouPage", "false");
Zeile gefunden : user_pref("CT2801937.openUninstallPage", "true");
Zeile gefunden : user_pref("CT2801937.revertSettingsEnabled", "false");
Zeile gefunden : user_pref("CT2801937.search.searchAppId", "129306877457319611");
Zeile gefunden : user_pref("CT2801937.search.searchCount", "0");
Zeile gefunden : user_pref("CT2801937.searchInNewTabEnabled", "false");
Zeile gefunden : user_pref("CT2801937.searchInNewTabEnabledByUser", "false");
Zeile gefunden : user_pref("CT2801937.searchInNewTabEnabledInHidden", "true");
Zeile gefunden : user_pref("CT2801937.searchSuggestEnabledByUser", "false");
Zeile gefunden : user_pref("CT2801937.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2801937.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2801937.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gefunden : user_pref("CT2801937.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2801937\"}");
Zeile gefunden : user_pref("CT2801937.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://NCHDE.OurToolbar.com//xpi\"}");
Zeile gefunden : user_pref("CT2801937.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"NCH DE \"}");
Zeile gefunden : user_pref("CT2801937.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2801937.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_Configuration_lastUpdate", "1387453260266");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1387453263694");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_appsMetadata_lastUpdate", "1387453263602");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1387453263483");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_location_lastUpdate", "1377962394950");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_login_10.13.40.15_lastUpdate", "1363614440753");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_login_10.14.65.43_lastUpdate", "1370091830795");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_login_10.16.2.510_lastUpdate", "1377962395254");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_login_10.19.2.505_lastUpdate", "1387453263730");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1387453263609");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_searchAPI_lastUpdate", "1387453260234");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_serviceMap_lastUpdate", "1387453260142");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_setupAPI_lastUpdate", "1370091831055");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_toolbarContextMenu_lastUpdate", "1387453263553");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_toolbarSettings_lastUpdate", "1387453263641");
Zeile gefunden : user_pref("CT2801937.serviceLayer_services_translation_lastUpdate", "1387453263586");
Zeile gefunden : user_pref("CT2801937.settingsINI", true);
Zeile gefunden : user_pref("CT2801937.shouldFirstTimeDialog", "false");
Zeile gefunden : user_pref("CT2801937.showToolbarPermission", "false");
Zeile gefunden : user_pref("CT2801937.smartbar.CTID", "CT2801937");
Zeile gefunden : user_pref("CT2801937.smartbar.Uninstall", "0");
Zeile gefunden : user_pref("CT2801937.smartbar.toolbarName", "NCH DE ");
Zeile gefunden : user_pref("CT2801937.startPage", "false");
Zeile gefunden : user_pref("CT2801937.toolbarBornServerTime", "18-11-2012");
Zeile gefunden : user_pref("CT2801937.toolbarCurrentServerTime", "19-12-2013");
Zeile gefunden : user_pref("CT2801937.toolbarLoginClientTime", "Sat Jun 01 2013 16:16:03 GMT+0200");
Zeile gefunden : user_pref("CT2801937.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Zeile gefunden : user_pref("CT2801937_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387453136389,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Zeile gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Zeile gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Zeile gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jul 27 2010 09:11:53 GMT+0200");
Zeile gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
Zeile gefunden : user_pref("browser.search.defaultenginename", "NCH DE Customized Web Search");
Zeile gefunden : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}");
Zeile gefunden : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Zeile gefunden : user_pref("extensions.asktb.abar-war-timeout", "4000");
Zeile gefunden : user_pref("extensions.asktb.cbid", "^AAA");
Zeile gefunden : user_pref("extensions.asktb.config-updated", true);
Zeile gefunden : user_pref("extensions.asktb.crumb", "2011.08.08+01.23.42-toolbar001iad-DE-RXNjaGJvcm4sR2VybWFueQ%3D%3D");
Zeile gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar");
Zeile gefunden : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Zeile gefunden : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Zeile gefunden : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX3268");
Zeile gefunden : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Zeile gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
Zeile gefunden : user_pref("extensions.asktb.first-launch-url", "hxxp://www.piriform.com/ccleaner/update?v=2.36.1233&l=1031");
Zeile gefunden : user_pref("extensions.asktb.first-restart-after-config-update", true);
Zeile gefunden : user_pref("extensions.asktb.fresh-install", false);
Zeile gefunden : user_pref("extensions.asktb.guid", "8e284242-30a3-4c3c-b7f3-7774ec3caf3b");
Zeile gefunden : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Zeile gefunden : user_pref("extensions.asktb.if", "first");
Zeile gefunden : user_pref("extensions.asktb.l", "dis");
Zeile gefunden : user_pref("extensions.asktb.last-config-req", "1318638129785");
Zeile gefunden : user_pref("extensions.asktb.locale", "de_DE");
Zeile gefunden : user_pref("extensions.asktb.location", "Eschborn,Germany");
Zeile gefunden : user_pref("extensions.asktb.o", "1586");
Zeile gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Zeile gefunden : user_pref("extensions.asktb.qsrc", "2871");
Zeile gefunden : user_pref("extensions.asktb.r", "4");
Zeile gefunden : user_pref("extensions.asktb.sa", "YES");
Zeile gefunden : user_pref("extensions.asktb.saguid", "4157D447-68F3-482C-A260-D87C26D2C9CF");
Zeile gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Zeile gefunden : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Zeile gefunden : user_pref("extensions.asktb.socialmini-first", true);
Zeile gefunden : user_pref("extensions.asktb.socialmini-interval", "1200000");
Zeile gefunden : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Zeile gefunden : user_pref("extensions.asktb.socialmini-max-items", "30");
Zeile gefunden : user_pref("extensions.asktb.socialmini-native-on", true);
Zeile gefunden : user_pref("extensions.asktb.socialmini-speed", "5000");
Zeile gefunden : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Zeile gefunden : user_pref("extensions.asktb.themeid", "");
Zeile gefunden : user_pref("extensions.asktb.to", "");
Zeile gefunden : user_pref("extensions.asktb.v", "3.12.5.100006");
Zeile gefunden : user_pref("extensions.asktb.version", "5.12.5.17640");
Zeile gefunden : user_pref("smartbar.machineId", "XVWEK0ER2IZ7OOPVXWO8Y2RE6RZ7QDL1XQKVWV07QZW/VV/6VK/RJAR4MGN+RD8IUVFTUWSWOFW+ONZKLBOOEA");
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [50718 octets] - [20/12/2013 23:49:53]
########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [50779 octets] ##########
</code> <code>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows Vista (TM) Home Premium x86 Ran by Admin on 21.12.2013 at 10:08:44,04 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DB9733F3-39C3-43BD-A7AA-278EFF59C77F} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Folder] "C:\ProgramData\freerip" Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader" Successfully deleted: [Folder] "C:\Users\Admin\appdata\local\cre" Successfully deleted: [Folder] "C:\Program Files\freerip3" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader" ~~~ FireFox Successfully deleted: [File] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\a9fjsumn.default\extensions\toolbar_avira-v7@apn.ask.com.xpi Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\a9fjsumn.default\minidumps [5 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21.12.2013 at 10:12:00,08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ </code> <code> FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by Admin (administrator) on GUIDO-PC on 21-12-2013 10:27:06
Running from C:\Firefox Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
() C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
() C:\Program Files\Bamboo Dock\BambooCore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Users\Admin\Downloads\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Tobit.Software) C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Dropbox, Inc.) C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Realtek Semiconductor Corp.) C:\Users\Guido\AppData\Local\temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2008-01-24] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712 2007-11-22] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2008-01-24] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WarReg_PopUp] - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [PLFSet] - rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
HKLM\...\Run: [UIExec] - C:\Program Files\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] ()
HKLM\...\Run: [BambooCore] - C:\Program Files\Bamboo Dock\BambooCore.exe [646232 2011-10-10] ()
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [EaseUS EPM tray] - C:\Users\Admin\Downloads\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2008-01-24] (Realtek Semiconductor Corp.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [4324120 2013-11-22] (Piriform Ltd)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\ACER\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\ACER\run_NB.exe [ 2007-08-21] ()
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {D74A3892-F57E-480B-8501-3A03683A21BD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: www.ecosia.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Ecosia (eco-friendly search engine) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
FF Extension: preisspion.de - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\finder@meingutscheincode.de.xpi
FF Extension: Ask Toolbar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\toolbar_SGT-V7@apn.ask.com.xpi
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0
CHR Extension: (Skype Click to Call) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-11-07] (APN LLC.)
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] ()
R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3673944 2011-11-18] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
S3 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2013-03-07] ()
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 mod7700; C:\Windows\System32\Drivers\mod7700.sys [596352 2008-06-11] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-10-19] (DiBcom S.A.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-17] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2008-01-24] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-21 10:12 - 2013-12-21 10:12 - 00001838 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-21 10:08 - 2013-12-21 10:08 - 00000000 ____D C:\Windows\ERUNT
2013-12-21 10:06 - 2013-12-21 10:06 - 01034531 _____ (Thisisu) C:\Users\Guido\Desktop\JRT.exe
2013-12-21 00:23 - 2013-12-21 00:23 - 00050858 _____ C:\Users\Guido\Desktop\AdwCleaner[R0].txt
2013-12-21 00:21 - 2013-12-21 00:21 - 00001657 _____ C:\Users\Admin\Desktop\AdwCleaner[R1].txt
2013-12-21 00:16 - 2013-12-21 00:16 - 01226750 _____ C:\Users\Guido\Desktop\adwcleaner.exe
2013-12-21 00:06 - 2013-12-21 00:06 - 00328048 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-20 23:49 - 2013-12-21 00:18 - 00000000 ____D C:\AdwCleaner
2013-12-20 22:33 - 2013-12-20 22:33 - 00059580 _____ C:\Users\Guido\Documents\Trojaner-Board-Anleitung.odt
2013-12-20 18:13 - 2013-12-20 18:13 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-20 14:33 - 2013-12-21 00:12 - 00000000 ____D C:\Users\Guido\AppData\Local\Mozilla Firefox
2013-12-20 09:16 - 2013-12-20 09:16 - 00035521 _____ C:\ComboFix.txt
2013-12-20 08:59 - 2013-12-20 09:16 - 00000000 ____D C:\Qoobox
2013-12-20 08:59 - 2013-12-20 09:16 - 00000000 ____D C:\ComboFix
2013-12-20 08:59 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-20 08:59 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-20 08:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-20 08:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-20 08:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-20 08:59 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-20 08:59 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-20 08:59 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-20 08:51 - 2013-12-20 08:52 - 05154906 ____R (Swearware) C:\Users\Guido\Desktop\ComboFix.exe
2013-12-19 20:41 - 2013-12-19 20:41 - 00027243 _____ C:\Users\Guido\Desktop\Trojaner-Board.odt
2013-12-19 20:39 - 2013-12-19 20:39 - 00000020 _____ C:\Users\Admin\defogger_reenable
2013-12-19 20:34 - 2013-12-19 20:34 - 00038766 _____ C:\Users\Guido\Desktop\FRST.txt
2013-12-19 20:33 - 2013-12-19 20:33 - 00026151 _____ C:\Users\Guido\Desktop\Addition.txt
2013-12-19 20:32 - 2013-12-21 00:26 - 00038435 _____ C:\Users\Admin\Desktop\FRST.txt
2013-12-19 20:31 - 2013-12-19 20:31 - 00026151 _____ C:\Users\Admin\Desktop\Addition.txt
2013-12-19 20:21 - 2013-12-19 20:21 - 00040404 _____ C:\Users\Guido\Desktop\Gmer.txt
2013-12-19 19:48 - 2013-12-21 00:25 - 00000000 ____D C:\FRST
2013-12-19 11:04 - 2013-12-19 11:04 - 00000000 ____D C:\Users\Admin\AppData\Local\AskPartnerNetwork
2013-12-18 14:14 - 2013-12-19 10:49 - 00009352 _____ C:\Users\Guido\Desktop\Zugangsdaten.odt
2013-12-17 21:26 - 2013-12-18 14:15 - 00008799 _____ C:\Users\Guido\Desktop\Silvester Liederliste.odt
2013-12-15 13:57 - 2013-12-15 13:58 - 555514226 _____ C:\Users\Guido\Desktop\Pascal Schumacher Quartet live - XIX Festiwal Jazz na Starówce 2013.mp4
2013-12-13 08:10 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 08:10 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 08:10 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-13 08:10 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 08:10 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-13 08:10 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-13 08:10 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 08:10 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-13 08:10 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 08:10 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-13 08:10 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 08:10 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 08:09 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 08:09 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 08:09 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 08:09 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 08:56 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 08:56 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 08:56 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 08:56 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 08:56 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 08:56 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 08:56 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 08:56 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-12 08:56 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 08:56 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-08 13:51 - 2013-12-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-02 09:04 - 2013-12-02 09:04 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-11-29 10:16 - 2013-12-06 10:16 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-29 10:16 - 2013-11-29 10:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-27 11:39 - 2013-11-27 11:39 - 00008988 _____ C:\Users\Guido\Desktop\Adecco.odt
2013-11-24 10:32 - 2013-11-24 10:40 - 00000000 ____D C:\Users\Guido\Desktop\Boney M
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-22 12:39 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-22 12:38 - 2013-11-22 12:38 - 00004874 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-11-22 12:38 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-22 12:38 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-22 12:38 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
==================== One Month Modified Files and Folders =======
2013-12-21 10:27 - 2011-07-28 10:50 - 00000000 ___RD C:\Users\Guido\Dropbox
2013-12-21 10:27 - 2011-07-28 10:48 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Dropbox
2013-12-21 10:27 - 2010-01-14 17:19 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Skype
2013-12-21 10:27 - 2008-01-21 08:16 - 00006626 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-21 10:24 - 2012-10-10 14:31 - 01637215 _____ C:\Windows\WindowsUpdate.log
2013-12-21 10:21 - 2010-02-22 09:15 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-21 10:21 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-21 10:21 - 2006-11-02 13:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-21 10:21 - 2006-11-02 13:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-21 10:19 - 2006-11-02 14:01 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-21 10:15 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-21 10:12 - 2013-12-21 10:12 - 00001838 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-21 10:08 - 2013-12-21 10:08 - 00000000 ____D C:\Windows\ERUNT
2013-12-21 10:06 - 2013-12-21 10:06 - 01034531 _____ (Thisisu) C:\Users\Guido\Desktop\JRT.exe
2013-12-21 00:26 - 2013-12-19 20:32 - 00038435 _____ C:\Users\Admin\Desktop\FRST.txt
2013-12-21 00:25 - 2013-12-19 19:48 - 00000000 ____D C:\FRST
2013-12-21 00:23 - 2013-12-21 00:23 - 00050858 _____ C:\Users\Guido\Desktop\AdwCleaner[R0].txt
2013-12-21 00:21 - 2013-12-21 00:21 - 00001657 _____ C:\Users\Admin\Desktop\AdwCleaner[R1].txt
2013-12-21 00:18 - 2013-12-20 23:49 - 00000000 ____D C:\AdwCleaner
2013-12-21 00:16 - 2013-12-21 00:16 - 01226750 _____ C:\Users\Guido\Desktop\adwcleaner.exe
2013-12-21 00:12 - 2013-12-20 14:33 - 00000000 ____D C:\Users\Guido\AppData\Local\Mozilla Firefox
2013-12-21 00:06 - 2013-12-21 00:06 - 00328048 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-20 23:12 - 2012-04-04 12:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-20 23:12 - 2010-02-22 09:15 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-20 22:33 - 2013-12-20 22:33 - 00059580 _____ C:\Users\Guido\Documents\Trojaner-Board-Anleitung.odt
2013-12-20 21:38 - 2013-05-01 14:10 - 00000000 ____D C:\Users\Guido\Documents\Anki
2013-12-20 18:13 - 2013-12-20 18:13 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-20 18:13 - 2010-02-05 17:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-20 13:36 - 2010-08-10 11:41 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2013-12-20 13:36 - 2010-01-29 18:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-20 09:16 - 2013-12-20 09:16 - 00035521 _____ C:\ComboFix.txt
2013-12-20 09:16 - 2013-12-20 08:59 - 00000000 ____D C:\Qoobox
2013-12-20 09:16 - 2013-12-20 08:59 - 00000000 ____D C:\ComboFix
2013-12-20 09:14 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-12-20 08:59 - 2010-02-24 21:02 - 00000000 ____D C:\Windows\ERDNT
2013-12-20 08:52 - 2013-12-20 08:51 - 05154906 ____R (Swearware) C:\Users\Guido\Desktop\ComboFix.exe
2013-12-19 20:41 - 2013-12-19 20:41 - 00027243 _____ C:\Users\Guido\Desktop\Trojaner-Board.odt
2013-12-19 20:39 - 2013-12-19 20:39 - 00000020 _____ C:\Users\Admin\defogger_reenable
2013-12-19 20:39 - 2010-01-14 22:00 - 00000000 ____D C:\Users\Admin
2013-12-19 20:34 - 2013-12-19 20:34 - 00038766 _____ C:\Users\Guido\Desktop\FRST.txt
2013-12-19 20:33 - 2013-12-19 20:33 - 00026151 _____ C:\Users\Guido\Desktop\Addition.txt
2013-12-19 20:31 - 2013-12-19 20:31 - 00026151 _____ C:\Users\Admin\Desktop\Addition.txt
2013-12-19 20:25 - 2010-01-30 17:29 - 00007620 _____ C:\Users\Admin\AppData\Local\d3d9caps.dat
2013-12-19 20:21 - 2013-12-19 20:21 - 00040404 _____ C:\Users\Guido\Desktop\Gmer.txt
2013-12-19 12:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Speech
2013-12-19 12:18 - 2011-01-03 18:04 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-12-19 11:09 - 2010-01-14 21:17 - 00000000 ____D C:\Program Files\CCleaner
2013-12-19 11:07 - 2010-01-14 16:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-19 11:04 - 2013-12-19 11:04 - 00000000 ____D C:\Users\Admin\AppData\Local\AskPartnerNetwork
2013-12-19 10:49 - 2013-12-18 14:14 - 00009352 _____ C:\Users\Guido\Desktop\Zugangsdaten.odt
2013-12-18 14:15 - 2013-12-17 21:26 - 00008799 _____ C:\Users\Guido\Desktop\Silvester Liederliste.odt
2013-12-17 18:56 - 2010-04-29 16:25 - 00017408 _____ C:\Users\Guido\AppData\Local\WebpageIcons.db
2013-12-17 13:42 - 2013-08-05 14:21 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 13:42 - 2013-08-05 14:21 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-16 03:00 - 2010-02-19 19:05 - 00007620 _____ C:\Users\Guido\AppData\Local\d3d9caps.dat
2013-12-15 13:58 - 2013-12-15 13:57 - 555514226 _____ C:\Users\Guido\Desktop\Pascal Schumacher Quartet live - XIX Festiwal Jazz na Starówce 2013.mp4
2013-12-13 08:23 - 2010-01-11 15:58 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-13 08:20 - 2008-03-25 15:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-13 08:16 - 2013-08-02 15:12 - 00000000 ____D C:\Windows\system32\MRT
2013-12-13 08:12 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-11 19:12 - 2012-04-04 12:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 19:12 - 2011-05-20 07:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 18:54 - 2010-01-14 17:35 - 00000000 ____D C:\Program Files\Google
2013-12-09 16:07 - 2011-07-14 16:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Foxit Software
2013-12-08 13:53 - 2010-01-14 15:34 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Adobe
2013-12-08 13:52 - 2010-03-24 16:05 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-12-08 13:51 - 2013-12-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-08 13:51 - 2010-12-20 23:17 - 00000000 ____D C:\Program Files\Adobe
2013-12-08 13:51 - 2008-03-25 15:09 - 00000000 ____D C:\ProgramData\Adobe
2013-12-07 17:32 - 2013-10-13 16:54 - 00000000 ____D C:\Users\Guido\Desktop\Webseite
2013-12-07 17:23 - 2013-09-24 13:21 - 00000000 ____D C:\Users\Guido\AppData\Local\Paint.NET
2013-12-06 10:16 - 2013-11-29 10:16 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-12-04 13:05 - 2011-07-08 09:38 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Foxit Software
2013-12-02 12:38 - 2010-01-14 17:19 - 00000000 ___RD C:\Program Files\Skype
2013-12-02 12:38 - 2010-01-14 17:19 - 00000000 ____D C:\ProgramData\Skype
2013-12-02 09:04 - 2013-12-02 09:04 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-02 08:34 - 2012-05-13 15:16 - 00000000 ____D C:\Users\Guido\Documents\SelfMV
2013-11-30 18:45 - 2013-08-05 14:21 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-29 10:35 - 2013-11-02 14:43 - 00007934 _____ C:\Users\Guido\Desktop\Wohnungsanzeigen.odt
2013-11-29 10:16 - 2013-11-29 10:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-27 11:39 - 2013-11-27 11:39 - 00008988 _____ C:\Users\Guido\Desktop\Adecco.odt
2013-11-24 10:40 - 2013-11-24 10:32 - 00000000 ____D C:\Users\Guido\Desktop\Boney M
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-22 12:38 - 2013-11-22 12:38 - 00004874 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-11-22 12:38 - 2010-01-14 17:00 - 00000000 ____D C:\Program Files\Java
Files to move or delete:
====================
C:\Users\Admin\BackupResult.DAT
C:\Users\Admin\HiJackThis204.exe
C:\Users\Admin\SCHDLR.DAT
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\temp\avgnt.exe
C:\Users\Admin\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Guido\AppData\Local\temp\avgnt.exe
C:\Users\Guido\AppData\Local\temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-21 10:27
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- </code> |
|
22.12.2013, 06:41
| #6 |
| /// the machine /// TB-Ausbilder | Spybot meldet: Win32.Downloader.gen - Maleware CESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Spybot meldet: Win32.Downloader.gen - Maleware C |
|
22.12.2013, 17:33
| #7 |
| | Spybot meldet: Win32.Downloader.gen - Maleware C Hi, hier die nächsten Logs, nun scheint alles wieder sauber zu sein, oder? Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cf2c04dcb2d6024f9390dd9a7d807e2d
# engine=16364
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-22 04:06:06
# local_time=2013-12-22 05:06:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 95 25151 158399671 17889 0
# compatibility_mode=5892 16776574 100 100 203056 225261094 0 0
# scanned=258881
# found=0
# cleaned=0
# scan_time=7491
Code:
ATTFilter Results of screen317's Security Check version 0.99.77 Windows Vista Service Pack 2 x86 Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java(TM) 6 Update 35 Java 7 Update 45 Adobe Flash Player 11.9.900.170 Adobe Reader XI Mozilla Firefox 11.0 Firefox out of Date! Mozilla Thunderbird (3.1.6) Thunderbird out of Date! Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe system32 FirewallControlPanel.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2013
Ran by Guido (ATTENTION: The logged in user is not administrator) on GUIDO-PC on 22-12-2013 17:25:15
Running from C:\Firefox Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
() C:\Program Files\Bamboo Dock\BambooCore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Users\Admin\Downloads\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Tobit.Software) C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Dropbox, Inc.) C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Realtek Semiconductor Corp.) C:\Users\Guido\AppData\Local\temp\RtkBtMnt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
() D:\Dateien\Anki\anki.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2008-01-24] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712 2007-11-22] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2008-01-24] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WarReg_PopUp] - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [PLFSet] - rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
HKLM\...\Run: [UIExec] - C:\Program Files\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] ()
HKLM\...\Run: [BambooCore] - C:\Program Files\Bamboo Dock\BambooCore.exe [646232 2011-10-10] ()
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [EaseUS EPM tray] - C:\Users\Admin\Downloads\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2008-01-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [EPSON Stylus DX7400 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_S2006.tmp" /EF "HKCU"
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [RfxSrvTray] - C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe [1851224 2011-07-28] (Tobit.Software)
HKCU\...\Run: [PMCRemote] - [x]
HKCU\...\Run: [PMCLoader] - C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
HKCU\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [FastFox] - "C:\Users\Guido\AppData\Roaming\NCH Software\Program Files\FastFox\fastfox.exe" -logon
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [openvpntray.EXE] - C:\Users\Guido\AppData\Roaming\Hotspot Shield\bin\openvpntray.EXE -nonadmin
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
MountPoints2: {364e5c01-291c-11df-a562-001e686aee40} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe
MountPoints2: {3cc935a5-9c26-11e0-9d59-a09ee25c0884} - H:\setup.exe
MountPoints2: {a36fc4be-d2aa-11df-abf2-001e686aee40} - G:\Get_Started_for_Win.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {2331FCD7-3001-4E7B-BFC8-7F30B870149E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {6434ACFB-2A3E-4340-A578-BB8922089BBD} URL = hxxp://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No File
Toolbar: HKCU - No Name - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default
FF Homepage: hxxp://www.ecosia.org/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Guido\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF SearchPlugin: C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: ProxTube - Unblock YouTube - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\Extensions\ich@maltegoetz.de
FF Extension: Ecosia (eco-friendly search engine) - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
FF Extension: Firebug - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: Firepicker - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\Extensions\firepicker@thedarkone.xpi
FF Extension: Rainbow - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\Extensions\rainbow@colors.org.xpi
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Adblock Plus - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Download Statusbar - C:\Users\Guido\AppData\Roaming\Mozilla\Firefox\Profiles\pddsqboq.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
Chrome:
=======
CHR DefaultSearchKeyword: google.co.th
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (Docs) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Skype Click to Call) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (ProxTube) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.3_0
CHR Extension: (Gmail) - C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3673944 2011-11-18] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
S3 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2013-03-07] ()
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 mod7700; C:\Windows\System32\Drivers\mod7700.sys [596352 2008-06-11] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-10-19] (DiBcom S.A.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-17] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2008-01-24] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-22 17:19 - 2013-12-22 17:19 - 00891200 _____ C:\Users\Guido\Desktop\SecurityCheck.exe
2013-12-22 14:59 - 2013-12-22 14:59 - 00000000 ____D C:\Program Files\ESET
2013-12-21 22:28 - 2013-12-21 22:34 - 00020780 _____ C:\Users\Guido\Desktop\Text Sitzgruppe Köln.odt
2013-12-21 20:27 - 2013-12-21 20:29 - 00000000 ____D C:\Users\Guido\AppData\Roaming\NCH Software
2013-12-21 20:27 - 2013-12-21 20:27 - 00000939 _____ C:\Users\Public\Desktop\Express Dictate.lnk
2013-12-21 20:27 - 2013-12-21 20:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\NCH Software
2013-12-21 20:27 - 2013-12-21 20:27 - 00000000 ____D C:\Program Files\NCH Software
2013-12-21 20:18 - 2013-12-21 20:18 - 00000763 _____ C:\Users\Public\Desktop\f4_2012.lnk
2013-12-21 20:09 - 2013-12-21 20:09 - 00000000 ____D C:\Program Files\f4_2012
2013-12-21 18:29 - 2013-12-21 18:29 - 00000000 ____D C:\ProgramData\APN
2013-12-21 16:06 - 2013-12-21 16:06 - 00076800 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-12-21 10:12 - 2013-12-21 10:12 - 00001838 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-21 10:08 - 2013-12-21 10:08 - 00000000 ____D C:\Windows\ERUNT
2013-12-21 10:06 - 2013-12-21 10:06 - 01034531 _____ (Thisisu) C:\Users\Guido\Desktop\JRT.exe
2013-12-21 00:23 - 2013-12-21 00:23 - 00050858 _____ C:\Users\Guido\Desktop\AdwCleaner[R0].txt
2013-12-21 00:21 - 2013-12-21 00:21 - 00001657 _____ C:\Users\Admin\Desktop\AdwCleaner[R1].txt
2013-12-21 00:16 - 2013-12-21 00:16 - 01226750 _____ C:\Users\Guido\Desktop\adwcleaner.exe
2013-12-21 00:06 - 2013-12-21 00:06 - 00328048 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-20 23:49 - 2013-12-21 00:18 - 00000000 ____D C:\AdwCleaner
2013-12-20 22:33 - 2013-12-20 22:33 - 00059580 _____ C:\Users\Guido\Documents\Trojaner-Board-Anleitung.odt
2013-12-20 18:13 - 2013-12-20 18:13 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-20 14:33 - 2013-12-21 00:12 - 00000000 ____D C:\Users\Guido\AppData\Local\Mozilla Firefox
2013-12-20 09:16 - 2013-12-20 09:16 - 00035521 _____ C:\ComboFix.txt
2013-12-20 08:59 - 2013-12-20 09:16 - 00000000 ____D C:\Qoobox
2013-12-20 08:59 - 2013-12-20 09:16 - 00000000 ____D C:\ComboFix
2013-12-20 08:59 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-20 08:59 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-20 08:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-20 08:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-20 08:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-20 08:59 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-20 08:59 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-20 08:59 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-20 08:51 - 2013-12-20 08:52 - 05154906 ____R (Swearware) C:\Users\Guido\Desktop\ComboFix.exe
2013-12-19 20:41 - 2013-12-19 20:41 - 00027243 _____ C:\Users\Guido\Desktop\Trojaner-Board.odt
2013-12-19 20:39 - 2013-12-19 20:39 - 00000020 _____ C:\Users\Admin\defogger_reenable
2013-12-19 20:34 - 2013-12-21 10:30 - 00037858 _____ C:\Users\Guido\Desktop\FRST.txt
2013-12-19 20:33 - 2013-12-19 20:33 - 00026151 _____ C:\Users\Guido\Desktop\Addition.txt
2013-12-19 20:32 - 2013-12-21 00:26 - 00038435 _____ C:\Users\Admin\Desktop\FRST.txt
2013-12-19 20:31 - 2013-12-19 20:31 - 00026151 _____ C:\Users\Admin\Desktop\Addition.txt
2013-12-19 20:21 - 2013-12-19 20:21 - 00040404 _____ C:\Users\Guido\Desktop\Gmer.txt
2013-12-19 19:48 - 2013-12-22 17:25 - 00000000 ____D C:\FRST
2013-12-19 11:04 - 2013-12-19 11:04 - 00000000 ____D C:\Users\Admin\AppData\Local\AskPartnerNetwork
2013-12-18 14:14 - 2013-12-19 10:49 - 00009352 _____ C:\Users\Guido\Desktop\Zugangsdaten.odt
2013-12-17 21:26 - 2013-12-18 14:15 - 00008799 _____ C:\Users\Guido\Desktop\Silvester Liederliste.odt
2013-12-15 13:57 - 2013-12-15 13:58 - 555514226 _____ C:\Users\Guido\Desktop\Pascal Schumacher Quartet live - XIX Festiwal Jazz na Starówce 2013.mp4
2013-12-13 08:10 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 08:10 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 08:10 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-13 08:10 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 08:10 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-13 08:10 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-13 08:10 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 08:10 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-13 08:10 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 08:10 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-13 08:10 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 08:10 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 08:09 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 08:09 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 08:09 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 08:09 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 08:56 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 08:56 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 08:56 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 08:56 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 08:56 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 08:56 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 08:56 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 08:56 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-12 08:56 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 08:56 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-08 13:51 - 2013-12-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-02 09:04 - 2013-12-02 09:04 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-11-29 10:16 - 2013-12-06 10:16 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-29 10:16 - 2013-11-29 10:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-27 11:39 - 2013-11-27 11:39 - 00008988 _____ C:\Users\Guido\Desktop\Adecco.odt
2013-11-24 10:32 - 2013-11-24 10:40 - 00000000 ____D C:\Users\Guido\Desktop\Boney M
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-22 12:39 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-22 12:38 - 2013-11-22 12:38 - 00004874 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-11-22 12:38 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-22 12:38 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-22 12:38 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
==================== One Month Modified Files and Folders =======
2013-12-22 17:25 - 2013-12-19 19:48 - 00000000 ____D C:\FRST
2013-12-22 17:19 - 2013-12-22 17:19 - 00891200 _____ C:\Users\Guido\Desktop\SecurityCheck.exe
2013-12-22 17:17 - 2012-10-10 14:31 - 01767897 _____ C:\Windows\WindowsUpdate.log
2013-12-22 17:00 - 2006-11-02 13:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 17:00 - 2006-11-02 13:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 14:59 - 2013-12-22 14:59 - 00000000 ____D C:\Program Files\ESET
2013-12-22 14:53 - 2012-03-10 11:42 - 00000000 ____D C:\Users\Guido\Documents\DVDVideoSoft
2013-12-22 14:53 - 2010-12-04 16:51 - 00000000 ____D C:\Users\Guido\AppData\Roaming\DVDVideoSoft
2013-12-22 13:16 - 2008-01-21 08:16 - 00006626 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-22 11:25 - 2010-01-14 17:19 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Skype
2013-12-22 11:12 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-22 11:03 - 2011-07-28 10:50 - 00000000 ___RD C:\Users\Guido\Dropbox
2013-12-22 11:03 - 2011-07-28 10:48 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Dropbox
2013-12-22 11:01 - 2010-02-22 09:15 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 11:00 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-21 23:02 - 2006-11-02 14:01 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-21 22:34 - 2013-12-21 22:28 - 00020780 _____ C:\Users\Guido\Desktop\Text Sitzgruppe Köln.odt
2013-12-21 20:29 - 2013-12-21 20:27 - 00000000 ____D C:\Users\Guido\AppData\Roaming\NCH Software
2013-12-21 20:27 - 2013-12-21 20:27 - 00000939 _____ C:\Users\Public\Desktop\Express Dictate.lnk
2013-12-21 20:27 - 2013-12-21 20:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\NCH Software
2013-12-21 20:27 - 2013-12-21 20:27 - 00000000 ____D C:\Program Files\NCH Software
2013-12-21 20:20 - 2012-10-10 15:06 - 00000000 ____D C:\Users\Guido\AppData\Roaming\F4
2013-12-21 20:18 - 2013-12-21 20:18 - 00000763 _____ C:\Users\Public\Desktop\f4_2012.lnk
2013-12-21 20:09 - 2013-12-21 20:09 - 00000000 ____D C:\Program Files\f4_2012
2013-12-21 20:02 - 2010-04-29 16:25 - 00017408 _____ C:\Users\Guido\AppData\Local\WebpageIcons.db
2013-12-21 19:49 - 2013-05-01 14:10 - 00000000 ____D C:\Users\Guido\Documents\Anki
2013-12-21 18:29 - 2013-12-21 18:29 - 00000000 ____D C:\ProgramData\APN
2013-12-21 16:06 - 2013-12-21 16:06 - 00076800 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-12-21 10:30 - 2013-12-19 20:34 - 00037858 _____ C:\Users\Guido\Desktop\FRST.txt
2013-12-21 10:12 - 2013-12-21 10:12 - 00001838 _____ C:\Users\Guido\Desktop\JRT.txt
2013-12-21 10:08 - 2013-12-21 10:08 - 00000000 ____D C:\Windows\ERUNT
2013-12-21 10:06 - 2013-12-21 10:06 - 01034531 _____ (Thisisu) C:\Users\Guido\Desktop\JRT.exe
2013-12-21 00:26 - 2013-12-19 20:32 - 00038435 _____ C:\Users\Admin\Desktop\FRST.txt
2013-12-21 00:23 - 2013-12-21 00:23 - 00050858 _____ C:\Users\Guido\Desktop\AdwCleaner[R0].txt
2013-12-21 00:21 - 2013-12-21 00:21 - 00001657 _____ C:\Users\Admin\Desktop\AdwCleaner[R1].txt
2013-12-21 00:18 - 2013-12-20 23:49 - 00000000 ____D C:\AdwCleaner
2013-12-21 00:16 - 2013-12-21 00:16 - 01226750 _____ C:\Users\Guido\Desktop\adwcleaner.exe
2013-12-21 00:12 - 2013-12-20 14:33 - 00000000 ____D C:\Users\Guido\AppData\Local\Mozilla Firefox
2013-12-21 00:06 - 2013-12-21 00:06 - 00328048 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-20 23:12 - 2012-04-04 12:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-20 23:12 - 2010-02-22 09:15 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-20 22:33 - 2013-12-20 22:33 - 00059580 _____ C:\Users\Guido\Documents\Trojaner-Board-Anleitung.odt
2013-12-20 18:13 - 2013-12-20 18:13 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-20 18:13 - 2010-02-05 17:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-20 13:36 - 2010-08-10 11:41 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2013-12-20 13:36 - 2010-01-29 18:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-20 09:16 - 2013-12-20 09:16 - 00035521 _____ C:\ComboFix.txt
2013-12-20 09:16 - 2013-12-20 08:59 - 00000000 ____D C:\Qoobox
2013-12-20 09:16 - 2013-12-20 08:59 - 00000000 ____D C:\ComboFix
2013-12-20 09:14 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-12-20 08:59 - 2010-02-24 21:02 - 00000000 ____D C:\Windows\ERDNT
2013-12-20 08:52 - 2013-12-20 08:51 - 05154906 ____R (Swearware) C:\Users\Guido\Desktop\ComboFix.exe
2013-12-19 20:41 - 2013-12-19 20:41 - 00027243 _____ C:\Users\Guido\Desktop\Trojaner-Board.odt
2013-12-19 20:39 - 2013-12-19 20:39 - 00000020 _____ C:\Users\Admin\defogger_reenable
2013-12-19 20:39 - 2010-01-14 22:00 - 00000000 ____D C:\Users\Admin
2013-12-19 20:33 - 2013-12-19 20:33 - 00026151 _____ C:\Users\Guido\Desktop\Addition.txt
2013-12-19 20:31 - 2013-12-19 20:31 - 00026151 _____ C:\Users\Admin\Desktop\Addition.txt
2013-12-19 20:25 - 2010-01-30 17:29 - 00007620 _____ C:\Users\Admin\AppData\Local\d3d9caps.dat
2013-12-19 20:21 - 2013-12-19 20:21 - 00040404 _____ C:\Users\Guido\Desktop\Gmer.txt
2013-12-19 12:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Speech
2013-12-19 12:18 - 2011-01-03 18:04 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-12-19 11:09 - 2010-01-14 21:17 - 00000000 ____D C:\Program Files\CCleaner
2013-12-19 11:07 - 2010-01-14 16:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-19 11:04 - 2013-12-19 11:04 - 00000000 ____D C:\Users\Admin\AppData\Local\AskPartnerNetwork
2013-12-19 10:49 - 2013-12-18 14:14 - 00009352 _____ C:\Users\Guido\Desktop\Zugangsdaten.odt
2013-12-18 14:15 - 2013-12-17 21:26 - 00008799 _____ C:\Users\Guido\Desktop\Silvester Liederliste.odt
2013-12-17 13:42 - 2013-08-05 14:21 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 13:42 - 2013-08-05 14:21 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-16 03:00 - 2010-02-19 19:05 - 00007620 _____ C:\Users\Guido\AppData\Local\d3d9caps.dat
2013-12-15 13:58 - 2013-12-15 13:57 - 555514226 _____ C:\Users\Guido\Desktop\Pascal Schumacher Quartet live - XIX Festiwal Jazz na Starówce 2013.mp4
2013-12-13 08:23 - 2010-01-11 15:58 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-13 08:20 - 2008-03-25 15:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-13 08:16 - 2013-08-02 15:12 - 00000000 ____D C:\Windows\system32\MRT
2013-12-13 08:12 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-11 19:12 - 2012-04-04 12:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 19:12 - 2011-05-20 07:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 18:54 - 2010-01-14 17:35 - 00000000 ____D C:\Program Files\Google
2013-12-09 16:07 - 2011-07-14 16:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Foxit Software
2013-12-08 13:53 - 2010-01-14 15:34 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Adobe
2013-12-08 13:52 - 2010-03-24 16:05 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-12-08 13:51 - 2013-12-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-08 13:51 - 2010-12-20 23:17 - 00000000 ____D C:\Program Files\Adobe
2013-12-08 13:51 - 2008-03-25 15:09 - 00000000 ____D C:\ProgramData\Adobe
2013-12-07 17:32 - 2013-10-13 16:54 - 00000000 ____D C:\Users\Guido\Desktop\Webseite
2013-12-07 17:23 - 2013-09-24 13:21 - 00000000 ____D C:\Users\Guido\AppData\Local\Paint.NET
2013-12-06 10:16 - 2013-11-29 10:16 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-12-04 13:05 - 2011-07-08 09:38 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Foxit Software
2013-12-02 12:38 - 2010-01-14 17:19 - 00000000 ___RD C:\Program Files\Skype
2013-12-02 12:38 - 2010-01-14 17:19 - 00000000 ____D C:\ProgramData\Skype
2013-12-02 09:04 - 2013-12-02 09:04 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-02 08:34 - 2012-05-13 15:16 - 00000000 ____D C:\Users\Guido\Documents\SelfMV
2013-11-30 18:45 - 2013-08-05 14:21 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-29 10:35 - 2013-11-02 14:43 - 00007934 _____ C:\Users\Guido\Desktop\Wohnungsanzeigen.odt
2013-11-29 10:16 - 2013-11-29 10:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-27 11:39 - 2013-11-27 11:39 - 00008988 _____ C:\Users\Guido\Desktop\Adecco.odt
2013-11-24 10:40 - 2013-11-24 10:32 - 00000000 ____D C:\Users\Guido\Desktop\Boney M
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-22 12:38 - 2013-11-22 12:38 - 00004874 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-11-22 12:38 - 2010-01-14 17:00 - 00000000 ____D C:\Program Files\Java
Files to move or delete:
====================
C:\Users\Admin\BackupResult.DAT
C:\Users\Admin\HiJackThis204.exe
C:\Users\Admin\SCHDLR.DAT
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\temp\avgnt.exe
C:\Users\Admin\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Guido\AppData\Local\temp\avgnt.exe
C:\Users\Guido\AppData\Local\temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- |
|
23.12.2013, 09:29
| #8 |
| /// the machine /// TB-Ausbilder | Spybot meldet: Win32.Downloader.gen - Maleware C Fertig Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Spybot meldet: Win32.Downloader.gen - Maleware C |
| 0x8007042, 4d36e972-e325-11ce-bfc1-08002be10318, avira, branding, chromium, classpnp.sys, continue, converter, desktop, device driver, flash player, google, hal.dll, homepage, icreinstall, maleware, mipony, ntdll.dll, plug-in, programm, pup.optional.conduit, pup.optional.conduit.a, pup.optional.delta.a, pup.optional.iminent.a, pup.optional.opencandy, pup.optional.pcspeedup.a, pup.optional.spigot.a, required, safer networking, security, software, speedchecker, starten, svchost.exe, system, tr/trash.gen, windows, windows xp |
WARNUNG an die MITLESER: 
Linear-Darstellung
