Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   startfenster.com nach VLC-Player Download (https://www.trojaner-board.de/124273-startfenster-com-vlc-player-download.html)

Norb11 18.09.2012 17:50
startfenster.com nach VLC-Player Download
 
Hallo an alle,
ich hoffe, dass ihr mir helfen könnt. Das wäre echt super! =)
Ich bin neu hier und habe mir startfenster.com eingefangen, nachdem ich den VLC-Player installiert habe. Den VLC-Player habe ich blöderweise bei vlc.de runtergeladen. Ich wusste nicht, dass dies nicht die richtige Seite ist.
Ich habe den VLC-Player auch gleich wieder deinstalliert. Vielleicht hilft das.

Nun hab ich mir auch gleich Malwarebytes runtergeladen und einmal durchlaufen lassen.
Gleichzeitig ist aber auch eine Warnung von Avira AntiVir aufgeleuchtet, die besagte, dass ich wohl eine Malware auf dem PC habe: FLV Plaer Setup
Hat das damit zu tun oder ist das etwas anderes?

Was ist nun der nächste Schritt?

Noch eine kleine Frage: Sollte ich mich bis zur Bereinigung am besten nirgends mit Passwörtern anmelden?

1. Durchlauf:


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.18.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Norb :: NORB-PC [Administrator]

18.09.2012 17:14:14
mbam-log-2012-09-18 (17-14-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 200063
Laufzeit: 12 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Vielen Dank für eure Hilfe!

Gruß Norb11

ryder 18.09.2012 19:49
:hallo:

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld :)

ryder 18.09.2012 20:00
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Schritt 1: Scan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Norb11 19.09.2012 16:39
Hallo ryder,
erstmal vielen Dank für deine Hilfe! :applaus:
Ich habe soeben den Scan mit OTL durchgeführt. Das sind meine beiden Logfiles:

Code:
OTL logfile created on: 19.09.2012 15:36:49 - Run 1
OTL by OldTimer - Version 3.2.64.0    Folder = C:\Users\Norb\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 67,98% Memory free
7,99 Gb Paging File | 5,88 Gb Available in Paging File | 73,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 332,38 Gb Free Space | 78,80% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 28,11 Gb Free Space | 96,93% Space Free | Partition Type: NTFS
 
Computer Name: NORB-PC | User Name: Norb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Norb\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Norb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe (Lexmark)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.Monitor.Core.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.Monitor.Common.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.ScanDevMon.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.MCMDevMon.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (lxdc_device) -- C:\Windows\SysNative\lxdccoms.exe ( )
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (lxdc_device) -- C:\Windows\SysWOW64\lxdccoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo)
DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=3a6a0152000000000000002682daeef9
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.2
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledAddons: zotero@chnm.gmu.edu:3.0.8
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.1
FF - prefs.js..extensions.enabledAddons: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Norb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Norb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.08.24 17:10:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.18 17:42:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.27 12:27:47 | 000,000,000 | ---D | M]
 
[2011.01.15 15:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\Extensions
[2012.08.23 14:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions
[2012.08.06 14:34:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.09 23:19:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.23 14:02:58 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2011.09.27 20:39:43 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\ffxtlbr@babylon.com
[2012.07.05 22:17:39 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\zotero@chnm.gmu.edu
[2012.02.22 00:04:07 | 000,029,003 | ---- | M] () (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.08.16 10:13:38 | 000,526,409 | ---- | M] () (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\extensions\toolbar@web.de.xpi
[2012.08.16 10:14:00 | 000,000,853 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\11-suche.xml
[2012.08.16 10:14:01 | 000,002,209 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\englische-ergebnisse.xml
[2012.08.16 10:14:00 | 000,010,506 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\gmx-suche.xml
[2012.09.16 18:29:25 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-1.xml
[2012.08.06 14:37:21 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-10.xml
[2011.09.26 13:10:20 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-2.xml
[2011.09.27 12:29:21 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-3.xml
[2011.10.05 21:35:53 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-4.xml
[2011.11.14 13:45:40 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-5.xml
[2011.12.06 07:19:37 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-6.xml
[2012.02.23 12:39:03 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-7.xml
[2012.04.18 17:42:49 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-8.xml
[2012.06.08 10:56:43 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-9.xml
[2011.08.19 10:01:33 | 000,001,056 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin.xml
[2012.08.16 10:14:01 | 000,002,368 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\lastminute.xml
[2012.08.16 10:14:00 | 000,005,489 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\webde-suche.xml
[2012.02.23 12:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.24 17:10:47 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012.04.18 17:42:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011.05.09 10:12:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.18 17:42:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.27 20:39:33 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.04.18 17:42:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.18 17:42:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.18 17:42:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.18 17:42:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.18 17:42:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Windows 8 = C:\Users\Norb\AppData\Local\Google\Chrome\User Data\Default\Extensions\edpkfnpekfoegfgmogglbjbbgcdnphph\1.1_0\
CHR - Extension: SiteAdvisor = C:\Users\Norb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120222003118.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120222003118.dll (McAfee, Inc.)
O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (NCH DE Toolbar) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [lxdcamon] C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe (Lexmark)
O4:64bit: - HKLM..\Run: [lxdcmon.exe] "C:\Program Files (x86)\Lexmark 1300 Series\lxdcmon.exe" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Norb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF6ED69-0502-461E-B88F-A1E6ECF6DE15}: DhcpNameServer = 80.58.61.250 80.58.61.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.19 15:35:19 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Norb\Desktop\OTL.exe
[2012.09.18 18:59:10 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\vlc
[2012.09.18 18:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.09.18 18:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.09.18 18:07:26 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.09.18 17:13:20 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Malwarebytes
[2012.09.18 17:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.18 17:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.18 17:12:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.09.18 17:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.18 09:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.09.17 22:56:23 | 000,000,000 | R--D | C] -- C:\Users\Norb\Dropbox
[2012.09.17 22:52:45 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.09.17 22:47:29 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Dropbox
[2012.09.12 14:19:34 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2012.09.02 19:39:16 | 000,000,000 | ---D | C] -- C:\Users\Norb\Desktop\Gran Canaria
[2012.09.02 19:38:55 | 000,000,000 | ---D | C] -- C:\Users\Norb\Desktop\Casa
[2012.08.31 12:31:37 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012.08.31 12:31:34 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Norb\*.tmp files -> C:\Users\Norb\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.19 16:10:01 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000UA.job
[2012.09.19 16:09:34 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2012.09.19 16:09:32 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.19 16:09:32 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.19 15:35:22 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Norb\Desktop\OTL.exe
[2012.09.18 23:26:10 | 001,513,970 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.09.18 23:26:10 | 000,659,690 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.09.18 23:26:10 | 000,620,836 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.09.18 23:26:10 | 000,132,970 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.09.18 23:26:10 | 000,108,760 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.09.18 18:45:07 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.18 18:45:07 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.18 18:10:00 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000Core.job
[2012.09.18 18:07:29 | 000,002,350 | ---- | M] () -- C:\Users\Norb\Desktop\Google Chrome.lnk
[2012.09.18 17:12:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.18 09:16:02 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.17 22:56:23 | 000,001,037 | ---- | M] () -- C:\Users\Norb\Desktop\Dropbox.lnk
[2012.09.17 22:53:12 | 000,001,047 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.08.20 17:34:45 | 000,374,752 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Norb\*.tmp files -> C:\Users\Norb\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.18 18:07:29 | 000,002,350 | ---- | C] () -- C:\Users\Norb\Desktop\Google Chrome.lnk
[2012.09.18 18:05:44 | 000,001,116 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000UA.job
[2012.09.18 18:05:43 | 000,001,064 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000Core.job
[2012.09.18 17:12:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.17 22:56:23 | 000,001,037 | ---- | C] () -- C:\Users\Norb\Desktop\Dropbox.lnk
[2012.09.17 22:53:12 | 000,001,047 | ---- | C] () -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.11.26 09:34:05 | 000,100,726 | ---- | C] () -- C:\Program Files (x86)\winrar.lng
[2011.11.26 09:34:05 | 000,038,092 | ---- | C] () -- C:\Program Files (x86)\rar.lng
[2011.11.26 09:34:05 | 000,008,084 | ---- | C] () -- C:\Program Files (x86)\uninstall.lng
[2011.11.26 09:34:05 | 000,003,584 | ---- | C] () -- C:\Program Files (x86)\rarext.lng
[2011.11.26 09:34:04 | 000,312,149 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm
[2011.11.26 09:34:04 | 000,106,118 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2011.11.26 09:34:04 | 000,102,864 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2011.11.26 09:34:04 | 000,079,872 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2011.11.26 09:34:04 | 000,073,728 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2011.11.26 09:34:03 | 000,135,814 | ---- | C] () -- C:\Program Files (x86)\Default64.SFX
[2011.11.26 09:34:03 | 000,099,840 | ---- | C] () -- C:\Program Files (x86)\Default.SFX
[2011.11.26 09:34:02 | 000,140,288 | ---- | C] () -- C:\Program Files (x86)\RarExt32.dll
[2011.11.26 09:34:01 | 001,163,264 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe
[2011.11.26 09:34:01 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll
[2011.11.26 09:34:00 | 000,417,792 | ---- | C] () -- C:\Program Files (x86)\Rar.exe
[2011.11.26 09:34:00 | 000,276,992 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe
[2011.11.26 09:34:00 | 000,132,608 | ---- | C] () -- C:\Program Files (x86)\Uninstall.exe
[2011.11.26 09:34:00 | 000,003,973 | ---- | C] () -- C:\Program Files (x86)\Order.htm
[2011.11.26 09:34:00 | 000,001,400 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2011.11.26 09:34:00 | 000,000,700 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2011.11.26 09:33:59 | 000,001,422 | ---- | C] () -- C:\Program Files (x86)\Descript.ion
[2011.11.26 09:33:59 | 000,000,622 | ---- | C] () -- C:\Program Files (x86)\File_Id.diz
[2011.05.14 21:46:10 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011.05.13 15:43:17 | 000,278,528 | ---- | C] () -- C:\windows\SysWow64\LXDCinst.dll
[2011.05.13 15:43:16 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcinpa.dll
[2011.05.13 15:43:16 | 000,385,024 | ---- | C] () -- C:\windows\SysWow64\lxdccomx.dll
[2011.05.13 15:43:15 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\lxdciesc.dll
[2011.05.13 15:43:13 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcpmui.dll
[2011.05.13 15:43:11 | 000,999,424 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcusb1.dll
[2011.05.13 15:43:10 | 001,232,896 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcserv.dll
[2011.05.13 15:43:10 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcprox.dll
[2011.05.13 15:43:09 | 000,181,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcppls.exe
[2011.05.13 15:43:09 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcpplc.dll
[2011.05.13 15:43:08 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\lxdclmpm.dll
[2011.05.13 15:43:08 | 000,385,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcih.exe
[2011.05.13 15:43:07 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\lxdchbn3.dll
[2011.05.13 15:43:07 | 000,537,520 | ---- | C] ( ) -- C:\windows\SysWow64\lxdccoms.exe
[2011.05.13 15:43:06 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxdccomc.dll
[2011.05.13 15:43:06 | 000,425,984 | ---- | C] ( ) -- C:\windows\SysWow64\lxdccomm.dll
[2011.05.07 12:29:52 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011.05.07 12:29:52 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2011.01.15 15:27:30 | 001,541,588 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.01.14 16:23:36 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
 
========== ZeroAccess Check ==========
 
[2011.01.15 15:15:26 | 000,000,197 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[1].txt
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

< End of report >
Code:
OTL Extras logfile created on: 19.09.2012 15:36:49 - Run 1
OTL by OldTimer - Version 3.2.64.0    Folder = C:\Users\Norb\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 67,98% Memory free
7,99 Gb Paging File | 5,88 Gb Available in Paging File | 73,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 332,38 Gb Free Space | 78,80% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 28,11 Gb Free Space | 96,93% Space Free | Partition Type: NTFS
 
Computer Name: NORB-PC | User Name: Norb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{105DF337-40E3-4D00-A33D-A1157CED1D8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11EFEDAB-172B-49F2-B724-914029E4B62C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12E15AB0-470D-48CD-94B0-A7328E3A9981}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1C3B08E2-D5AB-405E-A8CC-2A858ABF29BE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2268C213-7207-468F-87F0-D6D4262D554C}" = rport=138 | protocol=17 | dir=out | app=system |
"{2AB25E56-3876-4DD4-8080-4C6CF26A0EBC}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B84B02B-1317-4226-93D5-23FB6EC18E8B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2DBA897B-94AD-4A2D-A4E3-A1F0D1BCBD82}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F5FDA83-AC4A-441A-9F6C-04389D42BACC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62270319-9865-454A-928B-FF3AEC2709B9}" = lport=445 | protocol=6 | dir=in | app=system |
"{630FD60D-804C-4E58-87A5-2C8698D323EE}" = lport=139 | protocol=6 | dir=in | app=system |
"{703947AF-06A4-4597-B973-FAE334DDB1A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E132CB6-97DA-4DE4-B1CC-1F56C78B3484}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F5E0D34-1563-46CD-981A-581174A5F6F6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7FD56D18-FFB5-4013-96C2-B4AD38F58935}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8E3C5A0D-2465-4918-A19D-D33B14DDC591}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9351B1A0-F3E6-43A0-B2EC-F9A0F7518CC2}" = rport=137 | protocol=17 | dir=out | app=system |
"{A3DD18C8-6290-41E3-8E6F-533ACE5B90B3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7332274-E904-4547-B492-E58D991BA1BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AECF7253-E184-4434-B05E-FF5814A85CC7}" = rport=139 | protocol=6 | dir=out | app=system |
"{B318DBF9-63AC-404B-8B3F-6E499983063A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E5AC8F22-DF28-4AFD-813A-6B306198AB9A}" = lport=137 | protocol=17 | dir=in | app=system |
"{EA3F08C7-696D-47E5-B924-F618C63086D1}" = lport=138 | protocol=17 | dir=in | app=system |
"{EAC3F192-3443-4372-96A4-477E2BB779F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9D25A5B-1B46-4B24-8608-833FBA9E3776}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010B73A9-3EC2-493D-A332-4094244F8853}" = protocol=6 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{0133A388-2E26-419D-8DD7-87A00DC43784}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{014BCDBD-540B-434F-84F5-396E6A2C2FB9}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe |
"{0774ACA8-17DC-4507-B1B3-4712F3BC685D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{0D2509B6-2AEA-4DAC-A147-78427E8A6C8A}" = protocol=6 | dir=out | app=system |
"{0E5097C6-197C-4115-BDDC-88D591385E24}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{0F8740E0-A42D-4770-8E78-28A08F481A9F}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{0FEF84A5-997B-43CB-A3A3-1CAD42BFFCB5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{12E10167-38DF-4B79-AEA9-3F8B1D5ECAB8}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdccoms.exe |
"{1A8D0526-051E-4350-BA2C-DBA6E29B88BC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{1E64318B-F1CD-4F33-A7F4-BFD243D46445}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F16F9A4-2DAB-4AA8-9109-CF0D962B0A73}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{2B5DF79F-2AB0-419D-ADF7-C12DB6EA32FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B8AFC20-1845-4508-A46F-D242CCB1062C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{34949E83-A5B4-4E39-AC69-B212E1BCA8E1}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdccoms.exe |
"{351F2430-B8DA-4109-8189-4C249946A58D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{35F2B2BA-CE9C-4DE9-A00B-85D68FE5466F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37C2FC92-84EA-4AC1-85B5-7ACBB5F03877}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{4410892F-ED38-400F-90FE-19A7E1BEB862}" = protocol=6 | dir=in | app=c:\users\norb\appdata\roaming\dropbox\bin\dropbox.exe |
"{4C6CF5B8-69EE-4064-A2A8-1BA792ED2609}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E4FD3FF-7BFB-43BD-A540-0489D0FEFD82}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{517BC804-E805-478B-AD8D-051E09115345}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{52BDB393-3A27-4CAE-BD6A-4880085E72E2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{575D0659-6367-42EA-BE94-3E9E9B358E01}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{5BB1623B-C3B1-42DE-8455-7DC272FE8800}" = protocol=17 | dir=in | app=c:\users\norb\appdata\roaming\dropbox\bin\dropbox.exe |
"{652BD380-C61B-446F-9290-B4F6ED3C7D7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{71B69BCA-8BF2-4516-BB76-EC1053672E07}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{729DABFF-A129-4D48-96CA-B930ED43DF05}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{735A1A91-FDC0-4445-AB3B-DF70D7148B01}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{765C628B-AAA1-4634-A7CD-CCCF2995F6B2}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1300 series\app4r.exe |
"{7AB467E2-E610-4592-BBE3-2A9700B3E3B0}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{7D65364D-CE28-4190-B46E-F6A91ABDA574}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7FF62423-1875-4C0C-A097-EEEA187B27CE}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{884161AC-EC19-44F2-B06E-3D96F371D3AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B3ACDB0-4BC9-4116-8950-C3B654861A95}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{8FD3DB34-8D1D-4602-8228-199D45B2BD88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93E9953B-858B-4E81-96EB-70D76D0E4130}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9C06C905-14BC-4874-AB55-879D680FD719}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1300 series\app4r.exe |
"{A30C145E-F747-4194-BD73-E616F3242605}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{A8011B8F-3265-4C0D-8DB7-272660896EF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A8045229-6AD9-4AC8-ACE0-560A9A8B872F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9DB47FB-8211-46EA-8993-971D29BDA1F0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF1B9F74-610C-4371-AD36-47D4288B25D9}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{C42270C0-922F-44AA-B4A5-C5E87930E139}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{C487EFB1-AE5C-417C-BAD7-CC79461BABC0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C9B29BDE-6802-4699-89F8-4F6FA3FBCCC7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{CA9F4B32-F689-4A91-BFB5-5F69C6670F7F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{CF28B08A-9BB4-4A2A-8FC8-3AFB3759D3F7}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1300 series\lxdcamon.exe |
"{CF68DA45-B6A2-4D7F-B0C2-F76292E8506F}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{CF967C4B-11EB-445C-A070-3917AAD759C5}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{DBC6BD00-A934-4404-9E08-20DE8D2654D5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DD982D5A-A1EF-4BD6-BEE4-2843D3A7FAB7}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{E2E05C7A-0ED5-47A6-ABB2-CDBD786D70D4}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{E5D9BE1C-D3C0-4244-95C3-0290612D1A87}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7AE26EC-0773-4D90-8825-345C48F13E1C}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1300 series\lxdcamon.exe |
"{EE9F5CA2-E4ED-4DE7-8AD3-D9E84D1B8AC2}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{F3C7C924-D777-49B3-B5BD-E103A2D37B6E}" = protocol=17 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{F5BBB690-51AA-4447-8862-BEC8D4012EC7}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{F7CA52EC-40C5-494F-9FFA-E3AD4ECD4569}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FBFB2014-8CDC-4DB2-9D35-E33243D5C7B4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FEF5EC63-FE03-42CF-A3EA-040CF26C739F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{FFA0EA73-3FDC-47C8-93F8-3FFDEBD23DCF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{FFD8DEDB-5BAC-4288-AFAC-D4E4A54C5831}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"TCP Query User{A2E9A05B-9C93-4390-99D3-1B7569E7C5D4}C:\program files (x86)\lexmark 1300 series\lxdcamon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1300 series\lxdcamon.exe |
"UDP Query User{3A9A3C78-C136-425C-BF11-E8A0A2207193}C:\program files (x86)\lexmark 1300 series\lxdcamon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1300 series\lxdcamon.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{43FA2281-6E7B-2E21-3C8E-17C2F2549EFE}" = ccc-utility64
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7C11B3E-3908-AC83-2015-F207578BBD9D}" = ATI Catalyst Install Manager
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Lexmark 1300 Series" = Lexmark 1300 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0A1E49D2-A906-B157-9FF2-F9A769B7D18D}" = CCC Help Turkish
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2B1897E1-4A34-57A5-2CAA-FBCD71B21665}" = CCC Help Chinese Traditional
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30AD991C-682F-3B7E-4F5F-11E8E17A3A33}" = CCC Help English
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B1337E4-B80A-B3BB-6ED2-977FFBA40EE3}" = CCC Help Hungarian
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FBB64BD-0560-CDD0-17AC-B6E42940FEE0}" = CCC Help Korean
"{400E0117-F768-137F-20CC-3BEF6B9B9B8A}" = CCC Help Polish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{571CF82D-5CDF-F884-82B3-0A182A94A8A5}" = CCC Help Greek
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E8B7122-194F-319A-5D72-4F4300AC2834}" = Catalyst Control Center Core Implementation
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6CD39152-5499-8D27-A763-4C1EF5DF7642}" = CCC Help Portuguese
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{731E357F-82E9-3644-1A54-B131A84C7F4F}" = CCC Help Thai
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777480E1-FAB9-E330-4805-CEC89FF0DECA}" = Catalyst Control Center InstallProxy
"{7C334B73-8330-9693-88A5-3246A42345F3}" = CCC Help Russian
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89212ACF-C573-1B93-F71F-42506D9D43CD}" = CCC Help Norwegian
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A7A4D97-0BC0-BDAD-3C83-0B2116F185F6}" = CCC Help French
"{8D2D9423-314D-AEAC-40CE-8221CD8CC3A1}" = CCC Help German
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{978E7BF5-00F6-0760-584D-50FB9EBCDDC0}" = Catalyst Control Center Graphics Light
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF8CDF7-640A-0BF5-84AD-38DDB2BB06DF}" = ccc-core-static
"{A04B6558-B76B-CCBA-18E2-6998CAC36609}" = CCC Help Spanish
"{A10D9707-062C-8C31-D650-49262728FAC3}" = CCC Help Czech
"{A6093CFA-3120-E131-737E-CDD4A8EF7497}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4068EA-1481-85F6-4BA8-E0561EBC6E76}" = Catalyst Control Center Graphics Previews Common
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{BB6A9394-64F4-C525-F7D8-6AC2882F7D99}" = Catalyst Control Center Graphics Full New
"{BBC3BD86-98ED-31F1-18D1-1B46966C83E5}" = CCC Help Danish
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C49458C8-4E96-9396-3F94-0335A314F5D6}" = CCC Help Finnish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D839ADFB-FA15-978A-816B-48601709F410}" = CCC Help Swedish
"{DB38E2A9-3236-F846-F15F-BE2E4F8AAF06}" = Catalyst Control Center Localization All
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EBA8C838-2E01-96A2-813E-FDFFAFFEFA0C}" = Catalyst Control Center Graphics Full Existing
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F09E072D-FC36-1F85-2F49-8D0418E52779}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F66B4E34-6308-DF03-7439-8C4CADDE2A8E}" = CCC Help Italian
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"{FF03E70B-5BAF-DA4D-E82B-96C6D61FFACD}" = CCC Help Japanese
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Age of Empires" = Microsoft Age of Empires
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"EPSON Scanner" = EPSON Scan
"Free Studio_is1" = Free Studio version 5.0.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"ICQToolbar" = ICQ Toolbar
"ifolor-Designer" = ifolor Designer
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MSC" = McAfee AntiVirus Plus
"NCH_DE Toolbar" = NCH DE Toolbar
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picasa 3" = Picasa 3
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV
"WavePad" = WavePad Audiobearbeitungs-Software
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GeoGebra 4" = GeoGebra 4
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.08.2012 16:36:07 | Computer Name = Norb-PC | Source = Application Virtualization Client | ID = 3079
Description = {hap=14:app=Microsoft Excel Starter 2010 9014006604070000:tid=14EC:usr=Norb}
Der
 Client konnte Q:\140066.deu\Office14\EXCELC.EXE nicht starten (Rückgabecode 1F701939-00000003,
 letzter Fehler 0).
 
Error - 24.08.2012 16:36:07 | Computer Name = Norb-PC | Source = Application Virtualization Client | ID = 3039
Description = {hap=14:app=Microsoft Excel Starter 2010 9014006604070000:tid=14EC:usr=Norb}
Fehler
 beim Hochladen der virtuellen Umgebung (Abschnitt: Q:\140066.DEU\SoftGridUserSettings),
 Rückgabecode 0FD00D14-00000003
 
Error - 24.08.2012 16:36:07 | Computer Name = Norb-PC | Source = Application Virtualization Client | ID = 5011
Description = {tid=10F8:usr=Norb} Application Virtualization Client konnte Sitzung
 39 nicht trennen (Dateisystemstatus 00000729-000003ED).
 
Error - 25.08.2012 20:41:58 | Computer Name = Norb-PC | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 5.8.0.156 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b90    Startzeit:
01cd832327c86c37    Endzeit: 266    Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

Berichts-ID:
 c0d24bc8-ef16-11e1-9540-88ae1dd5e111 
 
Error - 26.08.2012 20:24:00 | Computer Name = Norb-PC | Source = Microsoft Office 14 | ID = 2001
Description =
 
Error - 28.08.2012 16:06:52 | Computer Name = Norb-PC | Source = MsiInstaller | ID = 11316
Description =
 
Error - 30.08.2012 15:18:24 | Computer Name = Norb-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Die Serververbindung wurde aufgrund eines Fehlers beendet.

 
Error - 31.08.2012 07:57:54 | Computer Name = Norb-PC | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
 brauchte länger als 90000 ms, um eine Anfrage auszuführen.    Der Vorgang wird beendet.
Thread-ID:
 1192 (0x4a8)    Thread-Adresse: 0x0000000076FAF72A    Thread-Nachricht:      Build VSCORE.14.2.0.835
 / 5400.1158  Object being scanned = \Device\SftVol\140066.deu\OFFICE14\PROOF\MSSP7GE.dub

 by Q:\140066.deu\Office14\WINWORDC.EXE  4(0)(0)  4(0)(0)  7200(0)(0)  7595(0)(0)  7005(0)(0)

 7004(0)(0)  5006(0)(0)  5004(0)(0) 
 
Error - 31.08.2012 08:02:50 | Computer Name = Norb-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 100c    Startzeit:
 01cd87704f3edc2e    Endzeit: 27200    Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE

Berichts-ID:
 af90fd57-f363-11e1-a8cb-88ae1dd5e111 
 
Error - 01.09.2012 20:22:40 | Computer Name = Norb-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 11.0.0.4454 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7d8    Startzeit:
01cd88a0c624fc40    Endzeit: 46    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 41fb1018-f494-11e1-a8cb-88ae1dd5e111 
 
[ System Events ]
Error - 18.09.2012 04:16:54 | Computer Name = Norb-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Application Virtualization Client" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 18.09.2012 04:16:54 | Computer Name = Norb-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Client Virtualization Handler" ist vom Dienst "Application
 Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:  %%1053
 
Error - 18.09.2012 04:20:02 | Computer Name = Norb-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 18.09.2012 04:23:49 | Computer Name = Norb-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
 
Error - 18.09.2012 05:25:09 | Computer Name = Norb-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.09.2012 05:25:09 | Computer Name = Norb-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.09.2012 05:25:10 | Computer Name = Norb-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.09.2012 05:25:10 | Computer Name = Norb-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 18.09.2012 05:25:11 | Computer Name = Norb-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.09.2012 10:17:11 | Computer Name = Norb-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
 
 
< End of report >
Vielleicht ist das noch wichtig.
Ich habe den VLC-Player deinstalliert, nachdem ich mich hier über das Problem informiert habe. Danach habe ich ihn bei Chip.de runtergeladen und erneut installiert.

Danke für das Bearbeiten...

ryder 19.09.2012 19:58
Kein Problem :)

Schritt 1:

Deinstallation von Programmen:
  • Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren
  • ggf. Neustart zulassen

Falls du die folgenden Programme nicht absichtlich installiert hast, entferne bitte:
Code:
NCH DE Toolbar
ICQToolbar
BabylonToolbar
Bing Bar

Schritt 2:

Mehrere Anti-Virus-Programme

Code:
McAfee AntiVirus Plus
Avira
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."
Schritt 3:

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Norb11 19.09.2012 23:38
Die von dir genannten Programme habe ich deinstalliert.
Zudem habe ich McAfee AntiVirus Plus deinstalliert, da ich dieses Programm nur als Testversion hatte und diese bereits abgelaufen war.


Logdatei des adwcleaner:

Code:
# AdwCleaner v2.002 - Datei am 09/19/2012 um 23:31:39 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Norb - NORB-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Norb\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Program Files (x86)\Uninstall.exe
Datei Gefunden : C:\Users\Norb\AppData\Local\Temp\Uninstall.exe
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\Norb\AppData\Local\Babylon
Ordner Gefunden : C:\Users\Norb\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Norb\AppData\Local\Temp\CT2801937
Ordner Gefunden : C:\Users\Norb\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Norb\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Norb\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Norb\AppData\Roaming\Mozilla\Firefox\Profiles\nuhnlz4n.default\ConduitCommon
Ordner Gefunden : C:\Users\Norb\AppData\Roaming\Mozilla\Firefox\Profiles\nuhnlz4n.default\CT2801937
Ordner Gefunden : C:\Users\Norb\AppData\Roaming\Mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
Ordner Gefunden : C:\Users\Norb\AppData\Roaming\Mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\ffxtlbr@babylon.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-3012472162-3527673009-745750261-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-3012472162-3527673009-745750261-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v11.0 (de)

Profilname : default
Datei : C:\Users\Norb\AppData\Roaming\Mozilla\Firefox\Profiles\nuhnlz4n.default\prefs.js

Gefunden : user_pref("CT2801937..clientLogIsEnabled", false);
Gefunden : user_pref("CT2801937..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2801937..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2801937.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2801937.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2801937.BrowserCompStateIsOpen_129798069779186309", true);
Gefunden : user_pref("CT2801937.BrowserCompStateIsOpen_129799464713342383", true);
Gefunden : user_pref("CT2801937.BrowserCompStateIsOpen_129799487489787934", true);
Gefunden : user_pref("CT2801937.BrowserCompStateIsOpen_129800116201456332", true);
Gefunden : user_pref("CT2801937.CTID", "CT2801937");
Gefunden : user_pref("CT2801937.CurrentServerDate", "18-9-2012");
Gefunden : user_pref("CT2801937.DSInstall", false);
Gefunden : user_pref("CT2801937.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2801937.DialogsGetterLastCheckTime", "Sun Sep 16 2012 18:28:01 GMT+0100");
Gefunden : user_pref("CT2801937.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2801937.EMailNotifierPollDate", "Sun Jan 15 2012 21:02:22 GMT+0100");
Gefunden : user_pref("CT2801937.FirstServerDate", "13-1-2012");
Gefunden : user_pref("CT2801937.FirstTime", true);
Gefunden : user_pref("CT2801937.FirstTimeFF3", true);
Gefunden : user_pref("CT2801937.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2801937.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2801937.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2801937.HPInstall", false);
Gefunden : user_pref("CT2801937.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2801937.HomePageProtectorEnabled", false);
Gefunden : user_pref("CT2801937.HomepageBeforeUnload", "hxxp://www.google.de/");
Gefunden : user_pref("CT2801937.Initialize", true);
Gefunden : user_pref("CT2801937.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2801937.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2801937.InstallationId", "ConduitNSISIntegration");
Gefunden : user_pref("CT2801937.InstallationType", "ConduitXPEIntegration");
Gefunden : user_pref("CT2801937.InstalledDate", "Fri Jan 13 2012 10:27:09 GMT+0100");
Gefunden : user_pref("CT2801937.InvalidateCache", false);
Gefunden : user_pref("CT2801937.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2801937.IsGrouping", false);
Gefunden : user_pref("CT2801937.IsInitSetupIni", true);
Gefunden : user_pref("CT2801937.IsMulticommunity", false);
Gefunden : user_pref("CT2801937.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2801937.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2801937.LanguagePackLastCheckTime", "Mon Sep 17 2012 21:08:12 GMT+0100");
Gefunden : user_pref("CT2801937.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2801937.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2801937.LastLogin_3.12.0.7", "Wed Apr 25 2012 18:22:39 GMT+0200");
Gefunden : user_pref("CT2801937.LastLogin_3.12.2.3", "Fri Jun 01 2012 10:12:41 GMT+0200");
Gefunden : user_pref("CT2801937.LastLogin_3.13.0.6", "Mon Jul 16 2012 09:57:41 GMT+0200");
Gefunden : user_pref("CT2801937.LastLogin_3.14.1.0", "Thu Aug 23 2012 13:59:17 GMT+0200");
Gefunden : user_pref("CT2801937.LastLogin_3.15.1.0", "Tue Sep 18 2012 16:29:33 GMT+0100");
Gefunden : user_pref("CT2801937.LastLogin_3.9.0.3", "Sun Jan 15 2012 21:02:31 GMT+0100");
Gefunden : user_pref("CT2801937.LatestVersion", "3.14.1.0");
Gefunden : user_pref("CT2801937.Locale", "de");
Gefunden : user_pref("CT2801937.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2801937.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2801937.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2801937.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2801937.OriginalFirstVersion", "3.9.0.3");
Gefunden : user_pref("CT2801937.RadioIsPodcast", false);
Gefunden : user_pref("CT2801937.RadioLastCheckTime", "Sun Jan 15 2012 21:02:21 GMT+0100");
Gefunden : user_pref("CT2801937.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2801937.RadioLastUpdateServer", "129343918668070000");
Gefunden : user_pref("CT2801937.RadioMediaID", "21560175");
Gefunden : user_pref("CT2801937.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2801937.RadioMenuSelectedID", "EBRadioMenu_CT280193721560175");
Gefunden : user_pref("CT2801937.RadioShrinkedFromSetup", false);
Gefunden : user_pref("CT2801937.RadioStationName", "GermanyFM%20Info");
Gefunden : user_pref("CT2801937.RadioStationURL", "hxxp://www.1000mikes.com/audio/1000mikes.m3u?channelId=6680"[...]
Gefunden : user_pref("CT2801937.SearchCaption", "NCH DE Customized Web Search");
Gefunden : user_pref("CT2801937.SearchEngineBeforeUnload", "Google");
Gefunden : user_pref("CT2801937.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2801937.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...]
Gefunden : user_pref("CT2801937.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2801937.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2801937.SearchInNewTabLastCheckTime", "Mon Sep 17 2012 21:08:05 GMT+0100");
Gefunden : user_pref("CT2801937.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2801937.SearchProtectorEnabled", false);
Gefunden : user_pref("CT2801937.SearchProtectorToolbarDisabled", false);
Gefunden : user_pref("CT2801937.SendProtectorDataViaLogin", true);
Gefunden : user_pref("CT2801937.ServiceMapLastCheckTime", "Mon Sep 17 2012 21:08:06 GMT+0100");
Gefunden : user_pref("CT2801937.SettingsLastCheckTime", "Tue Sep 18 2012 16:29:31 GMT+0100");
Gefunden : user_pref("CT2801937.SettingsLastUpdate", "1347287073");
Gefunden : user_pref("CT2801937.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13");
Gefunden : user_pref("CT2801937.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2801937.ThirdPartyComponentsLastCheck", "Fri Jan 13 2012 10:27:03 GMT+0100");
Gefunden : user_pref("CT2801937.ThirdPartyComponentsLastUpdate", "1255344657");
Gefunden : user_pref("CT2801937.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2801937.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801937");
Gefunden : user_pref("CT2801937.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2801937.UserID", "UN97191204759467534");
Gefunden : user_pref("CT2801937.alertChannelId", "1194019");
Gefunden : user_pref("CT2801937.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2801937.globalFirstTimeInfoLastCheckTime", "Sat Jan 14 2012 14:30:00 GMT+0100");
Gefunden : user_pref("CT2801937.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2801937.initDone", true);
Gefunden : user_pref("CT2801937.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2801937.isFirstRadioInstallation", false);
Gefunden : user_pref("CT2801937.myStuffEnabled", true);
Gefunden : user_pref("CT2801937.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2801937.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2801937.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2801937.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2801937.oldAppsList", "129306877456538355,129306877457319611,111,129306877459819678,129[...]
Gefunden : user_pref("CT2801937.revertSettingsEnabled", true);
Gefunden : user_pref("CT2801937.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2801937.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2801937.testingCtid", "");
Gefunden : user_pref("CT2801937.toolbarAppMetaDataLastCheckTime", "Mon Sep 17 2012 21:08:12 GMT+0100");
Gefunden : user_pref("CT2801937.toolbarContextMenuLastCheckTime", "Fri Jan 13 2012 10:27:13 GMT+0100");
Gefunden : user_pref("CT2801937.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801937/CT2801937[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194019/1189696/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801937", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801937",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"6c9[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Norb\\AppData\\Roaming\\Mozilla\\Fi[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2801937");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2801937");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2801937");
Gefunden : user_pref("CommunityToolbar.globalUserId", "78907bf2-f5b6-471d-8cd0-a23e8e4a7c27");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801937");
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jan 13 2012 10:27:0[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Jan 14 2012 15:18:02 GMT+010[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Jan 14 2012 14:29:58 GMT+0100");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "b4b7b5e4-fd1c-4224-aed3-f0909d099045");
Gefunden : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.de/");
Gefunden : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.babTrack", "affID=100474");
Gefunden : user_pref("extensions.BabylonToolbar.bbDpng", 18);
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Gefunden : user_pref("extensions.BabylonToolbar.hmpg", true);
Gefunden : user_pref("extensions.BabylonToolbar.id", "3a6a0152000000000000002682daeef9");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15244");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]
Gefunden : user_pref("extensions.BabylonToolbar.lastDP", 18);
Gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1021:39:47");
Gefunden : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0");
Gefunden : user_pref("extensions.BabylonToolbar.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.propectorlck", 86547397);
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Gefunden : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1021:39:47");
Gefunden : user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.1.9,groovesharkUnlocker@overlord1337:1.[...]
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q=");

-\\ Google Chrome v21.0.1180.89

Datei : C:\Users\Norb\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [18957 octets] - [19/09/2012 23:31:39]

########## EOF - C:\AdwCleaner[R1].txt - [19018 octets] ##########

ryder 20.09.2012 08:59
Gut! Dann wollen wir das alles mal entfernen:

Schritt 1:

Entfernen von unerwünschten Programmen mit AdwCleaner
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2:

Kontrollscan mit OTL

Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Norb11 20.09.2012 15:17
Löschvorgang des adwcleaner:

Code:
# AdwCleaner v2.002 - Datei am 09/20/2012 um 14:38:13 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Norb - NORB-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Norb\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files (x86)\Uninstall.exe
Datei Gelöscht : C:\Users\Norb\AppData\Local\Temp\Uninstall.exe
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Norb\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Norb\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Norb\AppData\Local\Temp\CT2801937
Ordner Gelöscht : C:\Users\Norb\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Norb\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Norb\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Norb\AppData\Roaming\Mozilla\Firefox\Profiles\nuhnlz4n.default\ConduitCommon
Ordner Gelöscht : C:\Users\Norb\AppData\Roaming\Mozilla\Firefox\Profiles\nuhnlz4n.default\CT2801937
Ordner Gelöscht : C:\Users\Norb\AppData\Roaming\Mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
Ordner Gelöscht : C:\Users\Norb\AppData\Roaming\Mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\ffxtlbr@babylon.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v11.0 (de)

Profilname : default
Datei : C:\Users\Norb\AppData\Roaming\Mozilla\Firefox\Profiles\nuhnlz4n.default\prefs.js

C:\Users\Norb\AppData\Roaming\Mozilla\Firefox\Profiles\nuhnlz4n.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2801937..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2801937..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2801937..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2801937.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2801937.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2801937.BrowserCompStateIsOpen_129798069779186309", true);
Gelöscht : user_pref("CT2801937.BrowserCompStateIsOpen_129799464713342383", true);
Gelöscht : user_pref("CT2801937.BrowserCompStateIsOpen_129799487489787934", true);
Gelöscht : user_pref("CT2801937.BrowserCompStateIsOpen_129800116201456332", true);
Gelöscht : user_pref("CT2801937.CTID", "CT2801937");
Gelöscht : user_pref("CT2801937.CurrentServerDate", "18-9-2012");
Gelöscht : user_pref("CT2801937.DSInstall", false);
Gelöscht : user_pref("CT2801937.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2801937.DialogsGetterLastCheckTime", "Sun Sep 16 2012 18:28:01 GMT+0100");
Gelöscht : user_pref("CT2801937.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2801937.EMailNotifierPollDate", "Sun Jan 15 2012 21:02:22 GMT+0100");
Gelöscht : user_pref("CT2801937.FirstServerDate", "13-1-2012");
Gelöscht : user_pref("CT2801937.FirstTime", true);
Gelöscht : user_pref("CT2801937.FirstTimeFF3", true);
Gelöscht : user_pref("CT2801937.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2801937.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2801937.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2801937.HPInstall", false);
Gelöscht : user_pref("CT2801937.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2801937.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2801937.HomepageBeforeUnload", "hxxp://www.google.de/");
Gelöscht : user_pref("CT2801937.Initialize", true);
Gelöscht : user_pref("CT2801937.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2801937.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2801937.InstallationId", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2801937.InstallationType", "ConduitXPEIntegration");
Gelöscht : user_pref("CT2801937.InstalledDate", "Fri Jan 13 2012 10:27:09 GMT+0100");
Gelöscht : user_pref("CT2801937.InvalidateCache", false);
Gelöscht : user_pref("CT2801937.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2801937.IsGrouping", false);
Gelöscht : user_pref("CT2801937.IsInitSetupIni", true);
Gelöscht : user_pref("CT2801937.IsMulticommunity", false);
Gelöscht : user_pref("CT2801937.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2801937.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2801937.LanguagePackLastCheckTime", "Mon Sep 17 2012 21:08:12 GMT+0100");
Gelöscht : user_pref("CT2801937.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2801937.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2801937.LastLogin_3.12.0.7", "Wed Apr 25 2012 18:22:39 GMT+0200");
Gelöscht : user_pref("CT2801937.LastLogin_3.12.2.3", "Fri Jun 01 2012 10:12:41 GMT+0200");
Gelöscht : user_pref("CT2801937.LastLogin_3.13.0.6", "Mon Jul 16 2012 09:57:41 GMT+0200");
Gelöscht : user_pref("CT2801937.LastLogin_3.14.1.0", "Thu Aug 23 2012 13:59:17 GMT+0200");
Gelöscht : user_pref("CT2801937.LastLogin_3.15.1.0", "Tue Sep 18 2012 16:29:33 GMT+0100");
Gelöscht : user_pref("CT2801937.LastLogin_3.9.0.3", "Sun Jan 15 2012 21:02:31 GMT+0100");
Gelöscht : user_pref("CT2801937.LatestVersion", "3.14.1.0");
Gelöscht : user_pref("CT2801937.Locale", "de");
Gelöscht : user_pref("CT2801937.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2801937.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2801937.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2801937.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2801937.OriginalFirstVersion", "3.9.0.3");
Gelöscht : user_pref("CT2801937.RadioIsPodcast", false);
Gelöscht : user_pref("CT2801937.RadioLastCheckTime", "Sun Jan 15 2012 21:02:21 GMT+0100");
Gelöscht : user_pref("CT2801937.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2801937.RadioLastUpdateServer", "129343918668070000");
Gelöscht : user_pref("CT2801937.RadioMediaID", "21560175");
Gelöscht : user_pref("CT2801937.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2801937.RadioMenuSelectedID", "EBRadioMenu_CT280193721560175");
Gelöscht : user_pref("CT2801937.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2801937.RadioStationName", "GermanyFM%20Info");
Gelöscht : user_pref("CT2801937.RadioStationURL", "hxxp://www.1000mikes.com/audio/1000mikes.m3u?channelId=6680"[...]
Gelöscht : user_pref("CT2801937.SearchCaption", "NCH DE Customized Web Search");
Gelöscht : user_pref("CT2801937.SearchEngineBeforeUnload", "Google");
Gelöscht : user_pref("CT2801937.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2801937.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...]
Gelöscht : user_pref("CT2801937.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2801937.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2801937.SearchInNewTabLastCheckTime", "Mon Sep 17 2012 21:08:05 GMT+0100");
Gelöscht : user_pref("CT2801937.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2801937.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2801937.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2801937.SendProtectorDataViaLogin", true);
Gelöscht : user_pref("CT2801937.ServiceMapLastCheckTime", "Mon Sep 17 2012 21:08:06 GMT+0100");
Gelöscht : user_pref("CT2801937.SettingsLastCheckTime", "Tue Sep 18 2012 16:29:31 GMT+0100");
Gelöscht : user_pref("CT2801937.SettingsLastUpdate", "1347287073");
Gelöscht : user_pref("CT2801937.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13");
Gelöscht : user_pref("CT2801937.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2801937.ThirdPartyComponentsLastCheck", "Fri Jan 13 2012 10:27:03 GMT+0100");
Gelöscht : user_pref("CT2801937.ThirdPartyComponentsLastUpdate", "1255344657");
Gelöscht : user_pref("CT2801937.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2801937.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801937");
Gelöscht : user_pref("CT2801937.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2801937.UserID", "UN97191204759467534");
Gelöscht : user_pref("CT2801937.alertChannelId", "1194019");
Gelöscht : user_pref("CT2801937.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2801937.globalFirstTimeInfoLastCheckTime", "Sat Jan 14 2012 14:30:00 GMT+0100");
Gelöscht : user_pref("CT2801937.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2801937.initDone", true);
Gelöscht : user_pref("CT2801937.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2801937.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2801937.myStuffEnabled", true);
Gelöscht : user_pref("CT2801937.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2801937.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2801937.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2801937.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2801937.oldAppsList", "129306877456538355,129306877457319611,111,129306877459819678,129[...]
Gelöscht : user_pref("CT2801937.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2801937.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2801937.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2801937.testingCtid", "");
Gelöscht : user_pref("CT2801937.toolbarAppMetaDataLastCheckTime", "Mon Sep 17 2012 21:08:12 GMT+0100");
Gelöscht : user_pref("CT2801937.toolbarContextMenuLastCheckTime", "Fri Jan 13 2012 10:27:13 GMT+0100");
Gelöscht : user_pref("CT2801937.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801937/CT2801937[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194019/1189696/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801937", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801937",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"6c9[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Norb\\AppData\\Roaming\\Mozilla\\Fi[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2801937");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2801937");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2801937");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "78907bf2-f5b6-471d-8cd0-a23e8e4a7c27");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801937");
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jan 13 2012 10:27:0[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Jan 14 2012 15:18:02 GMT+010[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Jan 14 2012 14:29:58 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "b4b7b5e4-fd1c-4224-aed3-f0909d099045");
Gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.de/");
Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=100474");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 18);
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", true);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "3a6a0152000000000000002682daeef9");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15244");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 18);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1021:39:47");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 86547397);
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1021:39:47");
Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.1.9,groovesharkUnlocker@overlord1337:1.[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q=");

-\\ Google Chrome v21.0.1180.89

Datei : C:\Users\Norb\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [19084 octets] - [19/09/2012 23:31:39]
AdwCleaner[S1].txt - [19132 octets] - [20/09/2012 14:38:13]

########## EOF - C:\AdwCleaner[S1].txt - [19193 octets] ##########
QuickScan mit OTL:

Code:
OTL logfile created on: 20.09.2012 14:45:11 - Run 2
OTL by OldTimer - Version 3.2.64.0    Folder = C:\Users\Norb\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,18% Memory free
7,99 Gb Paging File | 6,29 Gb Available in Paging File | 78,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 332,22 Gb Free Space | 78,76% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 28,11 Gb Free Space | 96,93% Space Free | Partition Type: NTFS
 
Computer Name: NORB-PC | User Name: Norb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Norb\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Norb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe (Lexmark)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.Monitor.Core.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.Monitor.Common.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.ScanDevMon.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.MCMDevMon.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (lxdc_device) -- C:\Windows\SysNative\lxdccoms.exe ( )
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (lxdc_device) -- C:\Windows\SysWOW64\lxdccoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo)
DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Norb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Norb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.19 23:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.27 12:27:47 | 000,000,000 | ---D | M]
 
[2011.01.15 15:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\Extensions
[2012.09.20 14:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions
[2012.08.06 14:34:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.09 23:19:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.05 22:17:39 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\zotero@chnm.gmu.edu
[2012.02.22 00:04:07 | 000,029,003 | ---- | M] () (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.08.16 10:13:38 | 000,526,409 | ---- | M] () (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\extensions\toolbar@web.de.xpi
[2012.08.16 10:14:00 | 000,000,853 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\11-suche.xml
[2012.08.16 10:14:01 | 000,002,209 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\englische-ergebnisse.xml
[2012.08.16 10:14:00 | 000,010,506 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\gmx-suche.xml
[2012.09.16 18:29:25 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-1.xml
[2012.08.06 14:37:21 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-10.xml
[2011.09.26 13:10:20 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-2.xml
[2011.09.27 12:29:21 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-3.xml
[2011.10.05 21:35:53 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-4.xml
[2011.11.14 13:45:40 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-5.xml
[2011.12.06 07:19:37 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-6.xml
[2012.02.23 12:39:03 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-7.xml
[2012.04.18 17:42:49 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-8.xml
[2012.06.08 10:56:43 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-9.xml
[2011.08.19 10:01:33 | 000,001,056 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin.xml
[2012.08.16 10:14:01 | 000,002,368 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\lastminute.xml
[2012.08.16 10:14:00 | 000,005,489 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\webde-suche.xml
[2012.02.23 12:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\USERS\NORB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NUHNLZ4N.DEFAULT\EXTENSIONS\{B106B661-3E1B-4015-AF5C-195E909F35C6}
File not found (No name found) -- C:\USERS\NORB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NUHNLZ4N.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
[2012.04.18 17:42:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.09 10:12:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.18 17:42:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.18 17:42:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.18 17:42:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.18 17:42:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.18 17:42:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.18 17:42:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Windows 8 = C:\Users\Norb\AppData\Local\Google\Chrome\User Data\Default\Extensions\edpkfnpekfoegfgmogglbjbbgcdnphph\1.1_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [lxdcamon] C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe (Lexmark)
O4:64bit: - HKLM..\Run: [lxdcmon.exe] "C:\Program Files (x86)\Lexmark 1300 Series\lxdcmon.exe" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Norb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF6ED69-0502-461E-B88F-A1E6ECF6DE15}: DhcpNameServer = 80.58.61.250 80.58.61.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.19 15:35:19 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Norb\Desktop\OTL.exe
[2012.09.18 18:59:10 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\vlc
[2012.09.18 18:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.09.18 18:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.09.18 18:07:26 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.09.18 17:13:20 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Malwarebytes
[2012.09.18 17:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.18 17:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.18 17:12:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.09.18 17:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.17 22:56:23 | 000,000,000 | R--D | C] -- C:\Users\Norb\Dropbox
[2012.09.17 22:52:45 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.09.17 22:47:29 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Dropbox
[2012.09.02 19:39:16 | 000,000,000 | ---D | C] -- C:\Users\Norb\Desktop\Gran Canaria
[2012.09.02 19:38:55 | 000,000,000 | ---D | C] -- C:\Users\Norb\Desktop\Casa
[2012.08.31 12:31:37 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012.08.31 12:31:34 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Norb\*.tmp files -> C:\Users\Norb\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.20 14:48:04 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.20 14:47:53 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 14:47:53 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 14:44:14 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.20 14:39:59 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2012.09.20 14:39:53 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.19 23:30:47 | 000,512,737 | ---- | M] () -- C:\Users\Norb\Desktop\adwcleaner.exe
[2012.09.19 23:24:36 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000Core.job
[2012.09.19 23:10:00 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000UA.job
[2012.09.19 19:21:46 | 000,659,690 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.09.19 19:21:46 | 000,620,836 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.09.19 19:21:46 | 000,132,970 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.09.19 19:21:46 | 000,108,760 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.09.19 19:21:45 | 001,513,970 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.09.19 15:35:22 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Norb\Desktop\OTL.exe
[2012.09.18 18:07:29 | 000,002,350 | ---- | M] () -- C:\Users\Norb\Desktop\Google Chrome.lnk
[2012.09.18 17:12:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.17 22:56:23 | 000,001,037 | ---- | M] () -- C:\Users\Norb\Desktop\Dropbox.lnk
[2012.09.17 22:53:12 | 000,001,047 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Norb\*.tmp files -> C:\Users\Norb\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.19 23:30:45 | 000,512,737 | ---- | C] () -- C:\Users\Norb\Desktop\adwcleaner.exe
[2012.09.18 18:07:29 | 000,002,350 | ---- | C] () -- C:\Users\Norb\Desktop\Google Chrome.lnk
[2012.09.18 18:05:44 | 000,001,116 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000UA.job
[2012.09.18 18:05:43 | 000,001,064 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000Core.job
[2012.09.18 17:12:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.17 22:56:23 | 000,001,037 | ---- | C] () -- C:\Users\Norb\Desktop\Dropbox.lnk
[2012.09.17 22:53:12 | 000,001,047 | ---- | C] () -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.11.26 09:34:05 | 000,100,726 | ---- | C] () -- C:\Program Files (x86)\winrar.lng
[2011.11.26 09:34:05 | 000,038,092 | ---- | C] () -- C:\Program Files (x86)\rar.lng
[2011.11.26 09:34:05 | 000,008,084 | ---- | C] () -- C:\Program Files (x86)\uninstall.lng
[2011.11.26 09:34:05 | 000,003,584 | ---- | C] () -- C:\Program Files (x86)\rarext.lng
[2011.11.26 09:34:04 | 000,312,149 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm
[2011.11.26 09:34:04 | 000,106,118 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2011.11.26 09:34:04 | 000,102,864 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2011.11.26 09:34:04 | 000,079,872 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2011.11.26 09:34:04 | 000,073,728 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2011.11.26 09:34:03 | 000,135,814 | ---- | C] () -- C:\Program Files (x86)\Default64.SFX
[2011.11.26 09:34:03 | 000,099,840 | ---- | C] () -- C:\Program Files (x86)\Default.SFX
[2011.11.26 09:34:02 | 000,140,288 | ---- | C] () -- C:\Program Files (x86)\RarExt32.dll
[2011.11.26 09:34:01 | 001,163,264 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe
[2011.11.26 09:34:01 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll
[2011.11.26 09:34:00 | 000,417,792 | ---- | C] () -- C:\Program Files (x86)\Rar.exe
[2011.11.26 09:34:00 | 000,276,992 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe
[2011.11.26 09:34:00 | 000,003,973 | ---- | C] () -- C:\Program Files (x86)\Order.htm
[2011.11.26 09:34:00 | 000,001,400 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2011.11.26 09:34:00 | 000,000,700 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2011.11.26 09:33:59 | 000,001,422 | ---- | C] () -- C:\Program Files (x86)\Descript.ion
[2011.11.26 09:33:59 | 000,000,622 | ---- | C] () -- C:\Program Files (x86)\File_Id.diz
[2011.05.14 21:46:10 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011.05.13 15:43:17 | 000,278,528 | ---- | C] () -- C:\windows\SysWow64\LXDCinst.dll
[2011.05.13 15:43:16 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcinpa.dll
[2011.05.13 15:43:16 | 000,385,024 | ---- | C] () -- C:\windows\SysWow64\lxdccomx.dll
[2011.05.13 15:43:15 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\lxdciesc.dll
[2011.05.13 15:43:13 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcpmui.dll
[2011.05.13 15:43:11 | 000,999,424 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcusb1.dll
[2011.05.13 15:43:10 | 001,232,896 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcserv.dll
[2011.05.13 15:43:10 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcprox.dll
[2011.05.13 15:43:09 | 000,181,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcppls.exe
[2011.05.13 15:43:09 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcpplc.dll
[2011.05.13 15:43:08 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\lxdclmpm.dll
[2011.05.13 15:43:08 | 000,385,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcih.exe
[2011.05.13 15:43:07 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\lxdchbn3.dll
[2011.05.13 15:43:07 | 000,537,520 | ---- | C] ( ) -- C:\windows\SysWow64\lxdccoms.exe
[2011.05.13 15:43:06 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxdccomc.dll
[2011.05.13 15:43:06 | 000,425,984 | ---- | C] ( ) -- C:\windows\SysWow64\lxdccomm.dll
[2011.05.07 12:29:52 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011.05.07 12:29:52 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2011.01.15 15:27:30 | 001,541,588 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.01.14 16:23:36 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
 
========== ZeroAccess Check ==========
 
[2011.01.15 15:15:26 | 000,000,197 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[1].txt
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2011.01.15 01:25:42 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\ArcSyncConfig
[2012.09.20 14:46:08 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\Dropbox
[2011.11.09 23:19:43 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\DVDVideoSoft
[2011.01.14 23:02:39 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.14 23:05:21 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\NCH Swift Sound
[2012.08.10 18:15:01 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\PC Suite
[2012.08.10 16:50:32 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\Samsung
[2011.05.15 15:59:38 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\Scilab
[2012.09.19 23:23:26 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\SoftGrid Client
[2011.01.16 19:27:09 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\Swiss Academic Software
[2011.01.15 15:29:15 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >
Wie geht es nun weiter?

ryder 20.09.2012 18:48
Wir entfernen jetzt das "Startfenster" und schauen ob wir auch alles erwischt haben.

Schritt 1:

Fix mit OTL
Code:
:OTL
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"

:commands
[Emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2:

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://larusso.trojaner-board.de/Images/eset.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher, dass bei Remove Found Threads kein Haken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurdeBitte poste die Logfile hier.

Schritt 3:

Windows 7 Service Pack 1 installieren http://download.microsoft.com/downlo...976932-X86.exe
  • Lade dir bitte das Servicepack 1 für Win 7 64-bit .
  • Starte die Installation. Das Update kann wenige Minuten bis über eine Stunde dauern und wird einen Neustart erfordern.

Schritt 4:

Kontrollscan mit OTL

Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

ryder 24.09.2012 20:55
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Norb11 25.09.2012 13:06
Entschuldigung! Ich war die letzten Tage verreist und hatte kein Zugang zu meinem Rechner.
Ich nehme das gleich heute Nachmittag in Angriff und melde mich dann persönlich bei dir.
Danke für die weitere Hilfe. ;)

Fix mit OTL:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b106b661-3e1b-4015-af5c-195e909f35c6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b106b661-3e1b-4015-af5c-195e909f35c6}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "hxxp://www.startfenster.com" removed from browser.startup.homepage
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Norb
->Temp folder emptied: 318319317 bytes
->Temporary Internet Files folder emptied: 412137441 bytes
->Java cache emptied: 23078847 bytes
->FireFox cache emptied: 441515574 bytes
->Google Chrome cache emptied: 420014609 bytes
->Flash cache emptied: 98589 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533399 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 498986822 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36049771 bytes
RecycleBin emptied: 1818035100 bytes
 
Total Files Cleaned = 3.786,00 mb
 
 
OTL by OldTimer - Version 3.2.64.0 log created on 09232012_005412

Files\Folders moved on Reboot...
C:\Users\Norb\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ESET Online Scanner:

Code:
C:\Users\Norb\Downloads\goog1e_roller_canaria.zip        a variant of Win32/Kryptik.ALRG trojan

Norb11 26.09.2012 14:57
Kontrollscan mit OTL:

Code:
OTL logfile created on: 26.09.2012 14:38:15 - Run 3
OTL by OldTimer - Version 3.2.64.0    Folder = C:\Users\Norb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 64,37% Memory free
7,99 Gb Paging File | 6,36 Gb Available in Paging File | 79,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 336,49 Gb Free Space | 79,77% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 28,11 Gb Free Space | 96,93% Space Free | Partition Type: NTFS
 
Computer Name: NORB-PC | User Name: Norb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Norb\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Norb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe (Lexmark)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.Monitor.Core.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.Monitor.Common.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.ScanDevMon.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.MCMDevMon.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (lxdc_device) -- C:\Windows\SysNative\lxdccoms.exe ( )
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (lxdc_device) -- C:\Windows\SysWOW64\lxdccoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo)
DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://lenovo.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 65 6E AC 7C 9A CD 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.2
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledAddons: zotero@chnm.gmu.edu:3.0.8
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.2
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Norb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Norb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.19 23:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.27 12:27:47 | 000,000,000 | ---D | M]
 
[2011.01.15 15:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\Extensions
[2012.09.24 00:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions
[2012.08.06 14:34:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.09 23:19:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.05 22:17:39 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\zotero@chnm.gmu.edu
[2012.02.22 00:04:07 | 000,029,003 | ---- | M] () (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.09.24 00:17:45 | 000,616,675 | ---- | M] () (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\extensions\toolbar@web.de.xpi
[2012.09.24 00:18:00 | 000,000,853 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\11-suche.xml
[2012.09.24 00:18:00 | 000,002,209 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\englische-ergebnisse.xml
[2012.09.24 00:18:00 | 000,010,506 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\gmx-suche.xml
[2012.09.24 00:19:47 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-1.xml
[2012.08.06 14:37:21 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-10.xml
[2011.09.26 13:10:20 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-2.xml
[2011.09.27 12:29:21 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-3.xml
[2011.10.05 21:35:53 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-4.xml
[2011.11.14 13:45:40 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-5.xml
[2011.12.06 07:19:37 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-6.xml
[2012.02.23 12:39:03 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-7.xml
[2012.04.18 17:42:49 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-8.xml
[2012.06.08 10:56:43 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-9.xml
[2011.08.19 10:01:33 | 000,001,056 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin.xml
[2012.09.24 00:18:00 | 000,002,368 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\lastminute.xml
[2012.09.24 00:18:00 | 000,005,489 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\webde-suche.xml
[2012.02.23 12:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.18 17:42:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.09 10:12:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.18 17:42:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.18 17:42:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.18 17:42:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.18 17:42:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.18 17:42:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.18 17:42:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Windows 8 = C:\Users\Norb\AppData\Local\Google\Chrome\User Data\Default\Extensions\edpkfnpekfoegfgmogglbjbbgcdnphph\1.1_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [lxdcamon] C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe (Lexmark)
O4:64bit: - HKLM..\Run: [lxdcmon.exe] "C:\Program Files (x86)\Lexmark 1300 Series\lxdcmon.exe" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Norb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF6ED69-0502-461E-B88F-A1E6ECF6DE15}: DhcpNameServer = 80.58.61.250 80.58.61.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.26 01:25:20 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2012.09.26 00:33:58 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\SysNative\fms.dll
[2012.09.26 00:32:27 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\SysWow64\fms.dll
[2012.09.25 17:52:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2012.09.24 18:48:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Norb\Desktop\esetsmartinstaller_enu(1).exe
[2012.09.24 00:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.23 00:54:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.19 15:35:19 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Norb\Desktop\OTL.exe
[2012.09.18 18:59:10 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\vlc
[2012.09.18 18:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.09.18 18:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.09.18 18:07:26 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.09.18 17:13:20 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Malwarebytes
[2012.09.18 17:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.18 17:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.18 17:12:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.09.18 17:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.17 22:56:23 | 000,000,000 | R--D | C] -- C:\Users\Norb\Dropbox
[2012.09.17 22:52:45 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.09.17 22:47:29 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Dropbox
[2012.09.02 19:39:16 | 000,000,000 | ---D | C] -- C:\Users\Norb\Desktop\Gran Canaria
[2012.09.02 19:38:55 | 000,000,000 | ---D | C] -- C:\Users\Norb\Desktop\Casa
[2012.08.31 12:31:37 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012.08.31 12:31:34 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Norb\*.tmp files -> C:\Users\Norb\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.26 14:48:24 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.26 14:42:43 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 14:42:43 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 14:34:46 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.26 14:33:46 | 000,374,752 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.09.26 14:33:41 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2012.09.26 14:33:26 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.26 07:10:00 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000UA.job
[2012.09.26 07:03:58 | 000,002,469 | ---- | M] () -- C:\Users\Norb\Desktop\Google Chrome.lnk
[2012.09.26 06:59:02 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.09.26 01:48:25 | 001,513,970 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.09.26 01:48:25 | 000,659,690 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.09.26 01:48:25 | 000,620,836 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.09.26 01:48:25 | 000,132,970 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.09.26 01:48:25 | 000,108,760 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.09.25 18:15:32 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000Core.job
[2012.09.24 18:48:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Norb\Desktop\esetsmartinstaller_enu(1).exe
[2012.09.19 23:30:47 | 000,512,737 | ---- | M] () -- C:\Users\Norb\Desktop\adwcleaner.exe
[2012.09.19 15:35:22 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Norb\Desktop\OTL.exe
[2012.09.18 17:12:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.17 22:56:23 | 000,001,037 | ---- | M] () -- C:\Users\Norb\Desktop\Dropbox.lnk
[2012.09.17 22:53:12 | 000,001,047 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Norb\*.tmp files -> C:\Users\Norb\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.26 06:59:02 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.09.26 00:34:46 | 000,347,904 | ---- | C] () -- C:\windows\SysNative\systemsf.ebd
[2012.09.26 00:33:56 | 000,001,041 | ---- | C] () -- C:\windows\SysWow64\tcpbidi.xml
[2012.09.26 00:32:41 | 000,010,429 | ---- | C] () -- C:\windows\SysNative\ScavengeSpace.xml
[2012.09.26 00:32:40 | 000,105,559 | ---- | C] () -- C:\windows\SysWow64\RacRules.xml
[2012.09.26 00:32:40 | 000,105,559 | ---- | C] () -- C:\windows\SysNative\RacRules.xml
[2012.09.19 23:30:45 | 000,512,737 | ---- | C] () -- C:\Users\Norb\Desktop\adwcleaner.exe
[2012.09.18 18:07:29 | 000,002,469 | ---- | C] () -- C:\Users\Norb\Desktop\Google Chrome.lnk
[2012.09.18 18:05:44 | 000,001,116 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000UA.job
[2012.09.18 18:05:43 | 000,001,064 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000Core.job
[2012.09.18 17:12:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.17 22:56:23 | 000,001,037 | ---- | C] () -- C:\Users\Norb\Desktop\Dropbox.lnk
[2012.09.17 22:53:12 | 000,001,047 | ---- | C] () -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.11.26 09:34:05 | 000,100,726 | ---- | C] () -- C:\Program Files (x86)\winrar.lng
[2011.11.26 09:34:05 | 000,038,092 | ---- | C] () -- C:\Program Files (x86)\rar.lng
[2011.11.26 09:34:05 | 000,008,084 | ---- | C] () -- C:\Program Files (x86)\uninstall.lng
[2011.11.26 09:34:05 | 000,003,584 | ---- | C] () -- C:\Program Files (x86)\rarext.lng
[2011.11.26 09:34:04 | 000,312,149 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm
[2011.11.26 09:34:04 | 000,106,118 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2011.11.26 09:34:04 | 000,102,864 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2011.11.26 09:34:04 | 000,079,872 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2011.11.26 09:34:04 | 000,073,728 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2011.11.26 09:34:03 | 000,135,814 | ---- | C] () -- C:\Program Files (x86)\Default64.SFX
[2011.11.26 09:34:03 | 000,099,840 | ---- | C] () -- C:\Program Files (x86)\Default.SFX
[2011.11.26 09:34:02 | 000,140,288 | ---- | C] () -- C:\Program Files (x86)\RarExt32.dll
[2011.11.26 09:34:01 | 001,163,264 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe
[2011.11.26 09:34:01 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll
[2011.11.26 09:34:00 | 000,417,792 | ---- | C] () -- C:\Program Files (x86)\Rar.exe
[2011.11.26 09:34:00 | 000,276,992 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe
[2011.11.26 09:34:00 | 000,003,973 | ---- | C] () -- C:\Program Files (x86)\Order.htm
[2011.11.26 09:34:00 | 000,001,400 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2011.11.26 09:34:00 | 000,000,700 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2011.11.26 09:33:59 | 000,001,422 | ---- | C] () -- C:\Program Files (x86)\Descript.ion
[2011.11.26 09:33:59 | 000,000,622 | ---- | C] () -- C:\Program Files (x86)\File_Id.diz
[2011.05.14 21:46:10 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011.05.13 15:43:17 | 000,278,528 | ---- | C] () -- C:\windows\SysWow64\LXDCinst.dll
[2011.05.13 15:43:16 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcinpa.dll
[2011.05.13 15:43:16 | 000,385,024 | ---- | C] () -- C:\windows\SysWow64\lxdccomx.dll
[2011.05.13 15:43:15 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\lxdciesc.dll
[2011.05.13 15:43:13 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcpmui.dll
[2011.05.13 15:43:11 | 000,999,424 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcusb1.dll
[2011.05.13 15:43:10 | 001,232,896 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcserv.dll
[2011.05.13 15:43:10 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcprox.dll
[2011.05.13 15:43:09 | 000,181,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcppls.exe
[2011.05.13 15:43:09 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcpplc.dll
[2011.05.13 15:43:08 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\lxdclmpm.dll
[2011.05.13 15:43:08 | 000,385,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcih.exe
[2011.05.13 15:43:07 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\lxdchbn3.dll
[2011.05.13 15:43:07 | 000,537,520 | ---- | C] ( ) -- C:\windows\SysWow64\lxdccoms.exe
[2011.05.13 15:43:06 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxdccomc.dll
[2011.05.13 15:43:06 | 000,425,984 | ---- | C] ( ) -- C:\windows\SysWow64\lxdccomm.dll
[2011.05.07 12:29:52 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011.05.07 12:29:52 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2011.01.15 15:27:30 | 001,541,588 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.01.14 16:23:36 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
 
========== ZeroAccess Check ==========
 
[2011.01.15 15:15:26 | 000,000,197 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[1].txt
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2011.01.15 01:25:42 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\ArcSyncConfig
[2012.09.26 14:36:21 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\Dropbox
[2011.11.09 23:19:43 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\DVDVideoSoft
[2011.01.14 23:02:39 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.14 23:05:21 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\NCH Swift Sound
[2012.08.10 18:15:01 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\PC Suite
[2012.08.10 16:50:32 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\Samsung
[2011.05.15 15:59:38 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\Scilab
[2012.09.25 01:33:59 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\SoftGrid Client
[2011.01.16 19:27:09 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\Swiss Academic Software
[2011.01.15 15:29:15 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >

ryder 26.09.2012 19:18
Gut! :daumenhoc

Da sich die eine Startseite noch nicht entfernen lies, machen wir das manuell, entfernen noch den Fund von ESET und dann sollten wir durch sein.

Schritt 1:
Fix mit OTL

Zitat:
Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.
Code:
:files
C:\Users\Norb\Downloads\goog1e_roller_canaria.zip
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
  • Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein! :kaffee:

Schritt 2:
Firefox: Startseite festlegen
Schritt 3:
Kontrollscan mit OTL
  • Starte bitte OTL.exe und drücke den Quick Scan Button.
  • Poste die OTL.txt hier in deinen Thread.

Norb11 26.09.2012 22:51
Fix mit OTL:

Code:
========== FILES ==========
C:\Users\Norb\Downloads\goog1e_roller_canaria.zip moved successfully.
 
OTL by OldTimer - Version 3.2.64.0 log created on 09262012_224924
Firefox Startseite habe ich auf www.google.de wie beschrieben umgeändert!

Und nun noch der Kontrollscan mit OTL:

Code:
OTL logfile created on: 26.09.2012 22:53:48 - Run 4
OTL by OldTimer - Version 3.2.64.0    Folder = C:\Users\Norb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,90% Memory free
7,99 Gb Paging File | 6,35 Gb Available in Paging File | 79,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 335,72 Gb Free Space | 79,59% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 28,11 Gb Free Space | 96,93% Space Free | Partition Type: NTFS
 
Computer Name: NORB-PC | User Name: Norb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Norb\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Norb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe (Lexmark)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll ()
MOD - C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.Monitor.Core.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.Monitor.Common.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.ScanDevMon.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.MCMDevMon.dll ()
MOD - C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (lxdc_device) -- C:\Windows\SysNative\lxdccoms.exe ( )
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (lxdc_device) -- C:\Windows\SysWOW64\lxdccoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo)
DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://lenovo.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 65 6E AC 7C 9A CD 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.2
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledAddons: zotero@chnm.gmu.edu:3.0.8
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.2
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Norb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Norb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.19 23:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.27 12:27:47 | 000,000,000 | ---D | M]
 
[2011.01.15 15:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\Extensions
[2012.09.24 00:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions
[2012.08.06 14:34:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.09 23:19:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.05 22:17:39 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Norb\AppData\Roaming\mozilla\Firefox\Profiles\nuhnlz4n.default\extensions\zotero@chnm.gmu.edu
[2012.02.22 00:04:07 | 000,029,003 | ---- | M] () (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.09.24 00:17:45 | 000,616,675 | ---- | M] () (No name found) -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\extensions\toolbar@web.de.xpi
[2012.09.24 00:18:00 | 000,000,853 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\11-suche.xml
[2012.09.24 00:18:00 | 000,002,209 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\englische-ergebnisse.xml
[2012.09.24 00:18:00 | 000,010,506 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\gmx-suche.xml
[2012.09.24 00:19:47 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-1.xml
[2012.08.06 14:37:21 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-10.xml
[2011.09.26 13:10:20 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-2.xml
[2011.09.27 12:29:21 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-3.xml
[2011.10.05 21:35:53 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-4.xml
[2011.11.14 13:45:40 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-5.xml
[2011.12.06 07:19:37 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-6.xml
[2012.02.23 12:39:03 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-7.xml
[2012.04.18 17:42:49 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-8.xml
[2012.06.08 10:56:43 | 000,000,950 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin-9.xml
[2011.08.19 10:01:33 | 000,001,056 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\icqplugin.xml
[2012.09.24 00:18:00 | 000,002,368 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\lastminute.xml
[2012.09.24 00:18:00 | 000,005,489 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\mozilla\firefox\profiles\nuhnlz4n.default\searchplugins\webde-suche.xml
[2012.02.23 12:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.18 17:42:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.09 10:12:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.18 17:42:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.18 17:42:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.18 17:42:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.18 17:42:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.18 17:42:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.18 17:42:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Norb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Windows 8 = C:\Users\Norb\AppData\Local\Google\Chrome\User Data\Default\Extensions\edpkfnpekfoegfgmogglbjbbgcdnphph\1.1_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [lxdcamon] C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe (Lexmark)
O4:64bit: - HKLM..\Run: [lxdcmon.exe] "C:\Program Files (x86)\Lexmark 1300 Series\lxdcmon.exe" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Norb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF6ED69-0502-461E-B88F-A1E6ECF6DE15}: DhcpNameServer = 80.58.61.250 80.58.61.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.26 01:25:20 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2012.09.26 00:33:58 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\SysNative\fms.dll
[2012.09.26 00:32:27 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\SysWow64\fms.dll
[2012.09.25 17:52:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2012.09.24 18:48:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Norb\Desktop\esetsmartinstaller_enu(1).exe
[2012.09.24 00:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.23 00:54:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.19 15:35:19 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Norb\Desktop\OTL.exe
[2012.09.18 18:59:10 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\vlc
[2012.09.18 18:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.09.18 18:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.09.18 18:07:26 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.09.18 17:13:20 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Malwarebytes
[2012.09.18 17:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.18 17:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.18 17:12:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.09.18 17:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.17 22:56:23 | 000,000,000 | R--D | C] -- C:\Users\Norb\Dropbox
[2012.09.17 22:52:45 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.09.17 22:47:29 | 000,000,000 | ---D | C] -- C:\Users\Norb\AppData\Roaming\Dropbox
[2012.09.02 19:39:16 | 000,000,000 | ---D | C] -- C:\Users\Norb\Desktop\Gran Canaria
[2012.09.02 19:38:55 | 000,000,000 | ---D | C] -- C:\Users\Norb\Desktop\Casa
[2012.08.31 12:31:37 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012.08.31 12:31:34 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Norb\*.tmp files -> C:\Users\Norb\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.26 22:48:00 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.26 22:21:34 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2012.09.26 22:21:33 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000UA.job
[2012.09.26 18:11:31 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000Core.job
[2012.09.26 15:48:01 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.26 14:42:43 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 14:42:43 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.26 14:33:46 | 000,374,752 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.09.26 14:33:26 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.26 07:03:58 | 000,002,469 | ---- | M] () -- C:\Users\Norb\Desktop\Google Chrome.lnk
[2012.09.26 06:59:02 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.09.26 01:48:25 | 001,513,970 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.09.26 01:48:25 | 000,659,690 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.09.26 01:48:25 | 000,620,836 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.09.26 01:48:25 | 000,132,970 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.09.26 01:48:25 | 000,108,760 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.09.24 18:48:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Norb\Desktop\esetsmartinstaller_enu(1).exe
[2012.09.19 23:30:47 | 000,512,737 | ---- | M] () -- C:\Users\Norb\Desktop\adwcleaner.exe
[2012.09.19 15:35:22 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Norb\Desktop\OTL.exe
[2012.09.18 17:12:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.17 22:56:23 | 000,001,037 | ---- | M] () -- C:\Users\Norb\Desktop\Dropbox.lnk
[2012.09.17 22:53:12 | 000,001,047 | ---- | M] () -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Norb\*.tmp files -> C:\Users\Norb\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.26 06:59:02 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.09.26 00:34:46 | 000,347,904 | ---- | C] () -- C:\windows\SysNative\systemsf.ebd
[2012.09.26 00:33:56 | 000,001,041 | ---- | C] () -- C:\windows\SysWow64\tcpbidi.xml
[2012.09.26 00:32:41 | 000,010,429 | ---- | C] () -- C:\windows\SysNative\ScavengeSpace.xml
[2012.09.26 00:32:40 | 000,105,559 | ---- | C] () -- C:\windows\SysWow64\RacRules.xml
[2012.09.26 00:32:40 | 000,105,559 | ---- | C] () -- C:\windows\SysNative\RacRules.xml
[2012.09.19 23:30:45 | 000,512,737 | ---- | C] () -- C:\Users\Norb\Desktop\adwcleaner.exe
[2012.09.18 18:07:29 | 000,002,469 | ---- | C] () -- C:\Users\Norb\Desktop\Google Chrome.lnk
[2012.09.18 18:05:44 | 000,001,116 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000UA.job
[2012.09.18 18:05:43 | 000,001,064 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3012472162-3527673009-745750261-1000Core.job
[2012.09.18 17:12:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.17 22:56:23 | 000,001,037 | ---- | C] () -- C:\Users\Norb\Desktop\Dropbox.lnk
[2012.09.17 22:53:12 | 000,001,047 | ---- | C] () -- C:\Users\Norb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.11.26 09:34:05 | 000,100,726 | ---- | C] () -- C:\Program Files (x86)\winrar.lng
[2011.11.26 09:34:05 | 000,038,092 | ---- | C] () -- C:\Program Files (x86)\rar.lng
[2011.11.26 09:34:05 | 000,008,084 | ---- | C] () -- C:\Program Files (x86)\uninstall.lng
[2011.11.26 09:34:05 | 000,003,584 | ---- | C] () -- C:\Program Files (x86)\rarext.lng
[2011.11.26 09:34:04 | 000,312,149 | ---- | C] () -- C:\Program Files (x86)\WinRAR.chm
[2011.11.26 09:34:04 | 000,106,118 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2011.11.26 09:34:04 | 000,102,864 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2011.11.26 09:34:04 | 000,079,872 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2011.11.26 09:34:04 | 000,073,728 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2011.11.26 09:34:03 | 000,135,814 | ---- | C] () -- C:\Program Files (x86)\Default64.SFX
[2011.11.26 09:34:03 | 000,099,840 | ---- | C] () -- C:\Program Files (x86)\Default.SFX
[2011.11.26 09:34:02 | 000,140,288 | ---- | C] () -- C:\Program Files (x86)\RarExt32.dll
[2011.11.26 09:34:01 | 001,163,264 | ---- | C] () -- C:\Program Files (x86)\WinRAR.exe
[2011.11.26 09:34:01 | 000,164,864 | ---- | C] () -- C:\Program Files (x86)\RarExt.dll
[2011.11.26 09:34:00 | 000,417,792 | ---- | C] () -- C:\Program Files (x86)\Rar.exe
[2011.11.26 09:34:00 | 000,276,992 | ---- | C] () -- C:\Program Files (x86)\UnRAR.exe
[2011.11.26 09:34:00 | 000,003,973 | ---- | C] () -- C:\Program Files (x86)\Order.htm
[2011.11.26 09:34:00 | 000,001,400 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2011.11.26 09:34:00 | 000,000,700 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2011.11.26 09:33:59 | 000,001,422 | ---- | C] () -- C:\Program Files (x86)\Descript.ion
[2011.11.26 09:33:59 | 000,000,622 | ---- | C] () -- C:\Program Files (x86)\File_Id.diz
[2011.05.14 21:46:10 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011.05.13 15:43:17 | 000,278,528 | ---- | C] () -- C:\windows\SysWow64\LXDCinst.dll
[2011.05.13 15:43:16 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcinpa.dll
[2011.05.13 15:43:16 | 000,385,024 | ---- | C] () -- C:\windows\SysWow64\lxdccomx.dll
[2011.05.13 15:43:15 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\lxdciesc.dll
[2011.05.13 15:43:13 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcpmui.dll
[2011.05.13 15:43:11 | 000,999,424 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcusb1.dll
[2011.05.13 15:43:10 | 001,232,896 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcserv.dll
[2011.05.13 15:43:10 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcprox.dll
[2011.05.13 15:43:09 | 000,181,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcppls.exe
[2011.05.13 15:43:09 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcpplc.dll
[2011.05.13 15:43:08 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\lxdclmpm.dll
[2011.05.13 15:43:08 | 000,385,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxdcih.exe
[2011.05.13 15:43:07 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\lxdchbn3.dll
[2011.05.13 15:43:07 | 000,537,520 | ---- | C] ( ) -- C:\windows\SysWow64\lxdccoms.exe
[2011.05.13 15:43:06 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxdccomc.dll
[2011.05.13 15:43:06 | 000,425,984 | ---- | C] ( ) -- C:\windows\SysWow64\lxdccomm.dll
[2011.05.07 12:29:52 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011.05.07 12:29:52 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2011.01.15 15:27:30 | 001,541,588 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.01.14 16:23:36 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
 
========== ZeroAccess Check ==========
 
[2011.01.15 15:15:26 | 000,000,197 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[1].txt
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2011.01.15 01:25:42 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\ArcSyncConfig
[2012.09.26 20:52:51 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\Dropbox
[2011.11.09 23:19:43 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\DVDVideoSoft
[2011.01.14 23:02:39 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.14 23:05:21 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\NCH Swift Sound
[2012.08.10 18:15:01 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\PC Suite
[2012.08.10 16:50:32 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\Samsung
[2011.05.15 15:59:38 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\Scilab
[2012.09.25 01:33:59 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\SoftGrid Client
[2011.01.16 19:27:09 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\Swiss Academic Software
[2011.01.15 15:29:15 | 000,000,000 | ---D | M] -- C:\Users\Norb\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >

ryder 27.09.2012 11:42
Prima. :daumenhoc

Damit wären wir fertig. Wir räumen noch ein wenig auf und dann habe ich noch ein paar Tipps für dich.

Schritt 1:
Systemwiederherstellungspunkte löschen mit OTL
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
    Code:
    :Commands
    [CLEARALLRESTOREPOINTS]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Schritt 2:
AdwCleaner entfernen
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.
Schritt 3:
Toolbereinigung mit OTL
  • Starte bitte OTL und klicke auf Bereinigung.
  • Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben.
  • Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.
Schritt 4:
ESET deinstallieren (Optional)

Ich empfehle dir dein System einmal pro Woche mit ESET zu scannen. Möchtest du ESET aber entfernen:
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Code:
"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
Schritt 5:
Update: Firefox & Addons
Schritt 6:
Java Update

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
  • Während der Installation entferne den Haken bei:
    http://www.trojaner-board.de/picture...&pictureid=319
  • Wenn die Installation beendet wurde:
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart:
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.

Hinweis:
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:34 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131