Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   schwarzer desktop und alle datein + programme verschwunden (https://www.trojaner-board.de/124714-schwarzer-desktop-alle-datein-programme-verschwunden.html)

Schnauf8 26.09.2012 11:17
schwarzer desktop und alle datein + programme verschwunden
 
hallo an alle!

gestern wurde plötzlich mein desktophintergrund schwarz und alle programme und dateien waren weg. bis auf den papierkorb und mozilla firefox (welches aber nicht mehr funktioniert.) unzählige error meldungen kamen, fenster ploppten auf und ich wurde durch ein anderes fenster, dass sich öffnete, darauf hingewiessen, ein programm zu kaufen, welches den schaden wieder reparieren würde. das habe ich natürlich nicht gemacht!
ich habe meinen laptop mit adaware und danach mit avast!antivirus gescannt. beide programme fanden aber nichts! heute habe ich mit malwarebytes nochmal alles gescannt und dabei kam so einiges raus. ich muss dazu sagen, ich kenne mich überhaupt nicht aus und habe keine ahnung, was zu tun ist! das was gefunden wurde, ist jetzt in quarantäne. 17 objekte. 15 trojaner und 2 mal PUM.hijack. soll ich diese nun löschen? im moment bin ich im abgesicherten modus mit netzwerktreiber in meinem laptop drin. im normalen modus läuft kaum etwas bzw alles in superzeitlupe und alle programme sind immernoch verschwunden.
vlt weiss von euch irgendjemand rat, was ich noch unternehmen soll?!
unten habe ich die log-ergebnisse von malwarebytes hineinkopiert.



Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.25.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Deaktiviert

25.09.2012 12:40:00
mbam-log-2012-09-25 (12-40-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195979
Laufzeit: 4 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rmARWGtDjHvYrkh.exe (Trojan.FakeAlert) -> Daten: C:\ProgramData\rmARWGtDjHvYrkh.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|EElJfUSLQMOTZp (Trojan.FakeAlert) -> Daten: C:\ProgramData\EElJfUSLQMOTZp.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\rmARWGtDjHvYrkh.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\EElJfUSLQMOTZp.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.25.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Deaktiviert

25.09.2012 16:50:46
mbam-log-2012-09-25 (16-50-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377280
Laufzeit: 56 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BL116P5O\readme[1].exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
danke, schon mal dafür, dass ihr euch die zeit nehmt, um meinen eintrag zu lesen!

VLG

DerJazzer 26.09.2012 13:15
:hallo:

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld :)

Schnauf8 26.09.2012 13:47
dankeschön jazzer, für dein schnelles schreiben und schon mal danke, für dein bemühen, mir zu helfen!!! toll, von dir! :daumenhoc

DerJazzer 26.09.2012 14:02
Hallo und :hallo:

Ich bin Christoph und möchte dir bei deinem Problem helfen.
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (Posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software außer Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen außer ich fordere Dich dazu auf. Erschwert mir nämlich das Auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein PC clean ist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Schritt 1

Bitte begebe dich in den Abgesicherten Modus.

Befolge bitte die hier geschilderten Anweisungen und poste die geforderten Logfiles.

Bitte poste in deiner nächsten Antwort
  • OTL.txt & Extras.txt
  • Gmer.txt

Schnauf8 26.09.2012 16:21
hallo christoph!

hier sind die otl.txt ergebnisse:

OTL Logfile:
Code:
OTL logfile created on: 26.09.2012 15:12:10 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 75,50% Memory free
6,18 Gb Paging File | 5,68 Gb Available in Paging File | 91,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 146,77 Gb Free Space | 65,99% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe ()
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SYMREDRV) -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS File not found
DRV - (SYMDNS) -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100703.003\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100703.003\NAVENG.SYS File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (sbhips) -- C:\Windows\System32\drivers\sbhips.sys (GFI Software)
DRV - (sbapifs) -- C:\Windows\System32\drivers\sbapifs.sys (GFI Software)
DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (GFI Software)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100702.001\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\drivers\NIS\1008000.029\cchpx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\NIS\1008000.029\symtdi.sys (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\drivers\NIS\1008000.029\symfw.sys (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\drivers\NIS\1008000.029\symndisv.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1008000.029\SymEFA.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1008000.029\srtsp.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\drivers\NIS\1008000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1008000.029\srtspx.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {EE97B51A-20F2-4B92-BE28-538D5E0DADA1}
IE - HKLM\..\SearchScopes\{19754326-F44E-408D-B052-A7FAE7710AA7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3214568
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {adca5064-9e30-43fe-9856-58b07a3149fe} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {EE97B51A-20F2-4B92-BE28-538D5E0DADA1}
IE - HKCU\..\SearchScopes\{0A44FEC6-37BC-43AB-A054-3E0A1DC07A57}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3214568
IE - HKCU\..\SearchScopes\{19754326-F44E-408D-B052-A7FAE7710AA7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz_keyurl_search/?su="
FF - prefs.js..CommunityToolbar.originalSearchEngine: "data:text/plain,browser.search.defaultenginename=WEB.DE Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "FreeMake Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "FreeMake Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3228034&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011.04.24 16:48:36 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.24 21:48:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 18:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 18:00:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 18:00:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 18:00:03 | 000,000,000 | ---D | M]
 
[2010.12.24 19:58:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.24 19:58:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.09.20 14:55:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions
[2011.04.24 16:48:59 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.18 15:14:13 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.09.23 12:24:13 | 000,000,000 | -H-D | M] (Ad-Aware Security Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012.06.24 16:34:58 | 000,000,000 | -H-D | M] (FreeMake Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
[2012.09.03 11:10:28 | 000,000,000 | -H-D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011.11.03 15:19:18 | 000,000,933 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\11-suche.xml
[2012.06.14 16:03:04 | 000,000,919 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\conduit.xml
[2011.11.03 15:19:19 | 000,002,419 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\englische-ergebnisse.xml
[2011.11.03 15:19:18 | 000,010,525 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\gmx-suche.xml
[2011.11.03 15:19:19 | 000,002,457 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\lastminute.xml
[2011.08.13 12:07:35 | 000,005,508 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\webde-suche.xml
[2012.09.08 18:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.08 17:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.09.08 18:00:01 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.09.20 14:55:57 | 000,616,675 | -H-- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M5JLYXPV.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.09.08 18:00:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.04 16:08:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.17 21:03:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:46:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.17 21:03:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.17 21:03:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.17 21:03:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.17 21:03:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found
O4 - HKCU..\Run: [PhilipsSongbirdLauncher] C:\Programme\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63B0F2CE-4DF5-4CD8-BD2B-CADF98B5D1B5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD18C66B-7059-4412-A90A-2BF599DCE90B}: DhcpNameServer = 40.2.1.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6e51242c-bcae-11de-83f0-00269e0d7f6d}\Shell - "" = AutoRun
O33 - MountPoints2\{6e51242c-bcae-11de-83f0-00269e0d7f6d}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.25 17:58:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{42AED5A9-BF6E-4E45-92F1-49938B2F1471}
[2012.09.25 13:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.09.25 12:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.25 12:37:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.24 21:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.09.24 21:48:25 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.09.24 21:48:25 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.09.24 21:48:24 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.09.24 21:48:23 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.09.24 21:48:23 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.09.24 21:48:23 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.09.24 21:47:45 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.09.24 21:47:44 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.09.24 15:11:50 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012.09.24 12:36:34 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{FCB9D587-3975-42A6-A657-03F3D95AFAD4}
[2012.09.24 10:13:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.24 10:13:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.24 10:12:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.24 10:12:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.24 10:12:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.24 10:12:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.24 10:12:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.24 10:12:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.23 13:36:08 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.09.23 13:33:29 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.09.23 13:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.09.23 13:30:39 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2012.09.23 12:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.09.23 12:19:44 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{28CCA128-9C2C-4A0D-99D6-B6BD795F2F75}
[2012.09.20 14:55:43 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{26C67F8F-2A39-4CD0-A1A0-E50A625D5126}
[2012.09.19 11:23:26 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{462D0FF6-2C92-41C6-84DB-830835388AA6}
[2012.09.18 12:11:52 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{208ABD91-D1EA-456D-83F4-66880A7361AD}
[2012.09.17 14:21:39 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{F2170249-F1FA-4D04-A284-4E17051D7CC0}
[2012.09.16 13:07:16 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{8B0E685C-932E-44F2-BD6F-793DDE035217}
[2012.09.15 11:33:20 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{8A753310-A4FC-442C-8F9D-10D9EA661638}
[2012.09.14 19:42:59 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{9B9CB375-5727-4696-954B-F7FF2B04B636}
[2012.09.13 13:07:07 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{F038945A-04FD-4C4A-978D-B0068F20A332}
[2012.09.10 18:11:57 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{CF2583C5-05F5-4553-905A-7732C9F488AD}
[2012.09.09 14:26:13 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{05BF8F1B-4D03-4DCA-8C5E-74050CCD8937}
[2012.09.08 17:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.08 16:23:22 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{EA1FC3F5-FCA9-4410-AA45-3BA68B6B023E}
[2012.09.07 15:09:18 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{B846B9A1-1B25-4E3B-B868-50ABA5F0F592}
[2012.09.06 12:35:04 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{47A2C824-9060-4190-B4DD-5A655FC66332}
[2012.09.04 12:17:55 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{A0548D6D-367B-4D3D-A034-99A0BEC41509}
[2012.09.03 11:12:13 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\adaware
[2012.09.03 11:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.09.03 11:11:29 | 000,093,816 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\sbhips.sys
[2012.09.03 11:11:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2012.09.03 11:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012.09.03 11:10:36 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\adawarebp
[2012.09.03 11:10:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.09.03 11:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012.09.03 11:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012.09.03 11:03:51 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.09.03 10:39:46 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{83955893-EF53-4D60-BBAE-8E114CBA9549}
[2012.09.02 11:59:35 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{E446985A-97EF-4D7D-A1EA-B9D1827836A1}
[2012.09.01 14:28:00 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{2433A48C-CCBC-4390-B830-48A7FBC046FF}
[2012.08.31 12:11:04 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{02F0C828-F0E6-4A20-9C5C-9107380E0C31}
[2012.08.31 10:52:21 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{3D8D5071-C871-4422-B70A-59E96F5A43EA}
[2012.08.30 12:45:58 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{7B773C13-2200-4E8C-8621-2C8AE1305118}
[2012.08.29 14:24:22 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{61E90FF3-F4CC-4B43-B6FC-6796DAC212F4}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.26 14:05:40 | 000,008,268 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.09.26 10:24:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.25 17:57:06 | 000,000,247 | -H-- | M] () -- C:\ProgramData\hpqp.ini
[2012.09.25 17:55:57 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.25 17:55:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.25 17:55:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.25 17:54:59 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.25 12:37:20 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.24 21:48:26 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.09.24 21:48:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.09.24 21:48:23 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012.09.24 15:11:51 | 000,000,152 | -H-- | M] () -- C:\ProgramData\-EElJfUSLQMOTZpr
[2012.09.24 15:11:51 | 000,000,144 | -H-- | M] () -- C:\ProgramData\-EElJfUSLQMOTZp
[2012.09.24 15:11:50 | 000,000,607 | -H-- | M] () -- C:\Users\***\Desktop\File_Recovery.lnk
[2012.09.24 15:11:50 | 000,000,368 | -H-- | M] () -- C:\ProgramData\EElJfUSLQMOTZp
[2012.09.24 15:08:00 | 148,292,809 | -H-- | M] () -- C:\Users\***\Desktop\Desktopzeugs.zip
[2012.09.24 10:11:04 | 000,000,000 | ---- | M] () -- C:\hpfr3320.xml
[2012.09.24 10:08:12 | 000,333,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.23 17:21:46 | 000,043,952 | -H-- | M] () -- C:\Users\***\Desktop\Deckblatt.odt
[2012.09.23 14:24:18 | 000,018,812 | -H-- | M] () -- C:\Users\***\Desktop\Bewerbung.odt
[2012.09.23 13:36:29 | 000,001,028 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.09.23 12:45:44 | 000,644,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.23 12:45:44 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.23 12:45:44 | 000,131,638 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.23 12:45:44 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.11 12:42:52 | 000,042,496 | -H-- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.02 18:48:32 | 255,078,948 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.02 12:02:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.09.02 12:02:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
 
========== Files Created - No Company Name ==========
 
[2012.09.25 12:37:20 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.24 21:48:26 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.09.24 21:48:23 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012.09.24 15:11:51 | 000,000,152 | -H-- | C] () -- C:\ProgramData\-EElJfUSLQMOTZpr
[2012.09.24 15:11:50 | 000,000,607 | -H-- | C] () -- C:\Users\***\Desktop\File_Recovery.lnk
[2012.09.24 15:11:50 | 000,000,144 | -H-- | C] () -- C:\ProgramData\-EElJfUSLQMOTZp
[2012.09.24 15:11:17 | 000,000,368 | -H-- | C] () -- C:\ProgramData\EElJfUSLQMOTZp
[2012.09.23 17:21:44 | 000,043,952 | -H-- | C] () -- C:\Users\***\Desktop\Deckblatt.odt
[2012.09.23 14:29:57 | 001,037,574 | -H-- | C] () -- C:\Users\***\Desktop\Beurteilungsbogen.jpg
[2012.09.23 14:24:15 | 000,018,812 | -H-- | C] () -- C:\Users\***\Desktop\Bewerbung.odt
[2012.09.23 13:36:29 | 000,001,028 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2011.04.24 17:51:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.24 17:51:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.21 20:59:11 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~41869064r
[2010.04.26 10:14:14 | 000,008,268 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.10.30 15:21:13 | 000,042,496 | -H-- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.19 17:22:52 | 000,000,784 | -H-- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009.07.20 03:23:16 | 000,049,399 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009.07.20 03:10:29 | 000,000,247 | -H-- | C] () -- C:\ProgramData\hpqp.ini
[2009.07.20 03:06:27 | 000,049,399 | -H-- | C] () -- C:\ProgramData\nvModes.dat

< End of report >
--- --- ---






OTL Logfile:
Code:
OTL Extras logfile created on: 26.09.2012 15:12:10 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 75,50% Memory free
6,18 Gb Paging File | 5,68 Gb Available in Paging File | 91,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 146,77 Gb Free Space | 65,99% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB6B60A-686B-4F89-9B4E-F98C2AAFA1BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0F7C5D12-5D17-4B39-8FC0-CE186DC73C93}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1D1CC9D1-2267-4040-A090-A1E04C7F4E2A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A7A3B1F5-905C-4BAC-876F-BA93A085E52E}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CBF11B-490C-4392-B887-5A0AC9608BCA}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{16B61A5F-B4A3-434B-B6AA-6D2A78492A50}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1D188C0B-8DCE-4DB4-A12D-3C3F1AA37559}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2990C36B-3F6D-4BD8-9A13-29C851D96CBC}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{45AA25EE-3C91-44B6-AEF4-92FD06E97264}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{7F652154-42C0-4CC8-BC27-737EB7867AFF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AAB32EC5-44FC-4CF3-8FFE-264C5B7383F0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B3A99BD4-5C0C-405B-9D34-38C891DAE8F0}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{BEC0135C-D8DE-4471-9D56-A312F55D26EE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{CCDE8CED-79EB-40C5-8F16-393723C60D1F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CD761528-B5E1-4C35-8F84-F59E36F26186}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E3B9047B-2CAD-4EC5-A7A8-36E093F222A3}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F9B69B76-5B1F-44DA-85F4-3F8F03BDEB8B}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{FF03DEC4-E470-46B9-BCCB-56B5A4F72625}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"TCP Query User{387EA576-F55E-4E57-AD7A-F68D767E8A22}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D5409EDE-2854-45CE-ABA7-A6BBC725DF78}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"avast" = avast! Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Philips Songbird" = Philips Songbird
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.07.2011 05:23:12 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.07.2011 11:43:13 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2011 03:47:12 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2011 06:13:48 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2011 11:03:38 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.07.2011 05:33:00 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 05:21:29 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 12:33:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 12:36:08 | Computer Name = ***-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
 
Error - 24.07.2011 07:14:09 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 25.09.2012 13:31:52 | Computer Name = ***-PC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
 
Error - 26.09.2012 04:24:59 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 25.09.2012 um 21:53:32 unerwartet heruntergefahren.
 
Error - 26.09.2012 04:26:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 26.09.2012 04:26:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 26.09.2012 04:26:37 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 26.09.2012 04:26:45 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 26.09.2012 04:26:50 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 26.09.2012 04:26:52 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 26.09.2012 04:29:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 26.09.2012 05:20:07 | Computer Name = ***-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
 
< End of report >
--- --- ---


gmer.txt habe ich mir auch heruntergeladen, aber sobald ich versuche zu scannen kommt eine warnung von microsoft. danach stürzt der computer ab und der bildschirm wird blau.


VLG

DerJazzer 27.09.2012 15:00
Hi :)

bitte mache Folgendes:

Schritt 1

Mehrere Anti-Virus-Programme

Code:
Norton Internet Security
Avast! Free Antivirus
Ad-Aware Antivirus
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Außerdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."

Schritt 2
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Bitte poste in deiner nächsten Antwort
  • Combofix.txt

Schnauf8 27.09.2012 16:16
hallo christoph! =)

aaaalso, ich habe ad-aware und avast! gelöscht. ich wusste gar nicht, dass sich norton auf meinem rechner befindet! als ich versuchte, das zu deinstallieren tat sich nichts. ich habe dann norton drauf gelassen und die 2 anderen gelöscht.

Combofix Logfile:
Code:
ComboFix 12-09-27.02 - *** 27.09.2012  16:30:33.1.2 - x86 NETWORK
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\EElJfUSLQMOTZp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-27 bis 2012-09-27  ))))))))))))))))))))))))))))))
.
.
2012-09-27 14:36 . 2012-09-27 14:37        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-09-27 14:36 . 2012-09-27 14:36        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-27 14:11 . 2012-09-27 14:11        --------        d-----w-        c:\programdata\GFI Software
2012-09-25 11:13 . 2012-09-25 11:13        --------        d-----w-        c:\programdata\WindowsSearch
2012-09-25 10:37 . 2012-09-07 15:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-24 08:13 . 2012-08-24 07:34        140936        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2012-09-24 08:13 . 2012-08-24 06:48        194048        ----a-w-        c:\program files\Internet Explorer\IEShims.dll
2012-09-24 08:13 . 2012-08-24 06:47        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-09-24 08:13 . 2012-08-24 06:43        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-09-23 11:36 . 2012-09-23 11:36        --------        d--h--w-        c:\users\***\AppData\Roaming\OpenOffice.org
2012-09-23 11:32 . 2012-09-23 11:32        --------        d-----w-        c:\program files\OpenOffice.org 3
2012-09-23 10:47 . 2012-09-23 10:47        --------        d-----w-        c:\program files\MSECache
2012-09-03 09:11 . 2012-09-27 14:11        --------        d-----w-        c:\program files\Ad-Aware Antivirus
2012-09-03 09:10 . 2012-09-03 09:10        --------        d--h--w-        c:\users\***\AppData\Local\adawarebp
2012-08-31 08:57 . 2012-08-23 07:15        7022536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FAC971D-94AF-40CC-BBC1-FCC40ED71830}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 13:03 . 2012-05-24 17:50        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-31 13:03 . 2012-05-24 17:50        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-04 14:02 . 2012-08-17 09:09        2047488        ----a-w-        c:\windows\system32\win32k.sys
2012-09-08 16:00 . 2012-09-08 15:59        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-03-17 102400]
"PhilipsSongbirdLauncher"="c:\program files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe" [2010-12-24 346624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2006-06-23 343552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-20 483420]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-16 17:56]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-16 17:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3214568
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - FreeMake Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3228034&SearchSource=2&q=
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{adca5064-9e30-43fe-9856-58b07a3149fe} - (no file)
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-NPSStartup - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-PokerStars.net - c:\program files\PokerStars.NET\PokerStarsUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-27 16:37
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\KERSTI~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-09-27  16:43:32
ComboFix-quarantined-files.txt  2012-09-27 14:43
.
Vor Suchlauf: 6 Verzeichnis(se), 158.434.922.496 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 158.336.360.448 Bytes frei
.
- - End Of File - - 331C5B7A08A947DF4E15C62DDB7BEA2E
[/CODE]
--- --- ---

nachdem combofix fertig war, tauchten meine programme und dateien wieder auf! war das schöööön!!! :Boogie:
schon mal ~vielen dank im voraus für deine hilfe, christoph!~ :)

DerJazzer 27.09.2012 16:56
Hi :)

Norton war also schonmal deinstalliert? Dann war das, was ich im Log gesehen habe nur ein Überbleibsel. Wir sollten Norton also erstmal vollständig entfernen.

Schritt 1

Software mit Revo Uninstaller deinstallieren

Downloade Dir bitte den Revo Uninstaller
  • Doppelklicke auf die revosetup.exe.
  • Installiere das Tool in den vorgegebenen Pfad.
  • Doppelklicke auf das Revo Uninstall Icon.
  • Suche Dir nun folgende Software aus der Code-Box.
    Code:
    Norton Internet Security
    Klicke darauf und bestätige mit Ja.
  • Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
  • Das Tool wird nun nach allen Einträgen auf dem Rechner suchen. Klick auf weiter
  • Klicke auf den Markiere alle Button und klicke auf löschen und bestätige mit Ja.
Bebilderte Anleitung

Starte den Rechner neu auf.


Schritt 2

Lade dir bitte das Norton-Removal-Tool von hier herunter und speichere es auf dem Desktop.
Starte das Tool per Doppelklick und folge den Anweisungen.


Schritt 3

Starte bitte die OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.


Bitte poste in deiner nächsten Antwort
  • OTL.txt & Extras.txt

Schnauf8 27.09.2012 19:35
so, aufträge ausgeführt! :)

OTL Logfile:
Code:
OTL logfile created on: 27.09.2012 19:29:20 - Run 2
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 83,88% Memory free
6,13 Gb Paging File | 5,84 Gb Available in Paging File | 95,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 147,53 Gb Free Space | 66,33% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe ()
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\KERSTI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {EE97B51A-20F2-4B92-BE28-538D5E0DADA1}
IE - HKLM\..\SearchScopes\{19754326-F44E-408D-B052-A7FAE7710AA7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3214568
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {EE97B51A-20F2-4B92-BE28-538D5E0DADA1}
IE - HKCU\..\SearchScopes\{0A44FEC6-37BC-43AB-A054-3E0A1DC07A57}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3214568
IE - HKCU\..\SearchScopes\{19754326-F44E-408D-B052-A7FAE7710AA7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz_keyurl_search/?su="
FF - prefs.js..CommunityToolbar.originalSearchEngine: "data:text/plain,browser.search.defaultenginename=WEB.DE Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "FreeMake Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "FreeMake Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.27 16:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 18:00:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.27 16:09:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 18:00:03 | 000,000,000 | ---D | M]
 
[2010.12.24 19:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.24 19:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.09.20 14:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions
[2011.04.24 16:48:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.18 15:14:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.06.24 16:34:58 | 000,000,000 | ---D | M] (FreeMake Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
[2012.09.03 11:10:28 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011.11.03 15:19:18 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\11-suche.xml
[2012.06.14 16:03:04 | 000,000,919 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\conduit.xml
[2011.11.03 15:19:19 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\englische-ergebnisse.xml
[2011.11.03 15:19:18 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\gmx-suche.xml
[2011.11.03 15:19:19 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\lastminute.xml
[2011.08.13 12:07:35 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\webde-suche.xml
[2012.09.08 18:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.08 17:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.09.08 18:00:01 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.09.20 14:55:57 | 000,616,675 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M5JLYXPV.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.09.08 18:00:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.04 16:08:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.17 21:03:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:46:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.17 21:03:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.17 21:03:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.17 21:03:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.17 21:03:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.09.27 16:37:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PhilipsSongbirdLauncher] C:\Programme\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe ()
O4 - HKLM..\RunOnce: []  File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63B0F2CE-4DF5-4CD8-BD2B-CADF98B5D1B5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD18C66B-7059-4412-A90A-2BF599DCE90B}: DhcpNameServer = 40.2.1.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.27 18:12:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.09.27 18:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012.09.27 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2012.09.27 16:38:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.27 16:36:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.09.27 16:28:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.27 16:28:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.27 16:28:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.27 16:28:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.27 16:27:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.27 16:23:29 | 004,758,332 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.09.27 16:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.09.25 17:58:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{42AED5A9-BF6E-4E45-92F1-49938B2F1471}
[2012.09.25 13:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.09.25 12:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.25 12:37:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.24 15:11:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012.09.24 12:36:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FCB9D587-3975-42A6-A657-03F3D95AFAD4}
[2012.09.24 10:13:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.24 10:13:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.24 10:12:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.24 10:12:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.24 10:12:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.24 10:12:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.24 10:12:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.24 10:12:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.23 13:36:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.09.23 13:33:29 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.09.23 13:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.09.23 13:30:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2012.09.23 12:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.09.23 12:19:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{28CCA128-9C2C-4A0D-99D6-B6BD795F2F75}
[2012.09.20 14:55:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{26C67F8F-2A39-4CD0-A1A0-E50A625D5126}
[2012.09.19 11:23:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{462D0FF6-2C92-41C6-84DB-830835388AA6}
[2012.09.18 12:11:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{208ABD91-D1EA-456D-83F4-66880A7361AD}
[2012.09.17 14:21:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F2170249-F1FA-4D04-A284-4E17051D7CC0}
[2012.09.16 13:07:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8B0E685C-932E-44F2-BD6F-793DDE035217}
[2012.09.15 11:33:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A753310-A4FC-442C-8F9D-10D9EA661638}
[2012.09.14 19:42:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9B9CB375-5727-4696-954B-F7FF2B04B636}
[2012.09.13 13:07:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F038945A-04FD-4C4A-978D-B0068F20A332}
[2012.09.10 18:11:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CF2583C5-05F5-4553-905A-7732C9F488AD}
[2012.09.09 14:26:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{05BF8F1B-4D03-4DCA-8C5E-74050CCD8937}
[2012.09.08 17:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.08 16:23:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EA1FC3F5-FCA9-4410-AA45-3BA68B6B023E}
[2012.09.07 15:09:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B846B9A1-1B25-4E3B-B868-50ABA5F0F592}
[2012.09.06 12:35:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{47A2C824-9060-4190-B4DD-5A655FC66332}
[2012.09.04 12:17:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A0548D6D-367B-4D3D-A034-99A0BEC41509}
[2012.09.03 11:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012.09.03 11:10:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp
[2012.09.03 10:39:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{83955893-EF53-4D60-BBAE-8E114CBA9549}
[2012.09.02 11:59:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E446985A-97EF-4D7D-A1EA-B9D1827836A1}
[2012.09.01 14:28:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2433A48C-CCBC-4390-B830-48A7FBC046FF}
[2012.08.31 12:11:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{02F0C828-F0E6-4A20-9C5C-9107380E0C31}
[2012.08.31 10:52:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3D8D5071-C871-4422-B70A-59E96F5A43EA}
[2012.08.30 12:45:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7B773C13-2200-4E8C-8621-2C8AE1305118}
[2012.08.29 14:24:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{61E90FF3-F4CC-4B43-B6FC-6796DAC212F4}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.27 19:23:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.27 19:21:35 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 19:21:34 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 19:21:18 | 000,049,399 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.27 19:11:18 | 000,866,592 | ---- | M] () -- C:\Users\***\Desktop\Norton_Removal_Tool.exe
[2012.09.27 19:10:19 | 176,970,403 | ---- | M] () -- C:\Users\***\Desktop\Desktopzeugs.zip
[2012.09.27 18:12:38 | 000,001,057 | ---- | M] () -- C:\Users\***\Desktop\Revo Uninstaller.lnk
[2012.09.27 16:37:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.09.27 16:27:32 | 004,758,332 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.09.27 16:13:53 | 000,008,268 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.09.26 16:53:16 | 296,856,796 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.26 16:48:06 | 000,643,372 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.26 16:48:06 | 000,595,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.26 16:48:06 | 000,131,026 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.26 16:48:06 | 000,103,682 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.25 17:57:06 | 000,000,247 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012.09.25 17:55:57 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.25 17:54:59 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.25 12:37:20 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.24 21:48:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.09.24 15:11:51 | 000,000,152 | ---- | M] () -- C:\ProgramData\-EElJfUSLQMOTZpr
[2012.09.24 15:11:51 | 000,000,144 | ---- | M] () -- C:\ProgramData\-EElJfUSLQMOTZp
[2012.09.24 15:11:50 | 000,000,607 | ---- | M] () -- C:\Users\***\Desktop\File_Recovery.lnk
[2012.09.24 10:11:04 | 000,000,000 | ---- | M] () -- C:\hpfr3320.xml
[2012.09.24 10:08:12 | 000,333,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.23 17:21:46 | 000,043,952 | ---- | M] () -- C:\Users\***\Desktop\Deckblatt.odt
[2012.09.23 14:24:18 | 000,018,812 | ---- | M] () -- C:\Users\***\Desktop\Bewerbung.odt
[2012.09.23 13:36:29 | 000,001,028 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.09.11 12:42:52 | 000,042,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.02 12:02:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.09.02 12:02:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
 
========== Files Created - No Company Name ==========
 
[2012.09.27 19:11:18 | 000,866,592 | ---- | C] () -- C:\Users\***\Desktop\Norton_Removal_Tool.exe
[2012.09.27 18:12:38 | 000,001,057 | ---- | C] () -- C:\Users\***\Desktop\Revo Uninstaller.lnk
[2012.09.27 16:28:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.27 16:28:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.27 16:28:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.27 16:28:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.27 16:28:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.25 12:37:20 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.24 15:11:51 | 000,000,152 | ---- | C] () -- C:\ProgramData\-EElJfUSLQMOTZpr
[2012.09.24 15:11:50 | 000,000,607 | ---- | C] () -- C:\Users\***\Desktop\File_Recovery.lnk
[2012.09.24 15:11:50 | 000,000,144 | ---- | C] () -- C:\ProgramData\-EElJfUSLQMOTZp
[2012.09.23 17:21:44 | 000,043,952 | ---- | C] () -- C:\Users\***\Desktop\Deckblatt.odt
[2012.09.23 14:29:57 | 001,037,574 | ---- | C] () -- C:\Users\***\Desktop\Beurteilungsbogen.jpg
[2012.09.23 14:24:15 | 000,018,812 | ---- | C] () -- C:\Users\***\Desktop\Bewerbung.odt
[2012.09.23 13:36:29 | 000,001,028 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2011.04.24 17:51:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.24 17:51:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.21 20:59:11 | 000,000,120 | ---- | C] () -- C:\ProgramData\~41869064r
[2010.04.26 10:14:14 | 000,008,268 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.10.30 15:21:13 | 000,042,496 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.19 17:22:52 | 000,000,784 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009.07.20 03:23:16 | 000,049,399 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.20 03:10:29 | 000,000,247 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009.07.20 03:06:27 | 000,049,399 | ---- | C] () -- C:\ProgramData\nvModes.dat

< End of report >
--- --- ---



OTL Logfile:
Code:
OTL Extras logfile created on: 27.09.2012 19:29:20 - Run 2
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 83,88% Memory free
6,13 Gb Paging File | 5,84 Gb Available in Paging File | 95,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 147,53 Gb Free Space | 66,33% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB6B60A-686B-4F89-9B4E-F98C2AAFA1BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0F7C5D12-5D17-4B39-8FC0-CE186DC73C93}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1D1CC9D1-2267-4040-A090-A1E04C7F4E2A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A7A3B1F5-905C-4BAC-876F-BA93A085E52E}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CBF11B-490C-4392-B887-5A0AC9608BCA}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{16B61A5F-B4A3-434B-B6AA-6D2A78492A50}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1D188C0B-8DCE-4DB4-A12D-3C3F1AA37559}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2990C36B-3F6D-4BD8-9A13-29C851D96CBC}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{45AA25EE-3C91-44B6-AEF4-92FD06E97264}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{7F652154-42C0-4CC8-BC27-737EB7867AFF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{914A1112-E535-45C1-98FB-6878A68D4AFB}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs65b5.tmp\symnrt.exe |
"{AAB32EC5-44FC-4CF3-8FFE-264C5B7383F0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BEC0135C-D8DE-4471-9D56-A312F55D26EE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{CCDE8CED-79EB-40C5-8F16-393723C60D1F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CD761528-B5E1-4C35-8F84-F59E36F26186}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DEC07384-E503-4226-A683-09D6FFB54BCD}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs65b5.tmp\symnrt.exe |
"{E3B9047B-2CAD-4EC5-A7A8-36E093F222A3}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F9B69B76-5B1F-44DA-85F4-3F8F03BDEB8B}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"TCP Query User{387EA576-F55E-4E57-AD7A-F68D767E8A22}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D5409EDE-2854-45CE-ABA7-A6BBC725DF78}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AVMWLANCLI" = AVM FRITZ!WLAN
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Philips Songbird" = Philips Songbird
"PokerStars" = PokerStars
"Revo Uninstaller" = Revo Uninstaller 1.94
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2011 11:03:38 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.07.2011 05:33:00 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 05:21:29 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 12:33:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 12:36:08 | Computer Name = ***-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
 
Error - 24.07.2011 07:14:09 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.07.2011 03:53:04 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.07.2011 06:21:33 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.07.2011 04:09:37 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.07.2011 06:37:14 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 27.09.2012 12:45:56 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 27.09.2012 12:46:05 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 27.09.2012 12:46:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 27.09.2012 12:46:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 27.09.2012 13:23:49 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 27.09.2012 13:23:56 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 27.09.2012 13:23:59 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 27.09.2012 13:24:00 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 27.09.2012 13:24:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 27.09.2012 13:24:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---

DerJazzer 27.09.2012 20:33
Hi :)

wir sind auf einem guten Weg, allerdings müssen wir noch einige Reste entfernen und ich möchte mir ein paar Ordner auf deinem System genauer anschauen.

Schritt 1
Code:
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2012.09.24 15:11:51 | 000,000,152 | ---- | M] () -- C:\ProgramData\-EElJfUSLQMOTZpr
[2012.09.24 15:11:51 | 000,000,144 | ---- | M] () -- C:\ProgramData\-EElJfUSLQMOTZp

:files
%USERPROFILE%\Desktop\File_Recovery.lnk

:Commands
[emptytemp]
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
    Vista-User mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :dir
    %APPDATA%\Local\{42AED5A9-BF6E-4E45-92F1-49938B2F1471} /s
    %APPDATA%\Local\{28CCA128-9C2C-4A0D-99D6-B6BD795F2F75} /s
    %APPDATA%\Local\{26C67F8F-2A39-4CD0-A1A0-E50A625D5126} /s
    %APPDATA%\Local\{462D0FF6-2C92-41C6-84DB-830835388AA6} /s
    %APPDATA%\Local\{208ABD91-D1EA-456D-83F4-66880A7361AD} /s
    %APPDATA%\Local\{F2170249-F1FA-4D04-A284-4E17051D7CC0} /s
    %APPDATA%\Local\{8B0E685C-932E-44F2-BD6F-793DDE035217} /s
    %APPDATA%\Local\{8A753310-A4FC-442C-8F9D-10D9EA661638} /s
    %APPDATA%\Local\{9B9CB375-5727-4696-954B-F7FF2B04B636} /s
    %APPDATA%\Local\{F038945A-04FD-4C4A-978D-B0068F20A332} /s
    %APPDATA%\Local\{CF2583C5-05F5-4553-905A-7732C9F488AD} /s
    %APPDATA%\Local\{05BF8F1B-4D03-4DCA-8C5E-74050CCD8937} /s
    %APPDATA%\Local\{EA1FC3F5-FCA9-4410-AA45-3BA68B6B023E} /s
    %APPDATA%\Local\{B846B9A1-1B25-4E3B-B868-50ABA5F0F592} /s
    %APPDATA%\Local\{47A2C824-9060-4190-B4DD-5A655FC66332} /s
    %APPDATA%\Local\{A0548D6D-367B-4D3D-A034-99A0BEC41509} /s
    %APPDATA%\Local\{83955893-EF53-4D60-BBAE-8E114CBA9549} /s
    %APPDATA%\Local\{E446985A-97EF-4D7D-A1EA-B9D1827836A1} /s
    %APPDATA%\Local\{2433A48C-CCBC-4390-B830-48A7FBC046FF} /s
    %APPDATA%\Local\{02F0C828-F0E6-4A20-9C5C-9107380E0C31} /s
    %APPDATA%\Local\{3D8D5071-C871-4422-B70A-59E96F5A43EA} /s
    %APPDATA%\Local\{7B773C13-2200-4E8C-8621-2C8AE1305118} /s
    %APPDATA%\Local\{61E90FF3-F4CC-4B43-B6FC-6796DAC212F4} /s
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.


Schritt 3

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste (Deinen Usernamen musst du natürlich zurückeditieren!).
    Code:
     
    C:\Users\***\AppData\Roaming\wklnhst.dat
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.


Schritt 4

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.


Bitte poste in deiner nächsten Antwort
  • OTL-Fixlog
  • SystemLook.txt
  • Link zur Virustotal-Analyse
  • AdwCleaner[R1].txt

Schnauf8 28.09.2012 12:02
hi christoh!

ich hätte zu schritt 3 eine kurze zwischenfrage. und zwar, hattest du geschrieben 'Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.' -nicht, dass ich da etwas falsches mache... du meinst, die von dir erstellte datei, die ich vorher auch schon bei systemlook hineinkopiert habe, oder?:dummguck:

DerJazzer 28.09.2012 12:25
Nein, ich meine diese Datei:
Zitat:
C:\Users\***\AppData\Roaming\wklnhst.dat
:)

Schnauf8 28.09.2012 13:29
puh, also jetzt habe ich alles! :)


Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\ProgramData\-EElJfUSLQMOTZpr moved successfully.
C:\ProgramData\-EElJfUSLQMOTZp moved successfully.
========== FILES ==========
C:\Users\***\Desktop\File_Recovery.lnk moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: BB443B11-7D12-450c-9F85-2D32804655F9
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 21882533 bytes
->Temporary Internet Files folder emptied: 197208251 bytes
->Java cache emptied: 1681254 bytes
->FireFox cache emptied: 66737373 bytes
->Google Chrome cache emptied: 6291024 bytes
->Flash cache emptied: 1149 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2236 bytes
RecycleBin emptied: 957045456 bytes
 
Total Files Cleaned = 1.193,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 09282012_120734

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 12:49 on 28/09/2012 by ***
Administrator - Elevation successful

========== dir ==========

C:\Users\***\AppData\Roaming\Local\{42AED5A9-BF6E-4E45-92F1-49938B2F1471} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{28CCA128-9C2C-4A0D-99D6-B6BD795F2F75} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{26C67F8F-2A39-4CD0-A1A0-E50A625D5126} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{462D0FF6-2C92-41C6-84DB-830835388AA6} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{208ABD91-D1EA-456D-83F4-66880A7361AD} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{F2170249-F1FA-4D04-A284-4E17051D7CC0} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{8B0E685C-932E-44F2-BD6F-793DDE035217} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{8A753310-A4FC-442C-8F9D-10D9EA661638} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{9B9CB375-5727-4696-954B-F7FF2B04B636} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{F038945A-04FD-4C4A-978D-B0068F20A332} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{CF2583C5-05F5-4553-905A-7732C9F488AD} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{05BF8F1B-4D03-4DCA-8C5E-74050CCD8937} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{EA1FC3F5-FCA9-4410-AA45-3BA68B6B023E} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{B846B9A1-1B25-4E3B-B868-50ABA5F0F592} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{47A2C824-9060-4190-B4DD-5A655FC66332} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{A0548D6D-367B-4D3D-A034-99A0BEC41509} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{83955893-EF53-4D60-BBAE-8E114CBA9549} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{E446985A-97EF-4D7D-A1EA-B9D1827836A1} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{2433A48C-CCBC-4390-B830-48A7FBC046FF} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{02F0C828-F0E6-4A20-9C5C-9107380E0C31} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{3D8D5071-C871-4422-B70A-59E96F5A43EA} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{7B773C13-2200-4E8C-8621-2C8AE1305118} - Unable to find folder.

C:\Users\***\AppData\Roaming\Local\{61E90FF3-F4CC-4B43-B6FC-6796DAC212F4} - Unable to find folder.

-= EOF =-

https://www.virustotal.com/file/3abf3302cb62ca56da307ad0663d7b3c9079c66d5bad982a3385e0df2886cffd/analysis/1348834001/


Code:
# AdwCleaner v2.003 - Datei am 09/28/2012 um 14:10:46 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\Conduit.xml
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Users\***\AppData\Local\Conduit
Ordner Gefunden : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\ConduitCommon
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
Ordner Gefunden : C:\Users\***\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\***\AppData\Roaming\widestream

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\WideStream
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Schlüssel Gefunden : HKLM\Software\Conduit

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3214568

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\prefs.js

Gefunden : user_pref("CT3214568..clientLogIsEnabled", false);
Gefunden : user_pref("CT3214568..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT3214568..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT3214568.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT3214568.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT3214568.AppTrackingLastCheckTime", "Mon Jul 23 2012 14:52:41 GMT+0200");
Gefunden : user_pref("CT3214568.BrowserCompStateIsOpen_319764460718209437", true);
Gefunden : user_pref("CT3214568.BrowserCompStateIsOpen_8269647105641600597", true);
Gefunden : user_pref("CT3214568.CTID", "CT3214568");
Gefunden : user_pref("CT3214568.CurrentServerDate", "29-8-2012");
Gefunden : user_pref("CT3214568.DSInstall", true);
Gefunden : user_pref("CT3214568.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT3214568.DialogsGetterLastCheckTime", "Tue Aug 28 2012 13:13:48 GMT+0200");
Gefunden : user_pref("CT3214568.DownloadReferralCookieData", "");
Gefunden : user_pref("CT3214568.FirstServerDate", "24-6-2012");
Gefunden : user_pref("CT3214568.FirstTime", true);
Gefunden : user_pref("CT3214568.FirstTimeFF3", true);
Gefunden : user_pref("CT3214568.FirstTimeHiddenVer", true);
Gefunden : user_pref("CT3214568.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT3214568.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT3214568.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT3214568.HPInstall", true);
Gefunden : user_pref("CT3214568.HasUserGlobalKeys", true);
Gefunden : user_pref("CT3214568.HomePageProtectorEnabled", false);
Gefunden : user_pref("CT3214568.HomepageBeforeUnload", "hxxp://www.google.de/");
Gefunden : user_pref("CT3214568.Initialize", true);
Gefunden : user_pref("CT3214568.InitializeCommonPrefs", true);
Gefunden : user_pref("CT3214568.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT3214568.InstallationType", "Unknown");
Gefunden : user_pref("CT3214568.InstalledDate", "Sun Jun 24 2012 16:35:08 GMT+0200");
Gefunden : user_pref("CT3214568.IsAlertDBUpdated", true);
Gefunden : user_pref("CT3214568.IsGrouping", false);
Gefunden : user_pref("CT3214568.IsInitSetupIni", true);
Gefunden : user_pref("CT3214568.IsMulticommunity", false);
Gefunden : user_pref("CT3214568.IsOpenThankYouPage", false);
Gefunden : user_pref("CT3214568.IsOpenUninstallPage", true);
Gefunden : user_pref("CT3214568.LanguagePackLastCheckTime", "Wed Aug 29 2012 14:25:05 GMT+0200");
Gefunden : user_pref("CT3214568.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT3214568.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT3214568.LastLogin_3.13.0.6", "Wed Aug 29 2012 18:25:06 GMT+0200");
Gefunden : user_pref("CT3214568.LatestVersion", "3.13.0.6");
Gefunden : user_pref("CT3214568.Locale", "en");
Gefunden : user_pref("CT3214568.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT3214568.MCDetectTooltipShow", false);
Gefunden : user_pref("CT3214568.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT3214568.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT3214568.MyStuffComponents319764460718209437", false);
Gefunden : user_pref("CT3214568.MyStuffComponents8269647105641600597", false);
Gefunden : user_pref("CT3214568.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT3214568.OriginalFirstVersion", "3.13.0.6");
Gefunden : user_pref("CT3214568.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT3214568.SavedHomepage", "hxxp://www.google.de/");
Gefunden : user_pref("CT3214568.SearchCaption", "FreeMake Customized Web Search");
Gefunden : user_pref("CT3214568.SearchEngineBeforeUnload", "FreeMake Customized Web Search");
Gefunden : user_pref("CT3214568.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT3214568.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Gefunden : user_pref("CT3214568.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT3214568.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT3214568.SearchInNewTabLastCheckTime", "Wed Aug 29 2012 14:25:03 GMT+0200");
Gefunden : user_pref("CT3214568.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT3214568.SearchProtectorEnabled", true);
Gefunden : user_pref("CT3214568.SearchProtectorToolbarDisabled", false);
Gefunden : user_pref("CT3214568.SendProtectorDataViaLogin", true);
Gefunden : user_pref("CT3214568.ServiceMapLastCheckTime", "Wed Aug 29 2012 14:25:05 GMT+0200");
Gefunden : user_pref("CT3214568.SettingsLastCheckTime", "Wed Aug 29 2012 18:06:04 GMT+0200");
Gefunden : user_pref("CT3214568.SettingsLastUpdate", "1346236165");
Gefunden : user_pref("CT3214568.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3228034&SearchSource=13");
Gefunden : user_pref("CT3214568.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT3214568.ThirdPartyComponentsLastCheck", "Fri Aug 10 2012 14:27:54 GMT+0200");
Gefunden : user_pref("CT3214568.ThirdPartyComponentsLastUpdate", "1331805997");
Gefunden : user_pref("CT3214568.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT3214568.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3228034");
Gefunden : user_pref("CT3214568.UserID", "UN16606431098529617");
Gefunden : user_pref("CT3214568.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT3214568.alertChannelId", "1663835");
Gefunden : user_pref("CT3214568.approveUntrustedApps", false);
Gefunden : user_pref("CT3214568.backendstorage.appsjson", "7B2261707073223A5B7B226E616D65223A2266616365626F6F6B[...]
Gefunden : user_pref("CT3214568.backendstorage.appsjsonlastdate", "31333430373134313930363535");
Gefunden : user_pref("CT3214568.backendstorage.conduitbarfacebook", "696E7374616C6C6564");
Gefunden : user_pref("CT3214568.backendstorage.conduitbartwitter", "696E7374616C6C6564");
Gefunden : user_pref("CT3214568.backendstorage.dateinstalled", "31333430353535373535373533");
Gefunden : user_pref("CT3214568.backendstorage.facebook_mode", "32");
Gefunden : user_pref("CT3214568.backendstorage.facebook_user_locale", "6465");
Gefunden : user_pref("CT3214568.backendstorage.freeridegames_install", "74727565");
Gefunden : user_pref("CT3214568.backendstorage.twitter_autostart", "74727565");
Gefunden : user_pref("CT3214568.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Gefunden : user_pref("CT3214568.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "74727565");
Gefunden : user_pref("CT3214568.components.129840570688671726", false);
Gefunden : user_pref("CT3214568.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT3214568.globalFirstTimeInfoLastCheckTime", "Wed Aug 22 2012 13:03:57 GMT+0200");
Gefunden : user_pref("CT3214568.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT3214568.initDone", true);
Gefunden : user_pref("CT3214568.isAppTrackingManagerOn", false);
Gefunden : user_pref("CT3214568.myStuffEnabled", true);
Gefunden : user_pref("CT3214568.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT3214568.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT3214568.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT3214568.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT3214568.navigateToUrlOnSearch", false);
Gefunden : user_pref("CT3214568.oldAppsList", "129838005547975573,129838005549538074,111,129840570688671726,129[...]
Gefunden : user_pref("CT3214568.revertSettingsEnabled", true);
Gefunden : user_pref("CT3214568.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT3214568.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT3214568.testingCtid", "CT3228034");
Gefunden : user_pref("CT3214568.toolbarAppMetaDataLastCheckTime", "Wed Aug 29 2012 14:25:05 GMT+0200");
Gefunden : user_pref("CT3214568.usagesFlag", 2);
Gefunden : user_pref("CT3228034.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT3228034.autoDisableScopes", -1);
Gefunden : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3228034&Search[...]
Gefunden : user_pref("CommunityToolbar.ConduitSearchList", "FreeMake Customized Web Search");
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3228034/CT3228034[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1112915/1108619/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1204467/1200144/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1663835/1656360/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3228034", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3228034",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"e38[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\***\\AppData\\Roaming\\Mo[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://go.we[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT3214568");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT3214568");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT3214568");
Gefunden : user_pref("CommunityToolbar.globalUserId", "a73bf984-83bd-48ea-886e-531d8a961d37");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3214568");
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Aug 25 2012 14:31:2[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Aug 29 2012 14:25:13 GMT+020[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Aug 29 2012 14:25:05 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "5b97a227-cfc2-466a-bb14-16a4ef5782ec");
Gefunden : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.de/");
Gefunden : user_pref("CommunityToolbar.originalSearchEngine", "data:text/plain,browser.search.defaultenginename[...]
Gefunden : user_pref("browser.search.defaultthis.engineName", "FreeMake Customized Web Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&Sea[...]
Gefunden : user_pref("browser.search.selectedEngine", "FreeMake Customized Web Search");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.175] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48" ]
Gefunden [l.177] : homepage = "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48",

*************************

AdwCleaner[R1].txt - [14813 octets] - [28/09/2012 14:10:46]

########## EOF - C:\AdwCleaner[R1].txt - [14874 octets] ##########

DerJazzer 28.09.2012 14:01
Hi :)

bitte mache Folgendes:

Schritt 1
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.


Schritt 2

Starte bitte die OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.


Bitte poste in deiner nächsten Antwort
  • AdwCleaner[S1].txt
  • OTL.txt & Extras.txt

Schnauf8 28.09.2012 16:02
Code:
# AdwCleaner v2.003 - Datei am 09/28/2012 um 15:21:24 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\ConduitCommon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\***\AppData\Roaming\widestream

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\WideStream
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Schlüssel Gelöscht : HKLM\Software\Conduit

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3214568 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT3214568..clientLogIsEnabled", false);
Gelöscht : user_pref("CT3214568..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT3214568..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT3214568.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT3214568.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT3214568.AppTrackingLastCheckTime", "Mon Jul 23 2012 14:52:41 GMT+0200");
Gelöscht : user_pref("CT3214568.BrowserCompStateIsOpen_319764460718209437", true);
Gelöscht : user_pref("CT3214568.BrowserCompStateIsOpen_8269647105641600597", true);
Gelöscht : user_pref("CT3214568.CTID", "CT3214568");
Gelöscht : user_pref("CT3214568.CurrentServerDate", "29-8-2012");
Gelöscht : user_pref("CT3214568.DSInstall", true);
Gelöscht : user_pref("CT3214568.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT3214568.DialogsGetterLastCheckTime", "Tue Aug 28 2012 13:13:48 GMT+0200");
Gelöscht : user_pref("CT3214568.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT3214568.FirstServerDate", "24-6-2012");
Gelöscht : user_pref("CT3214568.FirstTime", true);
Gelöscht : user_pref("CT3214568.FirstTimeFF3", true);
Gelöscht : user_pref("CT3214568.FirstTimeHiddenVer", true);
Gelöscht : user_pref("CT3214568.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT3214568.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT3214568.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT3214568.HPInstall", true);
Gelöscht : user_pref("CT3214568.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT3214568.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT3214568.HomepageBeforeUnload", "hxxp://www.google.de/");
Gelöscht : user_pref("CT3214568.Initialize", true);
Gelöscht : user_pref("CT3214568.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT3214568.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT3214568.InstallationType", "Unknown");
Gelöscht : user_pref("CT3214568.InstalledDate", "Sun Jun 24 2012 16:35:08 GMT+0200");
Gelöscht : user_pref("CT3214568.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT3214568.IsGrouping", false);
Gelöscht : user_pref("CT3214568.IsInitSetupIni", true);
Gelöscht : user_pref("CT3214568.IsMulticommunity", false);
Gelöscht : user_pref("CT3214568.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT3214568.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT3214568.LanguagePackLastCheckTime", "Wed Aug 29 2012 14:25:05 GMT+0200");
Gelöscht : user_pref("CT3214568.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT3214568.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT3214568.LastLogin_3.13.0.6", "Wed Aug 29 2012 18:25:06 GMT+0200");
Gelöscht : user_pref("CT3214568.LatestVersion", "3.13.0.6");
Gelöscht : user_pref("CT3214568.Locale", "en");
Gelöscht : user_pref("CT3214568.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT3214568.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT3214568.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT3214568.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT3214568.MyStuffComponents319764460718209437", false);
Gelöscht : user_pref("CT3214568.MyStuffComponents8269647105641600597", false);
Gelöscht : user_pref("CT3214568.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT3214568.OriginalFirstVersion", "3.13.0.6");
Gelöscht : user_pref("CT3214568.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT3214568.SavedHomepage", "hxxp://www.google.de/");
Gelöscht : user_pref("CT3214568.SearchCaption", "FreeMake Customized Web Search");
Gelöscht : user_pref("CT3214568.SearchEngineBeforeUnload", "FreeMake Customized Web Search");
Gelöscht : user_pref("CT3214568.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT3214568.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Gelöscht : user_pref("CT3214568.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT3214568.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT3214568.SearchInNewTabLastCheckTime", "Wed Aug 29 2012 14:25:03 GMT+0200");
Gelöscht : user_pref("CT3214568.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT3214568.SearchProtectorEnabled", true);
Gelöscht : user_pref("CT3214568.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT3214568.SendProtectorDataViaLogin", true);
Gelöscht : user_pref("CT3214568.ServiceMapLastCheckTime", "Wed Aug 29 2012 14:25:05 GMT+0200");
Gelöscht : user_pref("CT3214568.SettingsLastCheckTime", "Wed Aug 29 2012 18:06:04 GMT+0200");
Gelöscht : user_pref("CT3214568.SettingsLastUpdate", "1346236165");
Gelöscht : user_pref("CT3214568.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3228034&SearchSource=13");
Gelöscht : user_pref("CT3214568.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT3214568.ThirdPartyComponentsLastCheck", "Fri Aug 10 2012 14:27:54 GMT+0200");
Gelöscht : user_pref("CT3214568.ThirdPartyComponentsLastUpdate", "1331805997");
Gelöscht : user_pref("CT3214568.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT3214568.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3228034");
Gelöscht : user_pref("CT3214568.UserID", "UN16606431098529617");
Gelöscht : user_pref("CT3214568.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT3214568.alertChannelId", "1663835");
Gelöscht : user_pref("CT3214568.approveUntrustedApps", false);
Gelöscht : user_pref("CT3214568.backendstorage.appsjson", "7B2261707073223A5B7B226E616D65223A2266616365626F6F6B[...]
Gelöscht : user_pref("CT3214568.backendstorage.appsjsonlastdate", "31333430373134313930363535");
Gelöscht : user_pref("CT3214568.backendstorage.conduitbarfacebook", "696E7374616C6C6564");
Gelöscht : user_pref("CT3214568.backendstorage.conduitbartwitter", "696E7374616C6C6564");
Gelöscht : user_pref("CT3214568.backendstorage.dateinstalled", "31333430353535373535373533");
Gelöscht : user_pref("CT3214568.backendstorage.facebook_mode", "32");
Gelöscht : user_pref("CT3214568.backendstorage.facebook_user_locale", "6465");
Gelöscht : user_pref("CT3214568.backendstorage.freeridegames_install", "74727565");
Gelöscht : user_pref("CT3214568.backendstorage.twitter_autostart", "74727565");
Gelöscht : user_pref("CT3214568.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Gelöscht : user_pref("CT3214568.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "74727565");
Gelöscht : user_pref("CT3214568.components.129840570688671726", false);
Gelöscht : user_pref("CT3214568.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT3214568.globalFirstTimeInfoLastCheckTime", "Wed Aug 22 2012 13:03:57 GMT+0200");
Gelöscht : user_pref("CT3214568.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT3214568.initDone", true);
Gelöscht : user_pref("CT3214568.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT3214568.myStuffEnabled", true);
Gelöscht : user_pref("CT3214568.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT3214568.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT3214568.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT3214568.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT3214568.navigateToUrlOnSearch", false);
Gelöscht : user_pref("CT3214568.oldAppsList", "129838005547975573,129838005549538074,111,129840570688671726,129[...]
Gelöscht : user_pref("CT3214568.revertSettingsEnabled", true);
Gelöscht : user_pref("CT3214568.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT3214568.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT3214568.testingCtid", "CT3228034");
Gelöscht : user_pref("CT3214568.toolbarAppMetaDataLastCheckTime", "Wed Aug 29 2012 14:25:05 GMT+0200");
Gelöscht : user_pref("CT3214568.usagesFlag", 2);
Gelöscht : user_pref("CT3228034.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT3228034.autoDisableScopes", -1);
Gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3228034&Search[...]
Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "FreeMake Customized Web Search");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3228034/CT3228034[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1112915/1108619/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1204467/1200144/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1663835/1656360/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3228034", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3228034",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"e38[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\***\\AppData\\Roaming\\Mo[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://go.we[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT3214568");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT3214568");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT3214568");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "a73bf984-83bd-48ea-886e-531d8a961d37");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3214568");
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Aug 25 2012 14:31:2[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Aug 29 2012 14:25:13 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Aug 29 2012 14:25:05 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "5b97a227-cfc2-466a-bb14-16a4ef5782ec");
Gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.de/");
Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "data:text/plain,browser.search.defaultenginename[...]
Gelöscht : user_pref("browser.search.defaultthis.engineName", "FreeMake Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&Sea[...]
Gelöscht : user_pref("browser.search.selectedEngine", "FreeMake Customized Web Search");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.175] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48" ]
Gelöscht [l.177] : homepage = "hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48",

*************************

AdwCleaner[R1].txt - [14816 octets] - [28/09/2012 14:10:46]
AdwCleaner[S1].txt - [15508 octets] - [28/09/2012 15:21:24]

########## EOF - C:\AdwCleaner[S1].txt - [15569 octets] ##########


OTL Logfile:
Code:
OTL Extras logfile created on: 28.09.2012 15:41:20 - Run 3
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 85,56% Memory free
6,13 Gb Paging File | 5,89 Gb Available in Paging File | 96,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 147,01 Gb Free Space | 66,10% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB6B60A-686B-4F89-9B4E-F98C2AAFA1BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0F7C5D12-5D17-4B39-8FC0-CE186DC73C93}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1D1CC9D1-2267-4040-A090-A1E04C7F4E2A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A7A3B1F5-905C-4BAC-876F-BA93A085E52E}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CBF11B-490C-4392-B887-5A0AC9608BCA}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{16B61A5F-B4A3-434B-B6AA-6D2A78492A50}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1D188C0B-8DCE-4DB4-A12D-3C3F1AA37559}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2990C36B-3F6D-4BD8-9A13-29C851D96CBC}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{45AA25EE-3C91-44B6-AEF4-92FD06E97264}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{7F652154-42C0-4CC8-BC27-737EB7867AFF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{914A1112-E535-45C1-98FB-6878A68D4AFB}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs65b5.tmp\symnrt.exe |
"{AAB32EC5-44FC-4CF3-8FFE-264C5B7383F0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BEC0135C-D8DE-4471-9D56-A312F55D26EE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{CCDE8CED-79EB-40C5-8F16-393723C60D1F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CD761528-B5E1-4C35-8F84-F59E36F26186}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DEC07384-E503-4226-A683-09D6FFB54BCD}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs65b5.tmp\symnrt.exe |
"{E3B9047B-2CAD-4EC5-A7A8-36E093F222A3}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F9B69B76-5B1F-44DA-85F4-3F8F03BDEB8B}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"TCP Query User{387EA576-F55E-4E57-AD7A-F68D767E8A22}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D5409EDE-2854-45CE-ABA7-A6BBC725DF78}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AVMWLANCLI" = AVM FRITZ!WLAN
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Philips Songbird" = Philips Songbird
"PokerStars" = PokerStars
"Revo Uninstaller" = Revo Uninstaller 1.94
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.07.2011 11:43:13 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2011 03:47:12 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2011 06:13:48 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2011 11:03:38 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.07.2011 05:33:00 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 05:21:29 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 12:33:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 12:36:08 | Computer Name = ***-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
 
Error - 24.07.2011 07:14:09 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.07.2011 03:53:04 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 28.09.2012 06:12:03 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 28.09.2012 06:12:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 28.09.2012 06:12:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 28.09.2012 06:34:24 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 28.09.2012 09:25:28 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 28.09.2012 09:25:34 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 28.09.2012 09:25:38 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 28.09.2012 09:25:46 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 28.09.2012 09:26:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 28.09.2012 09:26:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---




OTL Logfile:
Code:
OTL logfile created on: 28.09.2012 15:41:20 - Run 3
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 85,56% Memory free
6,13 Gb Paging File | 5,89 Gb Available in Paging File | 96,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 147,01 Gb Free Space | 66,10% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe ()
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\KERSTI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{19754326-F44E-408D-B052-A7FAE7710AA7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0A44FEC6-37BC-43AB-A054-3E0A1DC07A57}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3214568
IE - HKCU\..\SearchScopes\{19754326-F44E-408D-B052-A7FAE7710AA7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.27 16:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 18:00:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.27 16:09:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 18:00:03 | 000,000,000 | ---D | M]
 
[2010.12.24 19:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.24 19:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.09.28 15:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions
[2011.04.24 16:48:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.18 15:14:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.09.03 11:10:28 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011.11.03 15:19:18 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\11-suche.xml
[2011.11.03 15:19:19 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\englische-ergebnisse.xml
[2011.11.03 15:19:18 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\gmx-suche.xml
[2011.11.03 15:19:19 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\lastminute.xml
[2011.08.13 12:07:35 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\webde-suche.xml
[2012.09.08 18:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.08 17:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.09.08 18:00:01 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M5JLYXPV.DEFAULT\EXTENSIONS\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
[2012.09.20 14:55:57 | 000,616,675 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M5JLYXPV.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.09.08 18:00:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.04 16:08:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.17 21:03:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:46:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.17 21:03:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.17 21:03:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.17 21:03:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.17 21:03:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.09.27 16:37:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PhilipsSongbirdLauncher] C:\Programme\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe ()
O4 - HKLM..\RunOnce: []  File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\Kerstin Janke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63B0F2CE-4DF5-4CD8-BD2B-CADF98B5D1B5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD18C66B-7059-4412-A90A-2BF599DCE90B}: DhcpNameServer = 40.2.1.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.28 12:07:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.27 18:12:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.09.27 18:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012.09.27 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2012.09.27 16:38:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.27 16:36:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.09.27 16:28:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.27 16:28:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.27 16:28:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.27 16:28:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.27 16:27:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.27 16:23:29 | 004,758,332 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.09.27 16:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.09.25 17:58:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{42AED5A9-BF6E-4E45-92F1-49938B2F1471}
[2012.09.25 13:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.09.25 12:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.25 12:37:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.24 15:11:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012.09.24 12:36:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FCB9D587-3975-42A6-A657-03F3D95AFAD4}
[2012.09.24 10:13:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.24 10:13:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.24 10:12:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.24 10:12:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.24 10:12:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.24 10:12:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.24 10:12:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.24 10:12:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.23 13:36:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.09.23 13:33:29 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.09.23 13:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.09.23 13:30:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2012.09.23 12:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.09.23 12:19:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{28CCA128-9C2C-4A0D-99D6-B6BD795F2F75}
[2012.09.20 14:55:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{26C67F8F-2A39-4CD0-A1A0-E50A625D5126}
[2012.09.19 11:23:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{462D0FF6-2C92-41C6-84DB-830835388AA6}
[2012.09.18 12:11:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{208ABD91-D1EA-456D-83F4-66880A7361AD}
[2012.09.17 14:21:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F2170249-F1FA-4D04-A284-4E17051D7CC0}
[2012.09.16 13:07:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8B0E685C-932E-44F2-BD6F-793DDE035217}
[2012.09.15 11:33:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A753310-A4FC-442C-8F9D-10D9EA661638}
[2012.09.14 19:42:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9B9CB375-5727-4696-954B-F7FF2B04B636}
[2012.09.13 13:07:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F038945A-04FD-4C4A-978D-B0068F20A332}
[2012.09.10 18:11:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CF2583C5-05F5-4553-905A-7732C9F488AD}
[2012.09.09 14:26:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{05BF8F1B-4D03-4DCA-8C5E-74050CCD8937}
[2012.09.08 17:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.08 16:23:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EA1FC3F5-FCA9-4410-AA45-3BA68B6B023E}
[2012.09.07 15:09:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B846B9A1-1B25-4E3B-B868-50ABA5F0F592}
[2012.09.06 12:35:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{47A2C824-9060-4190-B4DD-5A655FC66332}
[2012.09.04 12:17:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A0548D6D-367B-4D3D-A034-99A0BEC41509}
[2012.09.03 11:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012.09.03 11:10:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp
[2012.09.03 10:39:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{83955893-EF53-4D60-BBAE-8E114CBA9549}
[2012.09.02 11:59:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E446985A-97EF-4D7D-A1EA-B9D1827836A1}
[2012.09.01 14:28:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2433A48C-CCBC-4390-B830-48A7FBC046FF}
[2012.08.31 12:11:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{02F0C828-F0E6-4A20-9C5C-9107380E0C31}
[2012.08.31 10:52:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3D8D5071-C871-4422-B70A-59E96F5A43EA}
[2012.08.30 12:45:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7B773C13-2200-4E8C-8621-2C8AE1305118}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.28 15:38:03 | 1060,445,980 | ---- | M] () -- C:\Users\***\Desktop\Desktopzeugs.zip
[2012.09.28 15:24:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.28 15:23:38 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 15:23:38 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 15:23:28 | 000,049,399 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.28 11:58:09 | 000,008,268 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.09.27 19:11:18 | 000,866,592 | ---- | M] () -- C:\Users\***\Desktop\Norton_Removal_Tool.exe
[2012.09.27 18:12:38 | 000,001,057 | ---- | M] () -- C:\Users\***\Desktop\Revo Uninstaller.lnk
[2012.09.27 16:37:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.09.27 16:27:32 | 004,758,332 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.09.26 16:53:16 | 296,856,796 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.26 16:48:06 | 000,643,372 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.26 16:48:06 | 000,595,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.26 16:48:06 | 000,131,026 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.26 16:48:06 | 000,103,682 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.25 17:57:06 | 000,000,247 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012.09.25 17:55:57 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.25 17:54:59 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.25 12:37:20 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.24 21:48:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.09.24 10:11:04 | 000,000,000 | ---- | M] () -- C:\hpfr3320.xml
[2012.09.24 10:08:12 | 000,333,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.23 17:21:46 | 000,043,952 | ---- | M] () -- C:\Users\***\Desktop\Deckblatt.odt
[2012.09.23 14:24:18 | 000,018,812 | ---- | M] () -- C:\Users\***\Desktop\Bewerbung.odt
[2012.09.23 13:36:29 | 000,001,028 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.09.11 12:42:52 | 000,042,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.02 12:02:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.09.02 12:02:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
 
========== Files Created - No Company Name ==========
 
[2012.09.27 19:11:18 | 000,866,592 | ---- | C] () -- C:\Users\***\Desktop\Norton_Removal_Tool.exe
[2012.09.27 18:12:38 | 000,001,057 | ---- | C] () -- C:\Users\***\Desktop\Revo Uninstaller.lnk
[2012.09.27 16:28:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.27 16:28:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.27 16:28:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.27 16:28:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.27 16:28:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.25 12:37:20 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.23 17:21:44 | 000,043,952 | ---- | C] () -- C:\Users\***\Desktop\Deckblatt.odt
[2012.09.23 14:29:57 | 001,037,574 | ---- | C] () -- C:\Users\***\Desktop\Beurteilungsbogen.jpg
[2012.09.23 14:24:15 | 000,018,812 | ---- | C] () -- C:\Users\***\Desktop\Bewerbung.odt
[2012.09.23 13:36:29 | 000,001,028 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2011.04.24 17:51:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.24 17:51:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.21 20:59:11 | 000,000,120 | ---- | C] () -- C:\ProgramData\~41869064r
[2010.04.26 10:14:14 | 000,008,268 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.10.30 15:21:13 | 000,042,496 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.19 17:22:52 | 000,000,784 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009.07.20 03:23:16 | 000,049,399 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.20 03:10:29 | 000,000,247 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009.07.20 03:06:27 | 000,049,399 | ---- | C] () -- C:\ProgramData\nvModes.dat

< End of report >
--- --- ---

DerJazzer 28.09.2012 17:03
Hi :)

sieht gut aus. Wir sollten das aber nochmal kontrollieren ;)

Mir ist aufgefallen, dass du bisher alles im Abgesicherten Modus ausgeführt hast. Bitte versuche Folgendes im Normalen Modus und berichte, ob der Normale Modus wieder besser funktioniert.

Schritt 1
Code:
:OTL
IE - HKCU\..\SearchScopes\{0A44FEC6-37BC-43AB-A054-3E0A1DC07A57}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3214568
IE - HKCU\..\SearchScopes\{19754326-F44E-408D-B052-A7FAE7710AA7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{19754326-F44E-408D-B052-A7FAE7710AA7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
[2011.04.21 20:59:11 | 000,000,120 | ---- | C] () -- C:\ProgramData\~41869064r
:services
Lavasoft Kernexplorer
:files
%APPDATA%\Local\{42AED5A9-BF6E-4E45-92F1-49938B2F1471} 
%APPDATA%\Local\{28CCA128-9C2C-4A0D-99D6-B6BD795F2F75} 
%APPDATA%\Local\{26C67F8F-2A39-4CD0-A1A0-E50A625D5126} 
%APPDATA%\Local\{462D0FF6-2C92-41C6-84DB-830835388AA6} 
%APPDATA%\Local\{208ABD91-D1EA-456D-83F4-66880A7361AD} 
%APPDATA%\Local\{F2170249-F1FA-4D04-A284-4E17051D7CC0} 
%APPDATA%\Local\{8B0E685C-932E-44F2-BD6F-793DDE035217} 
%APPDATA%\Local\{8A753310-A4FC-442C-8F9D-10D9EA661638} 
%APPDATA%\Local\{9B9CB375-5727-4696-954B-F7FF2B04B636} 
%APPDATA%\Local\{F038945A-04FD-4C4A-978D-B0068F20A332} 
%APPDATA%\Local\{CF2583C5-05F5-4553-905A-7732C9F488AD} 
%APPDATA%\Local\{05BF8F1B-4D03-4DCA-8C5E-74050CCD8937} 
%APPDATA%\Local\{EA1FC3F5-FCA9-4410-AA45-3BA68B6B023E} 
%APPDATA%\Local\{B846B9A1-1B25-4E3B-B868-50ABA5F0F592} 
%APPDATA%\Local\{47A2C824-9060-4190-B4DD-5A655FC66332} 
%APPDATA%\Local\{A0548D6D-367B-4D3D-A034-99A0BEC41509} 
%APPDATA%\Local\{83955893-EF53-4D60-BBAE-8E114CBA9549} 
%APPDATA%\Local\{E446985A-97EF-4D7D-A1EA-B9D1827836A1} 
%APPDATA%\Local\{2433A48C-CCBC-4390-B830-48A7FBC046FF} 
%APPDATA%\Local\{02F0C828-F0E6-4A20-9C5C-9107380E0C31} 
%APPDATA%\Local\{3D8D5071-C871-4422-B70A-59E96F5A43EA} 
%APPDATA%\Local\{7B773C13-2200-4E8C-8621-2C8AE1305118} 
%APPDATA%\Local\{61E90FF3-F4CC-4B43-B6FC-6796DAC212F4} 

:Commands
[emptytemp]
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2

Malwarebytes
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter "Log Dateien" finden.


Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 4

Starte bitte die OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.


Bitte poste in deiner nächsten Antwort
  • OTL-Fixlog
  • Malwarebytes-Log
  • Eset-Log
  • OTL.txt & Extras.txt

Schnauf8 28.09.2012 17:52
zu schritt 2 hätte ich nochmal eben kurz eine frage. :dummguck:
und zwar habe ich jetzt eben mit malwarebytes gescannt und es kamen keine neuen funde dabei raus. aber, ich habe ja noch die 17 gefunden objekte vom anfang in der quarantäne. soll ich diese jetzt löschen?

DerJazzer 29.09.2012 17:09
Hi :)

Im ersten Post seh ich nur 7 Funde, wo kommen die 10 anderen her? Lass sie bitte erstmal in Quarantäne :)

Poste mir bitte außerdem alle vorhandenen Malwarebytes-Logs zusätzlich zu den in meinem letzten Posts geforderten Logfiles.

Schnauf8 30.09.2012 14:21
hallo christoph :)

im normalen modus sieht alles wieder oke aus, nur der desktop ist noch schwarz. nachdem wir norten gelöscht hatten, habe ich mir wieder avast! antivirus auf den laptop geladen. nur damit du bescheid weisst! :)

Code:
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A44FEC6-37BC-43AB-A054-3E0A1DC07A57}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A44FEC6-37BC-43AB-A054-3E0A1DC07A57}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19754326-F44E-408D-B052-A7FAE7710AA7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19754326-F44E-408D-B052-A7FAE7710AA7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19754326-F44E-408D-B052-A7FAE7710AA7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19754326-F44E-408D-B052-A7FAE7710AA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE97B51A-20F2-4B92-BE28-538D5E0DADA1}\ not found.
C:\ProgramData\~41869064r moved successfully.
========== SERVICES/DRIVERS ==========
Service Lavasoft Kernexplorer stopped successfully!
Service Lavasoft Kernexplorer deleted successfully!
========== FILES ==========
File/Folder C:\Users\***\AppData\Roaming\Local\{42AED5A9-BF6E-4E45-92F1-49938B2F1471} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{28CCA128-9C2C-4A0D-99D6-B6BD795F2F75} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{26C67F8F-2A39-4CD0-A1A0-E50A625D5126} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{462D0FF6-2C92-41C6-84DB-830835388AA6} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{208ABD91-D1EA-456D-83F4-66880A7361AD} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{F2170249-F1FA-4D04-A284-4E17051D7CC0} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{8B0E685C-932E-44F2-BD6F-793DDE035217} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{8A753310-A4FC-442C-8F9D-10D9EA661638} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{9B9CB375-5727-4696-954B-F7FF2B04B636} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{F038945A-04FD-4C4A-978D-B0068F20A332} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{CF2583C5-05F5-4553-905A-7732C9F488AD} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{05BF8F1B-4D03-4DCA-8C5E-74050CCD8937} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{EA1FC3F5-FCA9-4410-AA45-3BA68B6B023E} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{B846B9A1-1B25-4E3B-B868-50ABA5F0F592} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{47A2C824-9060-4190-B4DD-5A655FC66332} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{A0548D6D-367B-4D3D-A034-99A0BEC41509} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{83955893-EF53-4D60-BBAE-8E114CBA9549} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{E446985A-97EF-4D7D-A1EA-B9D1827836A1} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{2433A48C-CCBC-4390-B830-48A7FBC046FF} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{02F0C828-F0E6-4A20-9C5C-9107380E0C31} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{3D8D5071-C871-4422-B70A-59E96F5A43EA} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{7B773C13-2200-4E8C-8621-2C8AE1305118} not found.
File/Folder C:\Users\***\AppData\Roaming\Local\{61E90FF3-F4CC-4B43-B6FC-6796DAC212F4} not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: BB443B11-7D12-450c-9F85-2D32804655F9
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 64883 bytes
->Temporary Internet Files folder emptied: 7940210 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7697665 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1026795 bytes
 
Total Files Cleaned = 16,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 09282012_182639

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\***\AppData\Local\Temp\ehmsas.txt not found!

Registry entries deleted on Reboot...

Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.29.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Aktiviert

30.09.2012 11:21:07
mbam-log-2012-09-30 (11-21-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204210
Laufzeit: 9 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:
C:\Users\***\Downloads\vlc-1.1.5-win32(2).exe        Win32/StartPage.OIE trojan
C:\Users\***\Downloads\vlc-1.1.5-win32.exe.part        Win32/StartPage.OIE trojan

OTL Logfile:
Code:
OTL logfile created on: 30.09.2012 14:24:23 - Run 4
OTL by OldTimer - Version 3.2.55.0    Folder = c:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 53,69% Memory free
6,15 Gb Paging File | 4,82 Gb Available in Paging File | 78,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 140,79 Gb Free Space | 63,30% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe ()
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\SMINST\BLService.exe ()
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe ()
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\KERSTI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}
IE - HKCU\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.28 20:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.27 16:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 18:00:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.27 16:09:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 18:00:03 | 000,000,000 | ---D | M]
 
[2010.12.24 19:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.24 19:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.09.28 15:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions
[2011.04.24 16:48:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.18 15:14:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.09.03 11:10:28 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011.11.03 15:19:18 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\11-suche.xml
[2011.11.03 15:19:19 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\englische-ergebnisse.xml
[2011.11.03 15:19:18 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\gmx-suche.xml
[2011.11.03 15:19:19 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\lastminute.xml
[2011.08.13 12:07:35 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\webde-suche.xml
[2012.09.08 18:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.08 17:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.09.08 18:00:01 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.09.20 14:55:57 | 000,616,675 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M5JLYXPV.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.09.08 18:00:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.04 16:08:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.17 21:03:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:46:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.17 21:03:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.17 21:03:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.17 21:03:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.17 21:03:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.09.27 16:37:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PhilipsSongbirdLauncher] C:\Programme\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63B0F2CE-4DF5-4CD8-BD2B-CADF98B5D1B5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD18C66B-7059-4412-A90A-2BF599DCE90B}: DhcpNameServer = 40.2.1.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.30 12:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.30 12:05:43 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.09.28 20:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.09.28 20:59:06 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.09.28 20:59:06 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.09.28 20:59:03 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.09.28 20:59:03 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.09.28 20:59:00 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.09.28 20:58:59 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.09.28 20:58:31 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.09.28 20:58:31 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.09.28 12:07:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.27 18:12:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.09.27 18:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012.09.27 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2012.09.27 16:38:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.27 16:36:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.09.27 16:28:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.27 16:28:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.27 16:28:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.27 16:28:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.27 16:27:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.27 16:23:29 | 004,758,332 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.09.27 16:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.09.25 17:58:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{42AED5A9-BF6E-4E45-92F1-49938B2F1471}
[2012.09.25 13:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.09.25 12:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.25 12:37:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.24 15:11:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012.09.24 12:36:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FCB9D587-3975-42A6-A657-03F3D95AFAD4}
[2012.09.24 10:13:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.24 10:13:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.24 10:12:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.24 10:12:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.24 10:12:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.24 10:12:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.24 10:12:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.24 10:12:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.23 13:36:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.09.23 13:33:29 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.09.23 13:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.09.23 13:30:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2012.09.23 12:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.09.23 12:19:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{28CCA128-9C2C-4A0D-99D6-B6BD795F2F75}
[2012.09.20 14:55:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{26C67F8F-2A39-4CD0-A1A0-E50A625D5126}
[2012.09.19 11:23:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{462D0FF6-2C92-41C6-84DB-830835388AA6}
[2012.09.18 12:11:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{208ABD91-D1EA-456D-83F4-66880A7361AD}
[2012.09.17 14:21:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F2170249-F1FA-4D04-A284-4E17051D7CC0}
[2012.09.16 13:07:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8B0E685C-932E-44F2-BD6F-793DDE035217}
[2012.09.15 11:33:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A753310-A4FC-442C-8F9D-10D9EA661638}
[2012.09.14 19:42:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9B9CB375-5727-4696-954B-F7FF2B04B636}
[2012.09.13 13:07:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F038945A-04FD-4C4A-978D-B0068F20A332}
[2012.09.10 18:11:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CF2583C5-05F5-4553-905A-7732C9F488AD}
[2012.09.09 14:26:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{05BF8F1B-4D03-4DCA-8C5E-74050CCD8937}
[2012.09.08 17:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.08 16:23:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EA1FC3F5-FCA9-4410-AA45-3BA68B6B023E}
[2012.09.07 15:09:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B846B9A1-1B25-4E3B-B868-50ABA5F0F592}
[2012.09.06 12:35:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{47A2C824-9060-4190-B4DD-5A655FC66332}
[2012.09.04 12:17:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A0548D6D-367B-4D3D-A034-99A0BEC41509}
[2012.09.03 11:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012.09.03 11:10:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp
[2012.09.03 10:39:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{83955893-EF53-4D60-BBAE-8E114CBA9549}
[2012.09.02 11:59:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E446985A-97EF-4D7D-A1EA-B9D1827836A1}
[2012.09.01 14:28:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2433A48C-CCBC-4390-B830-48A7FBC046FF}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.30 14:22:04 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.30 13:07:11 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 13:07:11 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 12:05:47 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.09.30 11:13:20 | 000,644,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.30 11:13:20 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.30 11:13:20 | 000,131,638 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.30 11:13:20 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.30 11:08:15 | 000,000,247 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012.09.30 11:08:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.30 11:07:13 | 000,049,399 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.30 11:07:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.30 11:07:04 | 3186,544,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.28 20:59:07 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.09.28 20:58:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.09.28 16:23:38 | 000,008,268 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.09.28 15:38:03 | 1060,445,980 | ---- | M] () -- C:\Users\***\Desktop\Desktopzeugs.zip
[2012.09.27 19:11:18 | 000,866,592 | ---- | M] () -- C:\Users\***\Desktop\Norton_Removal_Tool.exe
[2012.09.27 18:12:38 | 000,001,057 | ---- | M] () -- C:\Users\***\Desktop\Revo Uninstaller.lnk
[2012.09.27 16:37:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.09.27 16:27:32 | 004,758,332 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.09.26 16:53:16 | 296,856,796 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.25 12:37:20 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.24 10:11:04 | 000,000,000 | ---- | M] () -- C:\hpfr3320.xml
[2012.09.24 10:08:12 | 000,333,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.23 17:21:46 | 000,043,952 | ---- | M] () -- C:\Users\***\Desktop\Deckblatt.odt
[2012.09.23 14:24:18 | 000,018,812 | ---- | M] () -- C:\Users\***\Desktop\Bewerbung.odt
[2012.09.23 13:36:29 | 000,001,028 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.09.11 12:42:52 | 000,042,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.02 12:02:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.09.02 12:02:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
 
========== Files Created - No Company Name ==========
 
[2012.09.28 20:59:07 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.09.28 18:20:46 | 3186,544,640 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.27 19:11:18 | 000,866,592 | ---- | C] () -- C:\Users\***\Desktop\Norton_Removal_Tool.exe
[2012.09.27 18:12:38 | 000,001,057 | ---- | C] () -- C:\Users\***\Desktop\Revo Uninstaller.lnk
[2012.09.27 16:28:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.27 16:28:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.27 16:28:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.27 16:28:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.27 16:28:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.25 12:37:20 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.23 17:21:44 | 000,043,952 | ---- | C] () -- C:\Users\***\Desktop\Deckblatt.odt
[2012.09.23 14:29:57 | 001,037,574 | ---- | C] () -- C:\Users\***\Desktop\Beurteilungsbogen.jpg
[2012.09.23 14:24:15 | 000,018,812 | ---- | C] () -- C:\Users\***\Desktop\Bewerbung.odt
[2012.09.23 13:36:29 | 000,001,028 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2011.04.24 17:51:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.24 17:51:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.04.26 10:14:14 | 000,008,268 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.10.30 15:21:13 | 000,042,496 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.19 17:22:52 | 000,000,784 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009.07.20 03:23:16 | 000,049,399 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.20 03:10:29 | 000,000,247 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009.07.20 03:06:27 | 000,049,399 | ---- | C] () -- C:\ProgramData\nvModes.dat

< End of report >
--- --- ---



OTL Logfile:
Code:
OTL Extras logfile created on: 30.09.2012 14:24:23 - Run 4
OTL by OldTimer - Version 3.2.55.0    Folder = c:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 53,69% Memory free
6,15 Gb Paging File | 4,82 Gb Available in Paging File | 78,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 140,79 Gb Free Space | 63,30% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB6B60A-686B-4F89-9B4E-F98C2AAFA1BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0F7C5D12-5D17-4B39-8FC0-CE186DC73C93}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1D1CC9D1-2267-4040-A090-A1E04C7F4E2A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A7A3B1F5-905C-4BAC-876F-BA93A085E52E}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CBF11B-490C-4392-B887-5A0AC9608BCA}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{16B61A5F-B4A3-434B-B6AA-6D2A78492A50}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1D188C0B-8DCE-4DB4-A12D-3C3F1AA37559}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2990C36B-3F6D-4BD8-9A13-29C851D96CBC}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{45AA25EE-3C91-44B6-AEF4-92FD06E97264}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{7F652154-42C0-4CC8-BC27-737EB7867AFF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{914A1112-E535-45C1-98FB-6878A68D4AFB}" = protocol=17 | dir=in | app=c:\users\kerstin janke\appdata\local\temp\7zs65b5.tmp\symnrt.exe |
"{AAB32EC5-44FC-4CF3-8FFE-264C5B7383F0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BEC0135C-D8DE-4471-9D56-A312F55D26EE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{CCDE8CED-79EB-40C5-8F16-393723C60D1F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CD761528-B5E1-4C35-8F84-F59E36F26186}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DEC07384-E503-4226-A683-09D6FFB54BCD}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs65b5.tmp\symnrt.exe |
"{E3B9047B-2CAD-4EC5-A7A8-36E093F222A3}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F9B69B76-5B1F-44DA-85F4-3F8F03BDEB8B}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"TCP Query User{387EA576-F55E-4E57-AD7A-F68D767E8A22}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D5409EDE-2854-45CE-ABA7-A6BBC725DF78}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"avast" = avast! Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Philips Songbird" = Philips Songbird
"PokerStars" = PokerStars
"Revo Uninstaller" = Revo Uninstaller 1.94
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.07.2011 05:23:12 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.07.2011 11:43:13 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2011 03:47:12 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2011 06:13:48 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2011 11:03:38 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.07.2011 05:33:00 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 05:21:29 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 12:33:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 12:36:08 | Computer Name = ***-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
 
Error - 24.07.2011 07:14:09 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 28.09.2012 12:21:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 28.09.2012 12:26:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 28.09.2012 12:28:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 28.09.2012 12:28:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 30.09.2012 05:08:22 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 30.09.2012 05:08:22 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 30.09.2012 08:01:06 | Computer Name = ***-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 30.09.2012 08:01:06 | Computer Name = ***-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 30.09.2012 08:01:06 | Computer Name = ***-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 30.09.2012 08:01:06 | Computer Name = ***-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
 
< End of report >
--- --- ---



hier alle malwarebytes ergebnisse der letzten zeit...
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6433

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

24.04.2011 15:38:15
mbam-log-2011-04-24 (15-38-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 147243
Laufzeit: 16 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 7

Infizierte Speicherprozesse:
c:\program files\Philips\philips songbird\extensions\philips-autoplay@philips.com\application\philipssongbirdlauncher.exe (Trojan.MSIL.ND2) -> 1256 -> Unloaded process successfully.
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> 1356 -> Unloaded process successfully.
c:\programdata\41869064.exe (Trojan.FakeAlert) -> 2760 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PhilipsSongbirdLauncher (Trojan.MSIL.ND2) -> Value: PhilipsSongbirdLauncher -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files\Philips\philips songbird\extensions\philips-autoplay@philips.com\application\philipssongbirdlauncher.exe (Trojan.MSIL.ND2) -> Quarantined and deleted successfully.
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\41869064.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.25.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
*** :: WILSONSHEAD-PC [Administrator]

Schutz: Deaktiviert

25.09.2012 12:40:00
mbam-log-2012-09-25 (12-40-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195979
Laufzeit: 4 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rmARWGtDjHvYrkh.exe (Trojan.FakeAlert) -> Daten: C:\ProgramData\rmARWGtDjHvYrkh.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|EElJfUSLQMOTZp (Trojan.FakeAlert) -> Daten: C:\ProgramData\EElJfUSLQMOTZp.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\rmARWGtDjHvYrkh.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\EElJfUSLQMOTZp.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.25.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Deaktiviert

25.09.2012 16:50:46
mbam-log-2012-09-25 (16-50-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377280
Laufzeit: 56 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BL116P5O\readme[1].exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.25.09

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Deaktiviert

26.09.2012 10:29:25
mbam-log-2012-09-26 (10-29-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195484
Laufzeit: 4 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.25.09

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Deaktiviert

27.09.2012 14:58:03
mbam-log-2012-09-27 (14-58-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195682
Laufzeit: 4 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
VLG

DerJazzer 30.09.2012 17:47
Hi :)

Bitte installiere nichts ohne meine Anweisung (wie ich auch in meinem ersten Post geschrieben hatte)! Avast kannst du aber jetzt drauf lassen.

Schritt 1

Downloade bitte Grinler's unhide.exe auf deinen Desktop.
Starte das Tool mit Doppelklick.

Wenn es seine Arbeit getan hat, wird eine Nachricht mit Done aufpoppen. Der Desktop sollte nun wieder sein gewohntes Hintergrundbild haben.
Es wird auch eine Logfile, Unhide.txt erstellen. Poste diese bitte hier.


Schritt 2

Ich hoffe du hast deinen heruntergeladenen VLC-Player noch nicht installiert. Du hast nämlich eine infizierte Version heruntergeladen. Die löschen wir jetz gleich mit:
Code:
:files
%Userprofile%\Downloads\vlc-1.1.5-win32(2).exe
%Userprofile%\Downloads\vlc-1.1.5-win32.exe.part
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 3

Bitte gehe zu

Start --> Systemsteuerung --> Software

und deinstalliere die folgende Software:
Code:
Philips Songbird
Malwarebytes erkennt in dem Programm einen Trojaner. Wir sollten es daher sicherheitshalber deinstallieren. Steige auf einen anderen Mediaplayer um, z.B. den VLC oder Windows Media Player.
Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden oder nicht deinstallieren kannst.[/color]


Schritt 4

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunterladen.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Schritt 5

Adobe-Reader-Update
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader
    Start--> Systemsteuerung--> Software--> Adobe Reader
    und lade dir die neue Version von Hier herunter-
    Entferne den Haken für den McAfee SecurityScan bzw. Google Chrome.


Schritt 6

Adobe-Flash-Player-Update
  • Deinstalliere bitte deine aktuelle Version von Adobe Flash Player
    Start--> Systemsteuerung--> Software--> Adobe Reader
    und lade dir die neue Version von Hier herunter-
    Entferne den Haken für den McAfee SecurityScan bzw. Google Chrome.


Schritt 7

Aktuelle Firefox-Version
  • Aktualisiere deinen Firefox bitte über Firefox --> Hilfe --> Über Firefox und installiere alle vorhandenen Updates.

Schritt 8

VLC-Update:
  • Lade dir die neuste Version des VLC von Hier herunter und installiere sie.
  • Wenn der Installationsassistent fragt, ob er die alte Version deinstallieren soll, lasse dies bitte zu.

Schritt 9

Starte bitte die OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.


Bitte poste in deiner nächsten Antwort
  • Unhide.txt
  • OTL-Fixlog
  • OTL.txt & Extras.txt

Schnauf8 01.10.2012 12:04
hallo christoph! :)

als ich adobe reader installiert habe, hat sich google chrome und die toolbar mitinstalliert.
bei firefox stand, dass die version aktuell ist.


Code:
Unhide by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
  hxxp://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 10/01/2012 11:08:35 AM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 207906 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 324 files processed.

The C:\Users\KERSTI~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: hxxp://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  * Start_ShowPrinters was set to 0! It was set back to 1!
  * Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
  * Start_ShowNetConn was set to 0! It was set back to 1!
  * Start_TrackDocs was set to 0! It was set back to 1!
  * Start_TrackProgs was set to 0! It was set back to 1!
  * Start_ShowUser was set to 0! It was set back to 1!
  * Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 10/01/2012 11:14:31 AM
Execution time: 0 hours(s), 5 minute(s), and 56 seconds(s)

Code:
========== FILES ==========
C:\Users\***\Downloads\vlc-1.1.5-win32(2).exe moved successfully.
C:\Users\***\Downloads\vlc-1.1.5-win32.exe.part moved successfully.
 
OTL by OldTimer - Version 3.2.55.0 log created on 10012012_111951

OTL Logfile:
Code:
OTL logfile created on: 01.10.2012 12:27:17 - Run 5
OTL by OldTimer - Version 3.2.55.0    Folder = c:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,58% Memory free
6,15 Gb Paging File | 4,93 Gb Available in Paging File | 80,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 137,72 Gb Free Space | 61,92% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\SMINST\BLService.exe ()
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe ()
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\KERSTI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}
IE - HKCU\..\SearchScopes\{82BD1D8A-D6EB-48F9-A5B2-6DDEB211E69D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.28 20:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.27 16:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.01 12:10:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.27 16:09:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.01 12:10:45 | 000,000,000 | ---D | M]
 
[2010.12.24 19:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.24 19:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.09.28 15:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions
[2011.04.24 16:48:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.18 15:14:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.09.03 11:10:28 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m5jlyxpv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011.11.03 15:19:18 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\11-suche.xml
[2011.11.03 15:19:19 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\englische-ergebnisse.xml
[2011.11.03 15:19:18 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\gmx-suche.xml
[2011.11.03 15:19:19 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\lastminute.xml
[2011.08.13 12:07:35 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m5jlyxpv.default\searchplugins\webde-suche.xml
[2012.09.08 18:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.08 17:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.09.08 18:00:01 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.09.20 14:55:57 | 000,616,675 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M5JLYXPV.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.09.08 18:00:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.17 21:03:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:46:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.17 21:03:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.17 21:03:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.17 21:03:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.17 21:03:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2012.09.27 16:37:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63B0F2CE-4DF5-4CD8-BD2B-CADF98B5D1B5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD18C66B-7059-4412-A90A-2BF599DCE90B}: DhcpNameServer = 40.2.1.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.01 12:18:33 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.01 12:18:33 | 000,073,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.01 12:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.10.01 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.01 12:01:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.01 11:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.01 11:39:59 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.01 11:39:59 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.01 11:39:46 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.01 11:39:46 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.01 11:39:46 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.01 11:06:38 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\***\Desktop\unhide.exe
[2012.09.30 12:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.30 12:05:43 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.09.28 20:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.09.28 20:59:06 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.09.28 20:59:06 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.09.28 20:59:03 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.09.28 20:59:03 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.09.28 20:59:00 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.09.28 20:58:59 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.09.28 20:58:31 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.09.28 20:58:31 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.09.28 12:07:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.27 18:12:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.09.27 18:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012.09.27 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2012.09.27 16:38:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.27 16:36:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.09.27 16:28:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.27 16:28:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.27 16:28:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.27 16:28:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.27 16:27:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.27 16:23:29 | 004,758,332 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.09.27 16:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.09.25 17:58:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{42AED5A9-BF6E-4E45-92F1-49938B2F1471}
[2012.09.25 13:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.09.25 12:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.25 12:37:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.24 15:11:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012.09.24 12:36:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FCB9D587-3975-42A6-A657-03F3D95AFAD4}
[2012.09.24 10:13:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.24 10:13:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.24 10:12:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.24 10:12:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.24 10:12:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.24 10:12:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.24 10:12:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.24 10:12:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.23 13:36:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.09.23 13:33:29 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.09.23 13:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.09.23 13:30:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2012.09.23 12:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.09.23 12:19:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{28CCA128-9C2C-4A0D-99D6-B6BD795F2F75}
[2012.09.20 14:55:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{26C67F8F-2A39-4CD0-A1A0-E50A625D5126}
[2012.09.19 11:23:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{462D0FF6-2C92-41C6-84DB-830835388AA6}
[2012.09.18 12:11:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{208ABD91-D1EA-456D-83F4-66880A7361AD}
[2012.09.17 14:21:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F2170249-F1FA-4D04-A284-4E17051D7CC0}
[2012.09.16 13:07:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8B0E685C-932E-44F2-BD6F-793DDE035217}
[2012.09.15 11:33:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A753310-A4FC-442C-8F9D-10D9EA661638}
[2012.09.14 19:42:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9B9CB375-5727-4696-954B-F7FF2B04B636}
[2012.09.13 13:07:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F038945A-04FD-4C4A-978D-B0068F20A332}
[2012.09.10 18:11:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CF2583C5-05F5-4553-905A-7732C9F488AD}
[2012.09.09 14:26:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{05BF8F1B-4D03-4DCA-8C5E-74050CCD8937}
[2012.09.08 17:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.08 16:23:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EA1FC3F5-FCA9-4410-AA45-3BA68B6B023E}
[2012.09.07 15:09:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B846B9A1-1B25-4E3B-B868-50ABA5F0F592}
[2012.09.06 12:35:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{47A2C824-9060-4190-B4DD-5A655FC66332}
[2012.09.04 12:17:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A0548D6D-367B-4D3D-A034-99A0BEC41509}
[2012.09.03 11:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012.09.03 11:10:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp
[2012.09.03 10:39:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{83955893-EF53-4D60-BBAE-8E114CBA9549}
[2012.09.02 11:59:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E446985A-97EF-4D7D-A1EA-B9D1827836A1}
[2012.09.01 14:28:00 | 000,000,000 | ---D | C] -- C:\Users\***AppData\Local\{2433A48C-CCBC-4390-B830-48A7FBC046FF}
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.01 12:22:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.01 12:18:33 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.01 12:18:33 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.01 12:11:47 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.01 12:10:46 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.01 11:57:05 | 000,644,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.01 11:57:05 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.01 11:57:05 | 000,131,638 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.01 11:57:05 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.01 11:52:11 | 000,000,247 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012.10.01 11:51:55 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.01 11:51:26 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.01 11:51:26 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.01 11:51:25 | 000,049,399 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.10.01 11:51:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.01 11:51:16 | 3186,544,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.01 11:39:12 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.01 11:39:00 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.01 11:39:00 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.01 11:38:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.01 11:38:58 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.01 11:38:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.10.01 11:06:39 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\***\Desktop\unhide.exe
[2012.09.30 12:05:47 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.09.28 20:59:07 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.09.28 20:58:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.09.28 16:23:38 | 000,008,268 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.09.28 15:38:03 | 1060,445,980 | ---- | M] () -- C:\Users\***\Desktop\Desktopzeugs.zip
[2012.09.27 19:11:18 | 000,866,592 | ---- | M] () -- C:\Users\***\Desktop\Norton_Removal_Tool.exe
[2012.09.27 18:12:38 | 000,001,057 | ---- | M] () -- C:\Users\***\Desktop\Revo Uninstaller.lnk
[2012.09.27 16:37:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.09.27 16:27:32 | 004,758,332 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.09.26 16:53:16 | 296,856,796 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.25 12:37:20 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.24 10:11:04 | 000,000,000 | ---- | M] () -- C:\hpfr3320.xml
[2012.09.24 10:08:12 | 000,333,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.23 17:21:46 | 000,043,952 | ---- | M] () -- C:\Users\***\Desktop\Deckblatt.odt
[2012.09.23 14:24:18 | 000,018,812 | ---- | M] () -- C:\Users\***\Desktop\Bewerbung.odt
[2012.09.23 13:36:29 | 000,001,028 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.09.11 12:42:52 | 000,042,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.02 12:02:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.09.02 12:02:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
 
========== Files Created - No Company Name ==========
 
[2012.10.01 12:11:47 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.01 12:10:46 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.01 12:10:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.09.28 20:59:07 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.09.28 18:20:46 | 3186,544,640 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.27 19:11:18 | 000,866,592 | ---- | C] () -- C:\Users\***\Desktop\Norton_Removal_Tool.exe
[2012.09.27 18:12:38 | 000,001,057 | ---- | C] () -- C:\Users\***\Desktop\Revo Uninstaller.lnk
[2012.09.27 16:28:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.27 16:28:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.27 16:28:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.27 16:28:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.27 16:28:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.25 12:37:20 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.23 17:21:44 | 000,043,952 | ---- | C] () -- C:\Users\***\Desktop\Deckblatt.odt
[2012.09.23 14:29:57 | 001,037,574 | ---- | C] () -- C:\Users\***\Desktop\Beurteilungsbogen.jpg
[2012.09.23 14:24:15 | 000,018,812 | ---- | C] () -- C:\Users\***\Desktop\Bewerbung.odt
[2012.09.23 13:36:29 | 000,001,028 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2011.04.24 17:51:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.24 17:51:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.04.26 10:14:14 | 000,008,268 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.10.30 15:21:13 | 000,042,496 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.19 17:22:52 | 000,000,784 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009.07.20 03:23:16 | 000,049,399 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.20 03:10:29 | 000,000,247 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009.07.20 03:06:27 | 000,049,399 | ---- | C] () -- C:\ProgramData\nvModes.dat

< End of report >
--- --- ---



OTL Logfile:
Code:
OTL Extras logfile created on: 01.10.2012 12:27:17 - Run 5
OTL by OldTimer - Version 3.2.55.0    Folder = c:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,58% Memory free
6,15 Gb Paging File | 4,93 Gb Available in Paging File | 80,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 137,72 Gb Free Space | 61,92% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB6B60A-686B-4F89-9B4E-F98C2AAFA1BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0F7C5D12-5D17-4B39-8FC0-CE186DC73C93}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1D1CC9D1-2267-4040-A090-A1E04C7F4E2A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A7A3B1F5-905C-4BAC-876F-BA93A085E52E}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CBF11B-490C-4392-B887-5A0AC9608BCA}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{16B61A5F-B4A3-434B-B6AA-6D2A78492A50}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1D188C0B-8DCE-4DB4-A12D-3C3F1AA37559}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2990C36B-3F6D-4BD8-9A13-29C851D96CBC}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{45AA25EE-3C91-44B6-AEF4-92FD06E97264}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{7F652154-42C0-4CC8-BC27-737EB7867AFF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{914A1112-E535-45C1-98FB-6878A68D4AFB}" = protocol=17 | dir=in | app=c:\users\kerstin janke\appdata\local\temp\7zs65b5.tmp\symnrt.exe |
"{AAB32EC5-44FC-4CF3-8FFE-264C5B7383F0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BEC0135C-D8DE-4471-9D56-A312F55D26EE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{CCDE8CED-79EB-40C5-8F16-393723C60D1F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CD761528-B5E1-4C35-8F84-F59E36F26186}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DEC07384-E503-4226-A683-09D6FFB54BCD}" = protocol=6 | dir=in | app=c:\users\kerstin janke\appdata\local\temp\7zs65b5.tmp\symnrt.exe |
"{E3B9047B-2CAD-4EC5-A7A8-36E093F222A3}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F9B69B76-5B1F-44DA-85F4-3F8F03BDEB8B}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"TCP Query User{387EA576-F55E-4E57-AD7A-F68D767E8A22}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D5409EDE-2854-45CE-ABA7-A6BBC725DF78}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"avast" = avast! Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"Revo Uninstaller" = Revo Uninstaller 1.94
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.07.2011 07:08:03 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.07.2011 05:23:12 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.07.2011 11:43:13 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2011 03:47:12 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2011 06:13:48 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2011 11:03:38 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.07.2011 05:33:00 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 05:21:29 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 12:33:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 12:36:08 | Computer Name = ***-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
 
[ System Events ]
Error - 01.10.2012 05:52:15 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.10.2012 05:52:15 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 01.10.2012 06:01:51 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 01.10.2012 06:01:51 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 01.10.2012 06:01:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 01.10.2012 06:01:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.10.2012 06:01:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 01.10.2012 06:01:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.10.2012 06:01:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 01.10.2012 06:01:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

DerJazzer 02.10.2012 10:10
Hi :)

Die Logs sind sauber :daumenhoc

Schritt 1

Hast du Folgendes vergessen oder überlesen?

VLC-Update:

Zitat:
  • Lade dir die neuste Version des VLC von Hier herunter und installiere sie.
  • Wenn der Installationsassistent fragt, ob er die alte Version deinstallieren soll, lasse dies bitte zu.
Bitte unbedingt noch durchführen!


Schritt 2

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
Combofix /Uninstall
http://larusso.trojaner-board.de/Images/CFuninstall.jpg

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.


Schritt 3


OTL-CleanUp

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Schritt 4

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher, dass die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und dass diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demand Scan Tool, welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java, Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart außerdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese schaden deinem System mehr als sie helfen. Hier ein paar (englische) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
  • Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z. B. deinFoto.jpg.exe oder (aus aktuellem Anlass) angebliche Rechnungen im ZIP- oder Exe-Format
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, sodass ich diesen Thread aus meinen Abos löschen kann.

Schnauf8 04.10.2012 09:37
hallo christoph :)

die anweisung von dir, den vlc player herunterzuladen hatte ich tatsächlich vergessen. das habe ich aber jetzt nachgeholt und gleichzeitig dann auch die alte version deinstalliert.
zu schritt 2: ich habe 'Combofix /Uninstall' in das textfeld kopiert und wenn ich auf ok drücke erscheint die meldung: combofix konnte nicht gefunden werden. stellen sie sicher, dass sie den namen richtig eingegeben haben und wiederholen sie den vorgang. ich gab dann ComboFix /Uninstall ein, aber die gleiche meldung ploppte auf. gibt es noch einen anderen weg, combofix zu löschen?

VLG

DerJazzer 04.10.2012 14:39
Hi :)

befindet sich die heruntergeladene Combofix.exe auf deinem Desktop? Bitte platziere sie dort, wenn dem nicht so ist. Gehe dann wie folgt vor:

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
%Userprofile%\Desktop\Combofix.exe /Uninstall
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Schnauf8 04.10.2012 15:43
jetzt hat es wunderbar funktioniert und combofix wurde somit entfernt :daumenhoc

eine frage hätte ich noch wegen malwarebytes. es sind ja in der quarantäne immernoch diese trojaner und die 2 PUM.Hijack.Start... objekte, kann ich diese nun eigentlich löschen?

DerJazzer 04.10.2012 16:47
Hi :)

Hast du die Schritte 3 + 4 auch ausgeführt?

Du kannst die Funde jetzt aus der Quarantäne löschen ;)

DerJazzer 07.10.2012 17:44
Froh dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19