Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Auch GUV Trojaner (https://www.trojaner-board.de/122873-guv-trojaner.html)

xela 27.08.2012 17:56
Auch GUV Trojaner
 
Hallo liebe Leut,

auch mich hat der GUV Trojaner erwischt. Eigentlich wollte ich dies zum Anlass nehmen und meinen Rechner neu aufsetzen, aber da ich ein vorinstalliertes Vista habe ohne irgendwelche CDs geht das wohl nicht so einfach.

Also habe ich eine Systemwiederherstellung auf ein Datum vor der Infizierung gemacht. Das Ergebnis ist das ich wieder ins Internet komme ohne das diese "nette Seite" aufgeht. Aber sauber bin ich bestimmt nicht wegen der Systemwiederherstellung.

Über jede Hilfe wäre ich sehr dankbar.

LG xela

t'john 27.08.2012 18:50
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.


Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

xela 28.08.2012 09:33
Huhu und Danke für die freundliche Unterstützung :-)

Hier der Malware-Log

Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.08.27.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Alex :: ALEX-PC [Administrator]

Schutz: Aktiviert

27.08.2012 19:59:26
mbam-log-2012-08-27 (19-59-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 407388
Laufzeit: 2 Stunde(n), 29 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und die OTL:OTL Logfile:
Code:
OTL logfile created on: 28.08.2012 10:11:30 - Run 2
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,94% Memory free
4,24 Gb Paging File | 3,13 Gb Available in Paging File | 73,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,96 Gb Total Space | 55,35 Gb Free Space | 24,82% Space Free | Partition Type: NTFS
Drive D: | 9,92 Gb Total Space | 1,38 Gb Free Space | 13,87% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alex\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8837c17e16a1ebba04a1f625977bc907\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3173.28305__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3173.28298__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3173.28297__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3173.28302__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3173.28298__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3173.28144__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3173.28254__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3173.28117__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3173.28145__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3173.28138__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3173.28130__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3173.28233__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3173.28276__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3173.28246__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3173.28217__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3173.28198__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3173.28277__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3173.28130__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3173.28225__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3173.28226__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3173.28225__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3173.28296__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3173.28296__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3173.28275__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3173.28201__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3173.28238__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3173.28200__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3173.28247__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3173.28219__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3173.28146__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3173.28193__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3173.28131__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3173.28200__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3173.28146__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3173.28215__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3173.28199__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3173.28152__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3173.28200__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3173.28214__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3173.28216__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3127.31122__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3127.31117__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3127.31128__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3127.31160__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3127.31131__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3127.31160__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3127.31108__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3127.31110__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3127.31134__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3127.31130__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3127.31156__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3127.31111__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3127.31124__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3127.31186__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3127.31124__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3127.31121__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3127.31118__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3127.31135__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3127.31123__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3127.31137__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3127.31135__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3127.31159__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3127.31143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3127.31140__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3127.31156__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3127.31155__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3127.31143__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3127.31140__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3127.31139__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3127.31142__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3127.31130__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3127.31137__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3127.31136__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3127.31131__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3127.31141__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3127.31136__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3173.28288__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3127.31130__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3127.31123__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3173.28299__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3173.28115__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3173.28260_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.resources\2.0.3173.28124_de_90ba9c70f846762e\CLI.Component.Dashboard.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3173.28260__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3173.28138__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3173.28267__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3173.28115__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3173.28265__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3173.28117__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3127.31133__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3127.31115__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3127.31119__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3127.31132__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3127.31132__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3127.31114__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3127.31129__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3173.28124__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3173.28116__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3127.31126__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3173.28266__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3127.31144__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3173.28114__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3173.28115__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VcommMgr) -- System32\Drivers\VcommMgr.sys File not found
DRV - (VComm) -- system32\DRIVERS\VComm.sys File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IvtBtBUs) -- System32\Drivers\IvtBtBus.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (BTHidMgr) -- System32\Drivers\BTHidMgr.sys File not found
DRV - (BTHidEnum) -- System32\Drivers\vbtenum.sys File not found
DRV - (BtHidBus) -- System32\Drivers\BtHidBus.sys File not found
DRV - (Btcsrusb) -- System32\Drivers\btcusb.sys File not found
DRV - (BTCOMBUS) -- System32\Drivers\btcombus.sys File not found
DRV - (BTCOM) -- system32\DRIVERS\btcomport.sys File not found
DRV - (BT) -- system32\DRIVERS\btnetdrv.sys File not found
DRV - (BlueletSCOAudio) -- system32\DRIVERS\BlueletSCOAudio.sys File not found
DRV - (BlueletAudio) -- system32\DRIVERS\blueletaudio.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (akdv9l8f) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (vvftav323) -- C:\Windows\System32\drivers\vvftav323.sys (Vimicro Corporation)
DRV - (vmcam325av) -- C:\Windows\System32\drivers\vmcam323av.sys (Vimicro Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {BB0005C6-5631-402D-B8BB-89CA38008EB7}
IE - HKLM\..\SearchScopes\{BB0005C6-5631-402D-B8BB-89CA38008EB7}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{CFC3546A-D1EA-46BF-87D6-8B98E481891A}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Google [binary data]
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\SearchScopes\{BB0005C6-5631-402D-B8BB-89CA38008EB7}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\SearchScopes\{CFC3546A-D1EA-46BF-87D6-8B98E481891A}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.02.23 12:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.08.17 14:01:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.01 10:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.18 14:14:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.08.17 14:01:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.01 10:55:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.18 14:14:43 | 000,000,000 | ---D | M]
 
[2008.10.13 16:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2012.05.10 09:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8r08t7sr.default\extensions
[2010.10.27 18:35:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8r08t7sr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.18 06:42:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8r08t7sr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.03.12 20:07:52 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8r08t7sr.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.05.10 09:12:41 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8r08t7sr.default\extensions\2020Player_WEB@2020Technologies.com
[2010.10.27 18:35:22 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8r08t7sr.default\extensions\vshare@toolbar
[2012.08.22 09:46:25 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-1.xml
[2010.04.02 20:36:11 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-10.xml
[2010.07.05 16:03:36 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-11.xml
[2010.07.05 17:46:47 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-12.xml
[2010.07.27 08:41:01 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-13.xml
[2010.09.21 08:59:12 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-14.xml
[2010.10.22 14:21:45 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-15.xml
[2010.10.29 20:47:01 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-16.xml
[2010.11.14 10:36:30 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-17.xml
[2011.03.03 09:43:50 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-18.xml
[2011.03.06 09:07:15 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-19.xml
[2009.08.04 20:21:50 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-2.xml
[2011.03.27 09:22:06 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-20.xml
[2011.04.19 21:17:28 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-21.xml
[2011.05.24 06:36:04 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-22.xml
[2009.09.16 09:19:30 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-3.xml
[2009.10.28 21:30:01 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-4.xml
[2009.12.18 11:31:30 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-5.xml
[2010.01.07 00:05:40 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-6.xml
[2010.02.20 22:55:39 | 000,000,961 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-7.xml
[2010.03.13 14:25:30 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-8.xml
[2010.03.26 15:30:53 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-9.xml
[2009.07.13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin.xml
[2010.10.27 18:35:31 | 000,001,583 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\web-search.xml
[2012.04.27 21:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.19 16:09:40 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.10.19 14:28:29 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2012.08.01 10:55:07 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.17 17:42:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.20 09:51:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.11.13 23:56:57 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.20 09:51:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.20 09:51:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.19 21:17:19 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.20 09:51:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 09:51:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 09:51:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Babylon Translator = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
CHR - Extension: Babylon Translator = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpqSRMon]  File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..Trusted Domains: apemap.com ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AC352E0-A987-4B4F-9AB7-BC1581E4C253}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.19 14:39:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4509cf76-609d-11de-a8a1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.27 19:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.27 19:24:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.27 19:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.27 19:23:15 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Alex\mbam-setup-1.62.0.1300.exe
[2012.08.27 18:45:03 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012.08.20 12:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012.08.08 20:01:48 | 000,000,000 | ---D | C] -- C:\Users\Alex\Nauheim
[2012.08.08 13:42:24 | 001,690,096 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxsfs.dll
[2012.08.08 13:42:24 | 000,158,192 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxwma.dll
[2012.08.08 13:42:24 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxhpinst.exe
[2012.08.08 13:42:24 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxcpya64.exe
[2012.08.08 13:42:24 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxinsa64.exe
[2012.08.08 13:42:24 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys
[2012.08.08 13:42:24 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys
[2012.08.08 13:42:23 | 000,584,176 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\px.dll
[2012.08.08 13:42:23 | 000,547,312 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxdrv.dll
[2012.08.08 13:42:23 | 000,379,376 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxwave.dll
[2012.08.08 13:42:23 | 000,186,864 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\pxmas.dll
[2012.08.08 13:42:23 | 000,039,672 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\vxblock.dll
[2009.06.01 00:58:45 | 000,503,439 | ---- | C] (Peter B Clements) -- C:\Users\Alex\QuickPar-0.9.1.0-DEU.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.28 10:06:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.28 10:05:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 10:05:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 10:05:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.28 10:05:47 | 2145,574,912 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.27 22:32:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.27 21:59:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.27 21:56:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4112236697-1063587932-1456566171-1000UA.job
[2012.08.27 20:56:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4112236697-1063587932-1456566171-1000Core.job
[2012.08.27 19:24:40 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.27 19:23:22 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Alex\mbam-setup-1.62.0.1300.exe
[2012.08.27 18:46:16 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\3ez23e2q.exe
[2012.08.27 18:45:05 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012.08.27 18:44:51 | 000,050,477 | ---- | M] () -- C:\Users\Alex\Desktop\Defogger.exe
[2012.08.27 13:07:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.25 12:16:01 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.08.15 08:59:29 | 000,002,043 | ---- | M] () -- C:\Users\Alex\Desktop\Google Chrome.lnk
[2012.08.10 09:22:08 | 000,073,216 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.09 10:41:40 | 000,002,631 | ---- | M] () -- C:\Users\Alex\Desktop\Microsoft Office Word 2007.lnk
[2012.08.08 13:42:22 | 000,072,176 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxhpinst.exe
[2012.08.08 13:42:22 | 000,066,544 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxcpya64.exe
[2012.08.08 13:42:22 | 000,066,032 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxinsa64.exe
[2012.08.08 13:42:22 | 000,009,200 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys
[2012.08.08 13:42:22 | 000,009,072 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys
[2012.08.08 13:42:18 | 001,690,096 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxsfs.dll
[2012.08.08 13:42:17 | 000,584,176 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\px.dll
[2012.08.08 13:42:17 | 000,547,312 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxdrv.dll
[2012.08.08 13:42:17 | 000,379,376 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxwave.dll
[2012.08.08 13:42:17 | 000,186,864 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxmas.dll
[2012.08.08 13:42:17 | 000,158,192 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxwma.dll
[2012.08.08 13:42:17 | 000,039,672 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\vxblock.dll
[2012.08.08 11:57:02 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.08 11:57:02 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.08 11:57:02 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.08 11:57:02 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.27 19:24:40 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.27 18:46:15 | 000,302,592 | ---- | C] () -- C:\Users\Alex\Desktop\3ez23e2q.exe
[2012.08.27 18:44:50 | 000,050,477 | ---- | C] () -- C:\Users\Alex\Desktop\Defogger.exe
[2012.08.25 08:10:24 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.04.01 13:02:06 | 007,067,123 | ---- | C] () -- C:\Users\Alex\100_4376.MOV
[2012.04.01 13:02:02 | 015,925,547 | ---- | C] () -- C:\Users\Alex\100_4372.MOV
[2012.04.01 13:01:57 | 032,808,307 | ---- | C] () -- C:\Users\Alex\100_4371.MOV
[2012.04.01 13:01:50 | 038,347,875 | ---- | C] () -- C:\Users\Alex\100_4368.MOV
[2011.11.28 11:04:22 | 000,000,872 | ---- | C] () -- C:\Users\Alex\.recently-used.xbel
[2011.11.02 08:34:10 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.02.23 12:24:37 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.02.03 22:31:08 | 000,000,523 | ---- | C] () -- C:\Users\Alex\Eigene Datein Daniel.lnk
[2010.08.25 18:54:13 | 000,579,844 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\mdbu.bin
[2009.01.23 20:58:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.12.03 11:35:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.10.13 20:01:17 | 000,073,216 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.13 11:40:24 | 000,000,092 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\wklnhst.dat
[2008.10.13 11:27:38 | 000,002,032 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 28.08.2012 10:11:30 - Run 2
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,94% Memory free
4,24 Gb Paging File | 3,13 Gb Available in Paging File | 73,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,96 Gb Total Space | 55,35 Gb Free Space | 24,82% Space Free | Partition Type: NTFS
Drive D: | 9,92 Gb Total Space | 1,38 Gb Free Space | 13,87% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4112236697-1063587932-1456566171-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9918F91C-E314-469E-A6AD-5E580433BAAE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10A24486-E82B-473D-A8A9-2213FBD3E4A0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2080D3E0-90EB-4801-9368-7E4C9C43346F}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{2CDAB147-CD69-4D18-AB29-23D98D1F2AEC}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{2F8A531C-DC8F-451E-8664-D76AF02BFB65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{3E8F0898-3BB2-42AE-92C8-29E62E687535}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{4BBD4B32-5731-49B8-88B3-2F1F48BDD5F8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{56A58FE4-AE33-4024-BC03-0DF520BB95D5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{5A8E1D5C-2600-4B49-87A3-9CB6D392D768}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{611BB157-25B1-4F45-825F-2445C480A589}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68C05218-53D0-497A-B7ED-0213FA96EC87}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{724F44D9-C4B8-410A-BC4C-DCB99ABB1E4B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{76CD6BEF-E98B-42F0-BEAC-BA33A6736710}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{7708CAAC-5D59-4BBF-850E-5580D6884075}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{87BAC00B-5525-429F-BDE6-AE82D44CCF7C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{8EE30902-74A0-4F9F-8DDD-943C8302C067}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{97A7FBCD-8FE2-4606-89E2-6826B9B8D4FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{9A5A155E-8662-473B-B16B-DD817EF660EE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{9E2E57FD-E367-43F9-8DDD-08AAC7911C5C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{B46D97AE-A980-4D4C-8DE4-ED2703E2CC53}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{B51F3E80-3AD9-4996-875E-9932826F2605}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{B9982EC4-0B1B-4E7F-A5B8-E39726360A64}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{CD18BF80-841C-49E8-BA83-5C2ACC35C5A6}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D0DCE562-BC06-4E70-ACCB-15DC9236F2DC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DB933C33-B8FC-4F50-B0B9-85742B9FB4A5}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{DDFDB3BE-786A-4AB7-ABBB-7AA04F4D08A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DEBC9EB1-CAA8-4FBA-9448-7D672C65D50B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F3674661-F766-41EC-A13A-3EB0C6491A82}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"TCP Query User{50C46BCA-81DE-4895-BF4E-F37233684E49}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7C17C809-9EE4-409F-9874-C554E549FCCC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{7DD974A9-B221-4BC1-A390-FAED3211B977}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{83A26075-2E81-4222-973A-56775B99F04A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{A962625D-3CAE-4CC9-9964-01DA9772EA38}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E4D61055-4B0D-4894-A5EC-FAA4E72DA4FE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{274B33B5-3EAE-4210-9DC1-62A34A780831}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{50B3CBF8-9431-4095-9BCF-501173A51B2C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{65610110-E6A8-43D8-839F-75B9195A2F57}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C4173F87-1645-4701-A510-21C536B23E52}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E4E5948A-3B22-4B13-AD9F-D8A96968C947}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F1CBBA8B-B013-4C62-A243-FE80C6FBB6CF}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00549373-1230-5B73-04A3-93D1327792B8}" = Catalyst Control Center Localization German
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0EF47130-9AB5-EF22-0EE8-BEDDB62BC141}" = ATI Catalyst Install Manager
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2A9918FA-C84E-A688-A95C-58E698B9ACAE}" = Catalyst Control Center InstallProxy
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{314C4BDC-7A9C-EE82-778A-43AFBAA2194A}" = Skins
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{36820BCA-FC55-452E-9085-6E6F1F55508D}" = Vimicro USB PC Camera(VC0323)
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EF412E0-CAB1-9360-0135-0AF5211BA481}" = ccc-core-static
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{6422CFA5-56AB-190B-C123-C9834C0E3DD7}" = CCC Help English
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D3F5F18-7F7A-4826-87E4-315BBDB45E80}" = freenet SMS
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{81271212-A23B-509A-4DF4-33DFCA549B05}" = Catalyst Control Center Core Implementation
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A3608674-6CC3-6E9A-46AD-4531137E9F0E}" = Catalyst Control Center HydraVision Full
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8BAE044-1DA3-F614-2FF0-8EFAB84FFFDA}" = Catalyst Control Center Graphics Full Existing
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3D5379C-1B3B-DC2A-9855-59B3E558D2FD}" = Catalyst Control Center Graphics Previews Vista
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7D7E773-28D5-4044-9172-89BE4C72C737}" = ape@map
"{BC260D14-D116-F8E1-98C6-97C275B27C77}" = Catalyst Control Center Graphics Full New
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CED4901B-597A-59DD-D4C2-D4E66D773777}" = CCC Help German
"{D00C86F0-A5D5-D55C-E417-95ED1051CB9E}" = ccc-utility
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA7938AF-DB49-4436-644B-776AD2DC7E66}" = Catalyst Control Center Graphics Light
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ANNO 1602 Königs-Edition" = ANNO 1602 Königs-Edition
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Kalender-Excel_is1" = Kalender-Excel 8.6.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PartyPoker" = PartyPoker
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"pdfsam" = pdfsam
"QuickPar" = QuickPar 0.9
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shop for HP Supplies" = Shop for HP Supplies
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 0.9.6
"WildTangent hp Master Uninstall" = My HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"WMV To Wav Converter_is1" = WMV To Wav Converter version 1.0
"XnView_is1" = XnView 1.96.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4112236697-1063587932-1456566171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.03.2011 16:46:36 | Computer Name = Alex-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 23.03.2011 17:45:55 | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LEXPPS.EXE, Version 8.16.0.0, Zeitstempel 0x3e5a944f,
 fehlerhaftes Modul LEXBCE.DLL_unloaded, Version 0.0.0.0, Zeitstempel 0x3e5a9489,
 Ausnahmecode 0xc0000005, Fehleroffset 0x6300fd00,  Prozess-ID 0x654, Anwendungsstartzeit
 01cbe99a0e4f90c0.
 
Error - 26.03.2011 19:10:55 | Computer Name = Alex-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 27.03.2011 16:45:53 | Computer Name = Alex-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 01.04.2011 15:14:17 | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung HpqSRmon.exe, Version 11.0.0.142, Zeitstempel
 0x47d78822, fehlerhaftes Modul HpqSRmon.exe, Version 11.0.0.142, Zeitstempel 0x47d78822,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000033c5,  Prozess-ID 0xba8, Anwendungsstartzeit
 01cbf0a0fcbf3289.
 
Error - 03.04.2011 05:51:03 | Computer Name = Alex-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 03.04.2011 05:51:03 | Computer Name = Alex-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 03.04.2011 17:28:26 | Computer Name = Alex-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 04.04.2011 07:24:20 | Computer Name = Alex-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 04.04.2011 16:38:50 | Computer Name = Alex-PC | Source = EventSystem | ID = 4621
Description =
 
[ System Events ]
Error - 27.08.2012 07:04:05 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 27.08.2012 07:04:05 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.08.2012 12:40:06 | Computer Name = Alex-PC | Source = HTTP | ID = 15016
Description =
 
Error - 27.08.2012 12:41:49 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 27.08.2012 12:41:50 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 27.08.2012 12:42:26 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 27.08.2012 12:42:27 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 28.08.2012 04:05:56 | Computer Name = Alex-PC | Source = HTTP | ID = 15016
Description =
 
Error - 28.08.2012 04:07:40 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 28.08.2012 04:07:45 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---

Bin ja gespannt wies aussieht.....hoffe es kommt nicht noch mehr zum Vorschein.

Und tausend Danke für eure Mühe

LG xela

t'john 28.08.2012 19:28
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
:OTL
DRV - (VcommMgr) -- System32\Drivers\VcommMgr.sys File not found
DRV - (VComm) -- system32\DRIVERS\VComm.sys File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IvtBtBUs) -- System32\Drivers\IvtBtBus.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (BTHidMgr) -- System32\Drivers\BTHidMgr.sys File not found
DRV - (BTHidEnum) -- System32\Drivers\vbtenum.sys File not found
DRV - (BtHidBus) -- System32\Drivers\BtHidBus.sys File not found
DRV - (Btcsrusb) -- System32\Drivers\btcusb.sys File not found
DRV - (BTCOMBUS) -- System32\Drivers\btcombus.sys File not found
DRV - (BTCOM) -- system32\DRIVERS\btcomport.sys File not found
DRV - (BT) -- system32\DRIVERS\btnetdrv.sys File not found
DRV - (BlueletSCOAudio) -- system32\DRIVERS\BlueletSCOAudio.sys File not found
DRV - (BlueletAudio) -- system32\DRIVERS\blueletaudio.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (akdv9l8f) -- File not found
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=dpg&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {BB0005C6-5631-402D-B8BB-89CA38008EB7}
IE - HKLM\..\SearchScopes\{BB0005C6-5631-402D-B8BB-89CA38008EB7}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{CFC3546A-D1EA-46BF-87D6-8B98E481891A}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=dpg&s={searchTerms}&f=4
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\SearchScopes\{BB0005C6-5631-402D-B8BB-89CA38008EB7}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..\SearchScopes\{CFC3546A-D1EA-46BF-87D6-8B98E481891A}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=dpg&s={searchTerms}&f=4
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - Extension: Babylon Translator = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
CHR - Extension: Babylon Translator = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O15 - HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\..Trusted Domains: apemap.com ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.19 14:39:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4509cf76-609d-11de-a8a1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Menu.exe
 
[2012.08.27 18:46:16 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\3ez23e2q.exe
[2012.08.25 12:16:01 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.08.22 09:46:25 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-1.xml
[2010.04.02 20:36:11 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-10.xml
[2010.07.05 16:03:36 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-11.xml
[2010.07.05 17:46:47 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-12.xml
[2010.07.27 08:41:01 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-13.xml
[2010.09.21 08:59:12 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-14.xml
[2010.10.22 14:21:45 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-15.xml
[2010.10.29 20:47:01 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-16.xml
[2010.11.14 10:36:30 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-17.xml
[2011.03.03 09:43:50 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-18.xml
[2011.03.06 09:07:15 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-19.xml
[2009.08.04 20:21:50 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-2.xml
[2011.03.27 09:22:06 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-20.xml
[2011.04.19 21:17:28 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-21.xml
[2011.05.24 06:36:04 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-22.xml
[2009.09.16 09:19:30 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-3.xml
[2009.10.28 21:30:01 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-4.xml
[2009.12.18 11:31:30 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-5.xml
[2010.01.07 00:05:40 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-6.xml
[2010.02.20 22:55:39 | 000,000,961 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-7.xml
[2010.03.13 14:25:30 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-8.xml
[2010.03.26 15:30:53 | 000,000,950 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-9.xml
[2009.07.13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin.xml
[2010.10.27 18:35:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8r08t7sr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.27 18:35:22 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8r08t7sr.default\extensions\vshare@toolbar
[2010.10.27 18:35:31 | 000,001,583 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\web-search.xml
[2008.10.19 14:28:29 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}

[2012.08.28 10:06:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.27 21:59:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.27 21:56:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4112236697-1063587932-1456566171-1000UA.job
[2012.08.27 20:56:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4112236697-1063587932-1456566171-1000Core.job
[2012.08.27 13:07:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2008.12.03 11:35:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
:Files

C:\Users\Alex\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Alex\AppData\Local\Temp\*.exe
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

xela 29.08.2012 10:39
Hallo t´john,

hab deine Anweisungen befolgt aber es scheint irgendwas schief gelaufen zu sein.

Ich hab den Fix kopiert und eingefügt und dann auf Fix gedrückt. OTL fing auch gleich an fleissig zu rattern.....irgendwann stand oben in der Leiste "Keine Rückmeldung" aber nach kurzer Pause gings weiter. Bis dann das Fenster aufging und mir sagte, das das Programm nicht mehr reagiert.

Nun ist der Desktop leer. Hab jetzt nichts weiter gemacht, hoffentlich bin ich noch zu retten.

t'john 29.08.2012 19:39
Neustarten, nochmal probieren.

xela 30.08.2012 08:30
Guten Morgen,

hat geklappt und hier der Log:

Code:
All processes killed
========== OTL ==========
Error: No service named VcommMgr was found to stop!
Service\Driver key VcommMgr not found.
File  System32\Drivers\VcommMgr.sys File not found not found.
Error: No service named VComm was found to stop!
Service\Driver key VComm not found.
File  system32\DRIVERS\VComm.sys File not found not found.
Error: No service named SymIMMP was found to stop!
Service\Driver key SymIMMP not found.
File  system32\DRIVERS\SymIM.sys File not found not found.
Error: No service named pccsmcfd was found to stop!
Service\Driver key pccsmcfd not found.
File  system32\DRIVERS\pccsmcfd.sys File not found not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File  system32\DRIVERS\nwlnkfwd.sys File not found not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File  system32\DRIVERS\nwlnkflt.sys File not found not found.
Error: No service named IvtBtBUs was found to stop!
Service\Driver key IvtBtBUs not found.
File  System32\Drivers\IvtBtBus.sys File not found not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File  system32\DRIVERS\ipinip.sys File not found not found.
Error: No service named BTHidMgr was found to stop!
Service\Driver key BTHidMgr not found.
File  System32\Drivers\BTHidMgr.sys File not found not found.
Error: No service named BTHidEnum was found to stop!
Service\Driver key BTHidEnum not found.
File  System32\Drivers\vbtenum.sys File not found not found.
Error: No service named BtHidBus was found to stop!
Service\Driver key BtHidBus not found.
File  System32\Drivers\BtHidBus.sys File not found not found.
Error: No service named Btcsrusb was found to stop!
Service\Driver key Btcsrusb not found.
File  System32\Drivers\btcusb.sys File not found not found.
Error: No service named BTCOMBUS was found to stop!
Service\Driver key BTCOMBUS not found.
File  System32\Drivers\btcombus.sys File not found not found.
Error: No service named BTCOM was found to stop!
Service\Driver key BTCOM not found.
File  system32\DRIVERS\btcomport.sys File not found not found.
Error: No service named BT was found to stop!
Service\Driver key BT not found.
File  system32\DRIVERS\btnetdrv.sys File not found not found.
Error: No service named BlueletSCOAudio was found to stop!
Service\Driver key BlueletSCOAudio not found.
File  system32\DRIVERS\BlueletSCOAudio.sys File not found not found.
Error: No service named BlueletAudio was found to stop!
Service\Driver key BlueletAudio not found.
File  system32\DRIVERS\blueletaudio.sys File not found not found.
Error: No service named blbdrive was found to stop!
Service\Driver key blbdrive not found.
File  C:\Windows\system32\drivers\blbdrive.sys File not found not found.
Error: No service named akdv9l8f was found to stop!
Service\Driver key akdv9l8f not found.
File  File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB0005C6-5631-402D-B8BB-89CA38008EB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB0005C6-5631-402D-B8BB-89CA38008EB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFC3546A-D1EA-46BF-87D6-8B98E481891A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFC3546A-D1EA-46BF-87D6-8B98E481891A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4112236697-1063587932-1456566171-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
HKEY_USERS\S-1-5-21-4112236697-1063587932-1456566171-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4112236697-1063587932-1456566171-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4112236697-1063587932-1456566171-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-4112236697-1063587932-1456566171-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-4112236697-1063587932-1456566171-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB0005C6-5631-402D-B8BB-89CA38008EB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB0005C6-5631-402D-B8BB-89CA38008EB7}\ not found.
Registry key HKEY_USERS\S-1-5-21-4112236697-1063587932-1456566171-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFC3546A-D1EA-46BF-87D6-8B98E481891A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFC3546A-D1EA-46BF-87D6-8B98E481891A}\ not found.
HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-4112236697-1063587932-1456566171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" removed from browser.search.defaulturl
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
File C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll not found.
File C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0 not found.
File C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Health Check Scheduler not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateReg not found.
File C:\Windows\System32\jureg.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
File C:\Programs\PartyGaming\PartyPoker\RunApp.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
File C:\Programs\PartyGaming\PartyPoker\RunApp.exe not found.
Registry key HKEY_USERS\S-1-5-21-4112236697-1063587932-1456566171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\apemap.com\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4509cf76-609d-11de-a8a1-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4509cf76-609d-11de-a8a1-806e6f6e6963}\ not found.
File F:\Menu.exe not found.
File C:\Users\Alex\Desktop\3ez23e2q.exe not found.
File C:\ProgramData\0tbpw.pad not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-10.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-11.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-12.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-13.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-14.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-15.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-16.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-17.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-18.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-19.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-2.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-20.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-21.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-22.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-3.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-4.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-5.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-6.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-7.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-8.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin-9.xml not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\icqplugin.xml not found.
Folder C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8r08t7sr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\8r08t7sr.default\extensions\vshare@toolbar\ not found.
File C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\searchplugins\web-search.xml not found.
Folder C:\Programme\Mozilla Firefox\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4112236697-1063587932-1456566171-1000UA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4112236697-1063587932-1456566171-1000Core.job not found.
C:\Windows\Tasks\Google Software Updater.job moved successfully.
File C:\ProgramData\ezsidmv.dat not found.
========== FILES ==========
File\Folder C:\Users\Alex\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Alex\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Alex\Desktop\cmd.bat deleted successfully.
C:\Users\Alex\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alex
->Temp folder emptied: 6732 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->FireFox cache emptied: 6458818 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 466051058 bytes
RecycleBin emptied: 1568790905 bytes
 
Total Files Cleaned = 1.947,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 08302012_092041

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john 30.08.2012 19:18
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

xela 31.08.2012 16:46
Hallöchen :party:

Also Rechner läuft gut, so wie immer.

Hier der Malware-Log:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.31.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Alex :: ALEX-PC [Administrator]

Schutz: Aktiviert

31.08.2012 15:21:40
mbam-log-2012-08-31 (15-21-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 396152
Laufzeit: 2 Stunde(n), 13 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und der AdwCleaner:

# AdwCleaner v2.000 - Datei am 08/31/2012 um 17:40:59 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : Alex - ALEX-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Alex\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\Program Files\DAEMON Tools Toolbar
Ordner Gefunden : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gefunden : C:\Users\Alex\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Alex\AppData\LocalLow\facemoods.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\prefs.js

Gefunden : user_pref("CT1351351.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT1351351.AllowNonPrivacy", false);
Gefunden : user_pref("CT1351351.CTID", "CT1351351");
Gefunden : user_pref("CT1351351.CTPBaseServerUrl", "hxxp://services.conduit.com/");
Gefunden : user_pref("CT1351351.CommunityChanged", false);
Gefunden : user_pref("CT1351351.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT1351351.EMailNotifierPollDate", "Sun Oct 19 2008 14:59:23 GMT+0200");
Gefunden : user_pref("CT1351351.EnableUsage", false);
Gefunden : user_pref("CT1351351.FeedLastCount128311388426518939", 110);
Gefunden : user_pref("CT1351351.FeedPollDate128394382574669410", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gefunden : user_pref("CT1351351.FeedPollDate128394382574669411", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gefunden : user_pref("CT1351351.FeedPollDate128394382574669412", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gefunden : user_pref("CT1351351.FeedPollDate128394382574669413", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gefunden : user_pref("CT1351351.FeedPollDate128394382574669414", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gefunden : user_pref("CT1351351.FeedPollDate128559429569307240", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gefunden : user_pref("CT1351351.FirstTime", true);
Gefunden : user_pref("CT1351351.FirstTimeFF3", true);
Gefunden : user_pref("CT1351351.FixPageNotFoundErrors", false);
Gefunden : user_pref("CT1351351.Initialize", true);
Gefunden : user_pref("CT1351351.InitializeCommonPrefs", true);
Gefunden : user_pref("CT1351351.IsGrouping", false);
Gefunden : user_pref("CT1351351.IsMulticommunity", false);
Gefunden : user_pref("CT1351351.IsOpenThankYouPage", true);
Gefunden : user_pref("CT1351351.IsOpenUninstallPage", true);
Gefunden : user_pref("CT1351351.LanguagePackLastCheckTime", "Sun Oct 19 2008 14:59:25 GMT+0200");
Gefunden : user_pref("CT1351351.LanguagePackReloadInterval", "24");
Gefunden : user_pref("CT1351351.LastLogin", "Sun Oct 19 2008 14:59:21 GMT+0200");
Gefunden : user_pref("CT1351351.Locale", "de-de");
Gefunden : user_pref("CT1351351.LoginCache", "3");
Gefunden : user_pref("CT1351351.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT1351351.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT1351351.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT1351351.MyGadgetsServerUrl", "hxxp://services.MyStuff.u-page.com/MyStuffService.asmx/Le[...]
Gefunden : user_pref("CT1351351.MyGadgetsTrustedDomains", "u-page.com");
Gefunden : user_pref("CT1351351.RadioIsPodcast", false);
Gefunden : user_pref("CT1351351.RadioLastCheckTime", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gefunden : user_pref("CT1351351.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT1351351.RadioLastUpdateServer", "128685707024670000");
Gefunden : user_pref("CT1351351.RadioMediaID", "6297981");
Gefunden : user_pref("CT1351351.RadioMediaType", "Media Player");
Gefunden : user_pref("CT1351351.RadioMenuSelectedID", "EBRadioMenu_CT13513516297981");
Gefunden : user_pref("CT1351351.RadioStationName", "SWR3%20");
Gefunden : user_pref("CT1351351.RadioStationURL", "hxxp://213.200.75.248/swr3$livestream.wma");
Gefunden : user_pref("CT1351351.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT1351351.Server", "hxxp://users.conduit.com");
Gefunden : user_pref("CT1351351.SettingsLastUpdate", "1224089902");
Gefunden : user_pref("CT1351351.ThirdPartyComponentsInterval", "24");
Gefunden : user_pref("CT1351351.ThirdPartyComponentsLastCheck", "Sun Oct 19 2008 14:59:21 GMT+0200");
Gefunden : user_pref("CT1351351.ThirdPartyComponentsLastUpdate", "1224089902");
Gefunden : user_pref("CT1351351.ToolbarAlignMode", "SYSTEM");
Gefunden : user_pref("CT1351351.ToolbarName", "Softonic Deutsch");
Gefunden : user_pref("CT1351351.UserID", "UN20081019145920998");
Gefunden : user_pref("CT1351351.VusualLastUpdateTime", "1224089902");
Gefunden : user_pref("CT1351351.WeatherNetwork", "");
Gefunden : user_pref("CT1351351.WeatherPollDate", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gefunden : user_pref("CT1351351.WeatherUnit", "C");
Gefunden : user_pref("CommunityToolbar.MyGadgetsIntervalMM", 1440);
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT1351351");
Gefunden : user_pref("extensions.dealply.partner", "_facemoods");

Profilname : default
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\g9o8pgsa.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v21.0.1180.83

Datei : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.37] : icon_url = "hxxp://facemoods.com/favicon.ico",
Gefunden [l.40] : keyword = "facemoods.com",
Gefunden [l.43] : search_url = "hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4",

*************************

AdwCleaner[R1].txt - [7356 octets] - [31/08/2012 17:40:59]

########## EOF - C:\AdwCleaner[R1].txt - [7416 octets] ##########

t'john 31.08.2012 23:37
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

xela 01.09.2012 09:36
Guten morgen t´john,

wenn ich das Setup für Emsisoft laufen lasse, sagt er mir das ich für den Betrieb von Vista das Service Pack 2 brauche.

Wo krieg ich das jetzt am besten her? Bin ein bisschen vorsichtig und will nicht irgendwo irgendwas runterladen.

t'john 02.09.2012 08:06
Alles Windows Updates einspielen, inkl. Service Pack!

Du musst es nicht extra runterladen, es laeuft ueber Updates.

xela 02.09.2012 18:12
So, jetzt hab ich´s endlich. Hier die Logs

# AdwCleaner v2.000 - Datei am 09/01/2012 um 10:09:37 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : Alex - ALEX-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Alex\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\Alex\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Alex\AppData\LocalLow\facemoods.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19088

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8r08t7sr.default\prefs.js

Gelöscht : user_pref("CT1351351.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT1351351.AllowNonPrivacy", false);
Gelöscht : user_pref("CT1351351.CTID", "CT1351351");
Gelöscht : user_pref("CT1351351.CTPBaseServerUrl", "hxxp://services.conduit.com/");
Gelöscht : user_pref("CT1351351.CommunityChanged", false);
Gelöscht : user_pref("CT1351351.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT1351351.EMailNotifierPollDate", "Sun Oct 19 2008 14:59:23 GMT+0200");
Gelöscht : user_pref("CT1351351.EnableUsage", false);
Gelöscht : user_pref("CT1351351.FeedLastCount128311388426518939", 110);
Gelöscht : user_pref("CT1351351.FeedPollDate128394382574669410", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128394382574669411", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128394382574669412", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128394382574669413", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128394382574669414", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128559429569307240", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gelöscht : user_pref("CT1351351.FirstTime", true);
Gelöscht : user_pref("CT1351351.FirstTimeFF3", true);
Gelöscht : user_pref("CT1351351.FixPageNotFoundErrors", false);
Gelöscht : user_pref("CT1351351.Initialize", true);
Gelöscht : user_pref("CT1351351.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT1351351.IsGrouping", false);
Gelöscht : user_pref("CT1351351.IsMulticommunity", false);
Gelöscht : user_pref("CT1351351.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT1351351.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT1351351.LanguagePackLastCheckTime", "Sun Oct 19 2008 14:59:25 GMT+0200");
Gelöscht : user_pref("CT1351351.LanguagePackReloadInterval", "24");
Gelöscht : user_pref("CT1351351.LastLogin", "Sun Oct 19 2008 14:59:21 GMT+0200");
Gelöscht : user_pref("CT1351351.Locale", "de-de");
Gelöscht : user_pref("CT1351351.LoginCache", "3");
Gelöscht : user_pref("CT1351351.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT1351351.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT1351351.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT1351351.MyGadgetsServerUrl", "hxxp://services.MyStuff.u-page.com/MyStuffService.asmx/Le[...]
Gelöscht : user_pref("CT1351351.MyGadgetsTrustedDomains", "u-page.com");
Gelöscht : user_pref("CT1351351.RadioIsPodcast", false);
Gelöscht : user_pref("CT1351351.RadioLastCheckTime", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gelöscht : user_pref("CT1351351.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT1351351.RadioLastUpdateServer", "128685707024670000");
Gelöscht : user_pref("CT1351351.RadioMediaID", "6297981");
Gelöscht : user_pref("CT1351351.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT1351351.RadioMenuSelectedID", "EBRadioMenu_CT13513516297981");
Gelöscht : user_pref("CT1351351.RadioStationName", "SWR3%20");
Gelöscht : user_pref("CT1351351.RadioStationURL", "hxxp://213.200.75.248/swr3$livestream.wma");
Gelöscht : user_pref("CT1351351.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT1351351.Server", "hxxp://users.conduit.com");
Gelöscht : user_pref("CT1351351.SettingsLastUpdate", "1224089902");
Gelöscht : user_pref("CT1351351.ThirdPartyComponentsInterval", "24");
Gelöscht : user_pref("CT1351351.ThirdPartyComponentsLastCheck", "Sun Oct 19 2008 14:59:21 GMT+0200");
Gelöscht : user_pref("CT1351351.ThirdPartyComponentsLastUpdate", "1224089902");
Gelöscht : user_pref("CT1351351.ToolbarAlignMode", "SYSTEM");
Gelöscht : user_pref("CT1351351.ToolbarName", "Softonic Deutsch");
Gelöscht : user_pref("CT1351351.UserID", "UN20081019145920998");
Gelöscht : user_pref("CT1351351.VusualLastUpdateTime", "1224089902");
Gelöscht : user_pref("CT1351351.WeatherNetwork", "");
Gelöscht : user_pref("CT1351351.WeatherPollDate", "Sun Oct 19 2008 14:59:22 GMT+0200");
Gelöscht : user_pref("CT1351351.WeatherUnit", "C");
Gelöscht : user_pref("CommunityToolbar.MyGadgetsIntervalMM", 1440);
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT1351351");
Gelöscht : user_pref("extensions.dealply.partner", "_facemoods");

Profilname : default
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\g9o8pgsa.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v21.0.1180.83

Datei : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.37] : icon_url = "hxxp://facemoods.com/favicon.ico",
Gelöscht [l.40] : keyword = "facemoods.com",
Gelöscht [l.43] : search_url = "hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4",

*************************

AdwCleaner[R1].txt - [7485 octets] - [31/08/2012 17:40:59]
AdwCleaner[S1].txt - [7813 octets] - [01/09/2012 10:09:37]

########## EOF - C:\AdwCleaner[S1].txt - [7873 octets] ##########


Emsisoft Anti-Malware - Version 6.6
Letztes Update: 02.09.2012 14:11:17

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 02.09.2012 14:11:57

c:\users\alex\appdata\roaming\microsoft\windows\start menu\programs\partypoker gefunden: Trace.File.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 1 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 5 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 6 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 7 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 9 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 2 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 4 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> id gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> initialport gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> apppath gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> sl gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> tabletype gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> installstate gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 10 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> adslastknownstate gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> freshinstall gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> oldcfformat gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayicon gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayname gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> autologintoothergames gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installdate gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installlocation gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installsource gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installsourcefile gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> publisher gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> silentsettings gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> uninstallstring gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> usecount gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayversion gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> cfdialogshown gefunden: Trace.Registry.partypoker!E1
C:\_OTL\MovedFiles\08292012_112535\C_Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\eded444-27e40a84 -> c.class gefunden: Java.Jade!E2
C:\Users\Alex\Downloads\Setup18_FreeConverter.exe gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1

Gescannt 650323
Gefunden 33

Scan Ende: 02.09.2012 17:51:47
Scan Zeit: 3:39:50

C:\Users\Alex\Downloads\Setup18_FreeConverter.exe Quarantäne Adware.Win32.Toolbar.Dealio.AMN!E1
C:\_OTL\MovedFiles\08292012_112535\C_Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\eded444-27e40a84 -> c.class Quarantäne Java.Jade!E2
Value: hkey_current_user\software\partygaming\partypoker --> 1 Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 5 Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 6 Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 7 Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 9 Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 2 Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 4 Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> id Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> initialport Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> apppath Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> sl Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> tabletype Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> installstate Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 10 Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> adslastknownstate Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> freshinstall Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> oldcfformat Quarantäne Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayicon Quarantäne Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayname Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> autologintoothergames Quarantäne Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installdate Quarantäne Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installlocation Quarantäne Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installsource Quarantäne Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installsourcefile Quarantäne Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> publisher Quarantäne Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> silentsettings Quarantäne Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> uninstallstring Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> usecount Quarantäne Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayversion Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> cfdialogshown Quarantäne Trace.Registry.partypoker!E1
c:\users\alex\appdata\roaming\microsoft\windows\start menu\programs\partypoker Quarantäne Trace.File.partypoker!E1

Quarantäne 33

t'john 02.09.2012 20:32
Sehr gut! :daumenhoc


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

xela 03.09.2012 10:38
Hier der Eset-Log :-)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=def45c2cd4eaa846828ebdddb8c4925e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-03 09:31:23
# local_time=2012-09-03 11:31:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 9680567 9680567 0 0
# compatibility_mode=5892 16776574 100 100 74442 184188365 0 0
# compatibility_mode=8192 67108863 100 0 142 142 0 0
# scanned=211403
# found=0
# cleaned=0
# scan_time=9045


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:29 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131