Trojaner-Board - Neuer Tab bei Firefox ist immer isearch.babylon.com

Nur zur Info:
Persönliche Merkmale wie z. B. Vor- und Nachname habe ich mit "xxx" gekennzeichnet.

OTL.exe

OTL Logfile:
OTL EXTRAS Logfile:

Code:

OTL logfile created on: 21.06.2013 20:54:47 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,68% Memory free

3,85 Gb Paging File | 2,88 Gb Available in Paging File | 74,91% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 232,88 Gb Total Space | 180,34 Gb Free Space | 77,44% Space Free | Partition Type: NTFS

 

Computer Name: xxx | User Name: xxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.06.21 20:53:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe

PRC - [2013.05.22 21:10:24 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2013.05.20 22:28:52 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Programme\AVG Secure Search\vprot.exe

PRC - [2013.05.20 22:28:52 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013.03.18 17:47:58 | 000,448,736 | ---- | M] (Sony) -- C:\Programme\Sony\Sony PC Companion\PCCompanion.exe

PRC - [2013.02.04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe

PRC - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

PRC - [2012.12.10 04:09:49 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Programme\BillP Studios\WinPatrol\WinPatrol.exe

PRC - [2012.11.29 19:33:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.11.25 02:45:24 | 011,417,504 | ---- | M] (NTeWORKS) -- C:\Programme\PicPick\picpick.exe

PRC - [2012.09.24 14:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe

PRC - [2012.09.24 14:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe

PRC - [2012.09.24 14:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe

PRC - [2012.09.23 21:43:34 | 000,926,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2012.05.02 02:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.02 01:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.04.24 03:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004.02.26 10:53:30 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.05.22 21:10:23 | 003,128,728 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2013.02.04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe

MOD - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

MOD - [2013.01.16 18:26:01 | 002,212,304 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll

MOD - [2012.12.10 03:46:38 | 000,600,868 | ---- | M] () -- C:\Programme\BillP Studios\WinPatrol\sqlite3.dll

MOD - [2012.11.07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\MExplorer.dll

MOD - [2012.04.30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll

MOD - [2012.04.17 00:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2008.04.14 08:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2013.06.13 17:23:48 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.05.22 21:10:23 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.05.20 22:28:52 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)

SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)

SRV - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)

SRV - [2012.10.08 17:04:18 | 000,166,912 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2012.09.24 14:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2012.09.24 14:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2012.05.02 02:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.02 01:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2013.05.20 22:28:52 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)

DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013.01.06 07:47:48 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2012.10.08 17:04:18 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)

DRV - [2012.04.27 11:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.04.25 01:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.04.16 22:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2009.06.10 09:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)

DRV - [2004.08.19 08:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2004.03.19 14:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)

DRV - [2004.02.24 05:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003.10.31 05:22:38 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viasraid.sys -- (viasraid)

DRV - [2003.07.02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-790525478-1770027372-725345543-1004\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-790525478-1770027372-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-790525478-1770027372-725345543-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={F9DE7F08-14E5-4899-AC36-DAB8427269AA}&mid=a42c5fc4430347d0b19fd1589ebc2bd8-be5869dbc47fca1eb4304c496d8132266d86ff63&lang=en&ds=bm013&pr=sa&d=2012-12-23 13:59:17&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-790525478-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0

FF - prefs.js..extensions.enabledAddons: %7B8A9386B4-E958-4c4c-ADF4-8F26DB3E4829%7D:2.6.10

FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515

FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\15.2.0.5 [2013.05.20 22:29:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2012.11.28 18:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions

[2013.05.27 17:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions

[2013.02.20 10:27:52 | 000,000,000 | ---D | M] (PriceGong) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

[2013.05.22 18:33:46 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2013.02.15 18:27:35 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions\ffxtlbr@babylon.com

[2013.05.27 17:41:39 | 000,534,261 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2013.05.11 15:22:22 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.05.23 03:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Extensions

[2013.05.22 21:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions

[2013.05.22 21:10:25 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013.05.20 22:29:26 | 000,003,716 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)

O3 - HKU\S-1-5-21-790525478-1770027372-725345543-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe (AVG Secure Search)

O4 - HKLM..\Run: [WinPatrol] C:\Programme\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKU\S-1-5-21-790525478-1770027372-725345543-1004..\Run: [Sony PC Companion] C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony)

O4 - HKU\S-1-5-21-790525478-1770027372-725345543-1004..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-790525478-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355768282781 (MUWebControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5915A70-A6C5-41C1-98A6-9FFC5BE54F62}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)

O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012.11.27 23:37:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{6f719412-4cfd-11e2-9225-0011d858c22b}\Shell - "" = AutoRun

O33 - MountPoints2\{6f719412-4cfd-11e2-9225-0011d858c22b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{6f719412-4cfd-11e2-9225-0011d858c22b}\Shell\AutoRun\command - "" = J:\Startme.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.06.21 20:53:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe

[2013.06.16 21:22:19 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll

[2013.06.16 21:21:14 | 000,000,000 | ---D | C] -- C:\Programme\HTC

[2013.06.16 21:21:06 | 001,122,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll

[2013.06.16 21:21:06 | 000,024,576 | ---- | C] (HTC, Corporation) -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys

[2013.06.16 21:20:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HTC

[2013.06.16 21:20:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll

[2013.06.16 21:20:01 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll

[2013.06.16 21:20:00 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys

[2013.06.04 20:33:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mp3jam

[2013.06.04 20:32:51 | 000,000,000 | ---D | C] -- C:\Programme\MP3jam

[2013.06.04 20:18:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mp3tag

[2013.06.04 20:17:02 | 000,000,000 | ---D | C] -- C:\Programme\Mp3tag

[2013.05.27 18:52:19 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Freemake_do_not_remove_this_folder635052775395000000

[2013.05.26 14:25:36 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Freemake_do_not_remove_this_folder635051751364699111

[2013.05.26 12:06:08 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Freemake_do_not_remove_this_folder635051667683761611

[2013.05.24 23:00:12 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Freemake_do_not_remove_this_folder635050332126875000

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.06.21 20:53:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe

[2013.06.21 20:23:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013.06.21 16:14:26 | 000,000,612 | ---- | M] () -- C:\WINDOWS\wiso.ini

[2013.06.21 15:53:47 | 000,491,806 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2013.06.21 15:53:47 | 000,472,364 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013.06.21 15:53:47 | 000,090,450 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2013.06.21 15:53:47 | 000,075,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013.06.21 15:49:09 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013.06.21 15:49:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013.06.16 21:22:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

[2013.06.16 21:22:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2013.06.13 19:04:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013.06.13 17:26:01 | 001,035,666 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Unterlagen RA Strato, Bielefeld.pdf

[2013.06.13 17:23:46 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013.06.13 17:23:46 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013.06.04 20:32:53 | 000,000,626 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MP3jam.lnk

[2013.06.04 20:17:04 | 000,000,626 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mp3tag.lnk

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.06.16 21:22:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

[2013.06.16 21:22:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2013.06.13 17:25:58 | 001,035,666 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Unterlagen RA Strato, Bielefeld.pdf

[2013.06.04 20:32:53 | 000,000,626 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MP3jam.lnk

[2013.06.04 20:17:04 | 000,000,626 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mp3tag.lnk

[2013.01.15 18:50:05 | 000,000,612 | ---- | C] () -- C:\WINDOWS\wiso.ini

[2012.12.11 21:48:23 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.12.02 22:47:25 | 000,758,285 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-790525478-1770027372-725345543-1004-0.dat

[2012.12.02 22:47:24 | 000,104,946 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat

[2012.11.29 19:08:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.11.28 20:08:59 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2012.11.28 18:53:27 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2012.11.28 18:53:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2012.11.28 18:53:14 | 000,000,452 | ---- | C] () -- C:\WINDOWS\alsndmgr.ini

[2012.11.28 18:42:24 | 000,005,188 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2012.11.28 18:42:21 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2012.11.27 23:39:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012.11.27 23:33:52 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2012.11.27 23:25:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2012.11.27 23:21:56 | 000,114,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

 
 ========== ZeroAccess Check ==========

 

[2013.01.15 18:29:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 22:28:07 | 001,510,400 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both
 

< End of report >

--- --- ---

--- --- ---

Extras.txt

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 21.06.2013 20:54:47 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,68% Memory free

3,85 Gb Paging File | 2,88 Gb Available in Paging File | 74,91% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 232,88 Gb Total Space | 180,34 Gb Free Space | 77,44% Space Free | Partition Type: NTFS

 

Computer Name: xxx | User Name: xxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_USERS\S-1-5-21-790525478-1770027372-725345543-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Programme\MyPhoneExplorer\MyPhoneExplorer.exe" = C:\Programme\MyPhoneExplorer\MyPhoneExplorer.exe:*:Enabled:MyPhoneExplorer -- (F.J. Wechselberger)

"C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver

"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8

"{556F81B4-EDCD-4009-8A07-95BFE1E19F28}" = roomeon 3D-Planer

"{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}" = IPTInstaller

"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0

"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol

"{A6A06A95-F7A5-444A-9747-77AD2DC08199}" = TL-PA201 Powerline Utility

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer 2013

"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"7-Zip" = 7-Zip 9.22beta

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15

"AsusUpdate" = AsusUpdate

"AVG Secure Search" = AVG Security Toolbar

"Avira AntiVir Desktop" = Avira Free Antivirus

"BabylonToolbar" = Babylon toolbar 

"DAEMON Tools Lite" = DAEMON Tools Lite

"Defraggler" = Defraggler

"DVD Shrink_is1" = DVD Shrink 3.2

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2

"GIMP-2_is1" = GIMP 2.8.4

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP3jam_is1" = MP3jam 1.1.0.2

"Mp3tag" = Mp3tag v2.55a

"MPE" = MyPhoneExplorer

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Orbit_is1" = Orbit Downloader

"PicPick" = PicPick

"Secunia PSI" = Secunia PSI (3.0.0.4001)

"Update Engine" = Sony Ericsson Update Engine

"VLC media player" = VLC media player 2.0.2

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinPcapInst" = WinPcap 4.1.1

"WinRAR archiver" = WinRAR 4.20 (32-Bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 15.01.2013 14:18:08 | Computer Name = xxx | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

 - Tried to start a service that wasn't the latest version of CLR Optimization service.

 Will shutdown 

 

Error - 18.01.2013 16:32:02 | Computer Name = xxx | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

 - Tried to start a service that wasn't the latest version of CLR Optimization service.

 Will shutdown 

 

Error - 14.02.2013 06:54:51 | Computer Name = xxx | Source = Microsoft Office 10 | ID = 1000

Description = Faulting application winword.exe, version 10.0.6866.0, faulting module

 unknown, version 0.0.0.0, fault address 0x00000000.

 

Error - 24.02.2013 17:25:48 | Computer Name = xxx | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung mbamgui.exe, Version 1.70.0.0, fehlgeschlagenes

 Modul mbamnet.dll, Version 1.70.0.0, Fehleradresse 0x0000b836.

 

Error - 03.03.2013 16:40:44 | Computer Name = xxx | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung winpatrol.exe, Version 26.0.2013.0, fehlgeschlagenes

 Modul winpatrol.exe, Version 26.0.2013.0, Fehleradresse 0x00010a83.

 

Error - 05.03.2013 15:42:58 | Computer Name = xxx | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung Grab.exe, Version 2.6.0.10, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 20.03.2013 13:34:22 | Computer Name = xxx | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung avnotify.exe, Version 12.3.0.34, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 18.05.2013 13:37:54 | Computer Name = xxx | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

 - Tried to start a service that wasn't the latest version of CLR Optimization service.

 Will shutdown 

 

Error - 04.06.2013 14:34:06 | Computer Name = xxx | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 04.06.2013 14:34:06 | Computer Name = xxx | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

[ System Events ]

Error - 04.04.2013 23:44:27 | Computer Name = xxx | Source = WPDMTPDriver | ID = 80836

Description = MTP WPD Driver has failed to start. Error 0x8007001f.

 

Error - 24.04.2013 13:37:20 | Computer Name = xxx | Source = Print | ID = 6161

Description = Das Dokument Microsoft Word - Danksagungskarten.doc, im Besitz von

 xxx, konnte nicht auf dem Drucker Canon iP3600 series gedruckt werden. Datentyp:

 NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 76960. Anzahl der gedruckten

 Bytes: 26080. Gesamtanzahl der Seiten des Dokuments: 4. Anzahl der gedruckten Seiten:

 0. Clientcomputer: \\xxx. Vom Druckprozessor zurückgelieferter Win32-Fehlercode:

 13 (0xd). 

 

 

< End of report >

--- --- ---

AdwCleaner Logfile:

Code:

# AdwCleaner v2.303 - Datei am 22/06/2013 um 00:08:32 erstellt

# Aktualisiert am 08/06/2013 von Xplode

# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)

# Benutzer : xxx - xxx

# Bootmodus : Normal

# Ausgeführt unter : C:\Dokumente und Einstellungen\xxx\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\bprotector_extensions.sqlite

Datei Gelöscht : C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml

Gelöscht mit Neustart : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect

Gelöscht mit Neustart : C:\Programme\Gemeinsame Dateien\AVG Secure Search

Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search

Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon

Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate

Ordner Gelöscht : C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\AVG Secure Search

Ordner Gelöscht : C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Babylon

Ordner Gelöscht : C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

Ordner Gelöscht : C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions\ffxtlbr@babylon.com

Ordner Gelöscht : C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\pdfforge

Ordner Gelöscht : C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\PriceGong

Ordner Gelöscht : C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AVG Secure Search

Ordner Gelöscht : C:\Programme\AVG Secure Search
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\59edf88e634e414

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search

Schlüssel Gelöscht : HKCU\Software\DataMngr

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Schlüssel Gelöscht : HKCU\Software\PriceGong

Schlüssel Gelöscht : HKLM\SOFTWARE\59edf88e634e414

Schlüssel Gelöscht : HKLM\Software\AVG Secure Search

Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar

Schlüssel Gelöscht : HKLM\Software\Babylon

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Schlüssel Gelöscht : HKLM\Software\DataMngr

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v8.0.6001.18702
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v21.0 (de)
 

Datei : C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\prefs.js
 

C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\user.js ... Gelöscht !
 

Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);

Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);

Gelöscht : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);

Gelöscht : user_pref("extensions.BabylonToolbar.id", "281ab88e0000000000000011d858c22b");

Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15751");

Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Gelöscht : user_pref("extensions.BabylonToolbar.newTab", false);

Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");

Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");

Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");

Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1017:27:36");

Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");

Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");

Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=120349");

Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
 

*************************
 

AdwCleaner[S1].txt - [9240 octets] - [22/06/2013 00:08:32]
 

########## EOF - C:\AdwCleaner[S1].txt - [9300 octets] ##########

--- --- ---

OTL Logfile:

Code:

OTL logfile created on: 22.06.2013 00:17:07 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 58,77% Memory free

3,85 Gb Paging File | 3,09 Gb Available in Paging File | 80,36% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 232,88 Gb Total Space | 180,35 Gb Free Space | 77,44% Space Free | Partition Type: NTFS

 

Computer Name: xxx | User Name: xxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.06.21 20:53:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe

PRC - [2013.05.22 21:10:24 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2013.05.20 22:28:52 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013.03.18 17:47:58 | 000,448,736 | ---- | M] (Sony) -- C:\Programme\Sony\Sony PC Companion\PCCompanion.exe

PRC - [2013.02.04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe

PRC - [2012.12.10 04:09:49 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Programme\BillP Studios\WinPatrol\WinPatrol.exe

PRC - [2012.11.29 19:33:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.09.24 14:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe

PRC - [2012.09.24 14:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe

PRC - [2012.09.24 14:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe

PRC - [2012.09.23 21:43:34 | 000,926,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2012.05.02 02:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.02 01:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.04.24 03:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004.02.26 10:53:30 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.05.22 21:10:23 | 003,128,728 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2013.02.04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe

MOD - [2012.12.10 03:46:38 | 000,600,868 | ---- | M] () -- C:\Programme\BillP Studios\WinPatrol\sqlite3.dll

MOD - [2012.11.07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\MExplorer.dll

MOD - [2012.04.30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll

MOD - [2012.04.17 00:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2008.04.14 08:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2013.06.13 17:23:48 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.05.22 21:10:23 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.05.20 22:28:52 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)

SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)

SRV - [2012.10.08 17:04:18 | 000,166,912 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2012.09.24 14:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2012.09.24 14:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2012.05.02 02:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.02 01:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2013.05.20 22:28:52 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)

DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013.01.06 07:47:48 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2012.10.08 17:04:18 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)

DRV - [2012.04.27 11:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.04.25 01:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.04.16 22:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2009.06.10 09:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)

DRV - [2004.08.19 08:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2004.03.19 14:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)

DRV - [2004.02.24 05:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003.10.31 05:22:38 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viasraid.sys -- (viasraid)

DRV - [2003.07.02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-790525478-1770027372-725345543-1004\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-790525478-1770027372-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-790525478-1770027372-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-790525478-1770027372-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515

FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2012.11.28 18:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions

[2013.06.22 00:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions

[2013.05.22 18:33:46 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2013.06.22 00:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions\staged

[2013.05.27 17:41:39 | 000,534,261 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2013.05.11 15:22:22 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.06.22 00:17:44 | 000,534,298 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3dpjdfdu.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2013.05.23 03:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Extensions

[2013.05.22 21:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions

[2013.05.22 21:10:25 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [WinPatrol] C:\Programme\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKU\S-1-5-21-790525478-1770027372-725345543-1004..\Run: [Sony PC Companion] C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony)

O4 - HKU\S-1-5-21-790525478-1770027372-725345543-1004..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-790525478-1770027372-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355768282781 (MUWebControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5915A70-A6C5-41C1-98A6-9FFC5BE54F62}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012.11.27 23:37:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{6f719412-4cfd-11e2-9225-0011d858c22b}\Shell - "" = AutoRun

O33 - MountPoints2\{6f719412-4cfd-11e2-9225-0011d858c22b}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{6f719412-4cfd-11e2-9225-0011d858c22b}\Shell\AutoRun\command - "" = J:\Startme.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.06.21 20:53:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe

[2013.06.16 21:21:14 | 000,000,000 | ---D | C] -- C:\Programme\HTC

[2013.06.16 21:21:06 | 000,024,576 | ---- | C] (HTC, Corporation) -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys

[2013.06.16 21:20:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HTC

[2013.06.04 20:33:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mp3jam

[2013.06.04 20:32:51 | 000,000,000 | ---D | C] -- C:\Programme\MP3jam

[2013.06.04 20:18:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mp3tag

[2013.06.04 20:17:02 | 000,000,000 | ---D | C] -- C:\Programme\Mp3tag

[2013.05.27 18:52:19 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Freemake_do_not_remove_this_folder635052775395000000

[2013.05.26 14:25:36 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Freemake_do_not_remove_this_folder635051751364699111

[2013.05.26 12:06:08 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Freemake_do_not_remove_this_folder635051667683761611

[2013.05.24 23:00:12 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Freemake_do_not_remove_this_folder635050332126875000

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.06.22 00:15:32 | 000,472,364 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013.06.22 00:15:31 | 000,491,806 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2013.06.22 00:15:31 | 000,090,450 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2013.06.22 00:15:31 | 000,075,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013.06.22 00:11:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013.06.22 00:07:19 | 000,648,201 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\adwcleaner.exe

[2013.06.21 23:23:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013.06.21 20:53:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe

[2013.06.21 16:14:26 | 000,000,612 | ---- | M] () -- C:\WINDOWS\wiso.ini

[2013.06.21 15:49:09 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013.06.16 21:22:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

[2013.06.16 21:22:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2013.06.13 19:04:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013.06.13 17:26:01 | 001,035,666 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Unterlagen RA Strato, Bielefeld.pdf

[2013.06.04 20:32:53 | 000,000,626 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MP3jam.lnk

[2013.06.04 20:17:04 | 000,000,626 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mp3tag.lnk

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.06.22 00:07:18 | 000,648,201 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\adwcleaner.exe

[2013.06.16 21:22:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

[2013.06.16 21:22:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2013.06.13 17:25:58 | 001,035,666 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Unterlagen RA Strato, Bielefeld.pdf

[2013.06.04 20:32:53 | 000,000,626 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MP3jam.lnk

[2013.06.04 20:17:04 | 000,000,626 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mp3tag.lnk

[2013.01.15 18:50:05 | 000,000,612 | ---- | C] () -- C:\WINDOWS\wiso.ini

[2012.12.11 21:48:23 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.12.02 22:47:25 | 000,758,285 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-790525478-1770027372-725345543-1004-0.dat

[2012.12.02 22:47:24 | 000,104,946 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat

[2012.11.29 19:08:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012.11.28 20:08:59 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2012.11.28 18:53:27 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2012.11.28 18:53:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2012.11.28 18:53:14 | 000,000,452 | ---- | C] () -- C:\WINDOWS\alsndmgr.ini

[2012.11.28 18:42:24 | 000,005,188 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2012.11.28 18:42:21 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2012.11.27 23:39:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012.11.27 23:33:52 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2012.11.27 23:25:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2012.11.27 23:21:56 | 000,114,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

 
 ========== ZeroAccess Check ==========

 

[2013.01.15 18:29:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 22:28:07 | 001,510,400 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.12.02 18:10:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo

[2013.01.19 13:38:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH

[2012.11.28 20:13:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ

[2012.12.23 14:58:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2013.01.06 07:48:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2012.12.02 19:37:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake

[2013.06.16 21:20:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HTC

[2013.01.21 23:26:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Architect

[2012.12.26 01:32:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony

[2012.11.28 20:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Ad-Aware Antivirus

[2012.12.02 18:10:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Ashampoo

[2013.01.15 18:47:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Buhl Data Service

[2013.01.06 07:48:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DAEMON Tools Lite

[2013.06.04 20:33:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mp3jam

[2013.06.04 20:21:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mp3tag

[2013.02.15 18:57:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\MyPhoneExplorer

[2013.05.28 01:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Orbit

[2013.01.21 23:20:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\PDF Architect

[2012.11.28 21:55:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ProgSense

[2012.12.26 01:41:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Sony

[2012.12.17 20:21:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\WinPatrol

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---