| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Incredibar eingefangen - Tab-WeiterleitungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.07.2012, 18:54
| #1 |
 |  Incredibar eingefangen - Tab-Weiterleitung Hallo, ich habe mir kürzlich (ich glaube von chip.de) den PdfCreator runtergeladen und hatte anschließend eine Incredibar-Toolbar im Firefox, die ich entfernt habe. Allerdings wird nach wie vor beim Öffnen eines neuen Tabs auf mystart.incredibar.com/mb139?a=6R8y5NSL8t&loc=FF_NT weitergeleitet. Also wohl das inzwischen bekannte Problem. In einem anderen Thread hab ich gelesen, man soll schauen, ob sich im Startmenü etwas geändert hat oder ob es leere Ordner gibt. In der Tat habe ich dort einen leeren "Autostart"-Ordner. Allerdings weiß ich nicht, ob das damit etwas zu tun hat oder vorher schon so war. Ansonsten ist mir nichts Ungewöhnliches aufgefallen. Nachdem ich mich hier etwas eingelesen habe, hab ich zunächst OTL laufen lassen: Code:
ATTFilter OTL logfile created on: 12.07.2012 00:06:07 - Run 1 OTL by OldTimer - Version 3.2.54.0 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 66,52% Memory free 7,99 Gb Paging File | 6,39 Gb Available in Paging File | 79,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282,07 Gb Total Space | 107,00 Gb Free Space | 37,93% Space Free | Partition Type: NTFS Drive D: | 16,01 Gb Total Space | 5,87 Gb Free Space | 36,65% Space Free | Partition Type: FAT32 Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alexander\Desktop\virenentfernung\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - C:\Users\Alexander\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll () MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (lxdu_device) -- C:\Windows\SysNative\lxducoms.exe ( ) SRV:64bit: - (lxduCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxduCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe () SRV - (lxdu_device) -- C:\Windows\SysWOW64\lxducoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (sscemdm) -- C:\Windows\SysNative\drivers\sscemdm.sys (MCCI Corporation) DRV:64bit: - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\SysNative\drivers\ssceserd.sys (MCCI Corporation) DRV:64bit: - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\SysNative\drivers\sscebus.sys (MCCI Corporation) DRV:64bit: - (sscemdfl) -- C:\Windows\SysNative\drivers\sscemdfl.sys (MCCI Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation ) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 4F 44 08 BE 8B CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{33662047-8C4F-4512-93EA-2BD719E2ECD8}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{8502C6AC-F5F5-42E1-9E34-6E046EB43809}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 19:15:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 22:27:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.20 17:22:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 19:15:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 22:27:55 | 000,000,000 | ---D | M] [2012.03.25 22:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions [2011.01.17 03:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde} [2012.07.11 23:20:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\jzt2hgym.default\extensions [2012.03.25 22:40:45 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\jzt2hgym.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2012.03.25 22:40:45 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\jzt2hgym.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2012.03.25 22:40:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\jzt2hgym.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.03.25 22:40:46 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\jzt2hgym.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} [2012.05.17 10:32:38 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\jzt2hgym.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.03.25 22:40:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\jzt2hgym.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.30 12:11:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\jzt2hgym.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.18 23:14:36 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\jzt2hgym.default\extensions\ich@maltegoetz.de [2012.06.13 22:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.13 22:27:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.06.16 19:15:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.07.12 13:58:04 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011.10.01 01:03:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.01 01:03:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.01 01:03:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.01 01:03:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.01 01:03:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.01 01:03:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.10 20:09:51 | 000,442,985 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 15226 more lines... O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll () O4:64bit: - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{474E2C33-B3DC-4E1D-9A85-5AEB88DF4205}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{474E2C33-B3DC-4E1D-9A85-5AEB88DF4205}: NameServer = 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAFC2787-4857-47CC-8D80-B1A0F7C2ADF8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.12 00:04:37 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\virenentfernung [2012.07.10 19:53:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.10 19:53:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.10 19:53:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.10 19:53:37 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.10 19:53:37 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.05 20:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.07.05 20:49:57 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\pdfforge [2012.07.05 20:49:56 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2012.07.05 20:49:56 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2012.07.05 20:49:56 | 000,095,232 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.07.05 20:49:54 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2012.07.05 20:49:54 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2012.07.05 20:49:54 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2012.07.05 20:49:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2012.07.05 20:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012.07.05 20:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2012.06.22 19:02:39 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.22 19:02:39 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.22 19:02:39 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.22 19:02:19 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.22 19:02:19 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.22 19:02:19 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.22 19:02:05 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.22 19:02:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.20 00:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.06.18 23:55:24 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Macromedia [2012.06.13 22:27:55 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.06.13 22:27:55 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.06.13 22:27:55 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.06.13 22:27:55 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.06.13 22:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.06.12 21:04:59 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.12 21:04:58 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.12 21:04:57 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.12 21:04:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.12 21:04:57 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.12 21:04:57 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.12 21:04:57 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.12 21:04:55 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.12 21:04:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.12 21:04:52 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.12 21:04:52 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.12 21:04:52 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.12 21:04:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.12 21:04:49 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.06.12 21:04:49 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.06.12 21:04:44 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.12 21:04:44 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.12 21:04:43 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.12 21:03:30 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.12 21:03:29 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.11 21:36:47 | 000,015,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 21:36:47 | 000,015,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 21:29:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.11 21:29:03 | 3217,199,104 | -HS- | M] () -- C:\hiberfil.sys [2012.07.10 20:09:51 | 000,442,985 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.07.10 20:03:10 | 000,360,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.05 20:49:47 | 000,000,454 | ---- | M] () -- C:\user.js [2012.07.04 10:17:49 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.04 10:17:49 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.30 14:44:42 | 000,442,859 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120710-200924.backup [2012.06.30 14:44:42 | 000,442,859 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120710-200951.backup [2012.06.30 01:14:24 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.30 01:14:24 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.30 01:14:24 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.30 01:14:24 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.30 01:14:24 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.15 06:51:42 | 000,095,232 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.06.13 22:27:48 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.06.13 22:27:48 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012.06.13 22:27:48 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.06.13 22:27:48 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.06.13 22:27:48 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.05 20:49:46 | 000,000,454 | ---- | C] () -- C:\user.js [2012.04.02 00:36:07 | 000,001,723 | ---- | C] () -- C:\Windows\carax95.ini [2012.03.31 14:37:00 | 000,000,355 | ---- | C] () -- C:\Users\Alexander\Computer - Verknüpfung.lnk [2012.03.25 22:04:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.02.27 21:57:07 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.02.11 17:26:33 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe [2011.01.04 17:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.01.04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.01.04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.01.04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== LOP Check ========== [2012.03.25 22:40:30 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Amazon [2012.04.07 20:27:10 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Ashampoo [2012.03.25 22:40:32 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ChessBase [2012.03.25 22:40:32 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\conkeror.mozdev.org [2012.03.25 22:40:33 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DVDVideoSoft [2012.03.25 22:40:33 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.25 22:40:33 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\FreeOrion [2012.03.25 22:40:33 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Lexmark Productivity Studio [2012.03.25 22:40:34 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\lingDIALOG [2012.03.25 22:40:47 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mp3DirectCut [2012.03.25 22:40:47 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\OfferBox [2012.07.05 20:49:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\pdfforge [2012.03.25 22:40:47 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Samsung [2012.03.25 22:40:48 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ShredderChess [2012.05.03 19:47:11 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Temp [2012.03.25 22:40:51 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Thunderbird [2012.05.06 20:08:24 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\YCanPDF [2012.06.24 00:39:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.07.2012 00:06:07 - Run 1
OTL by OldTimer - Version 3.2.54.0
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 66,52% Memory free
7,99 Gb Paging File | 6,39 Gb Available in Paging File | 79,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,07 Gb Total Space | 107,00 Gb Free Space | 37,93% Space Free | Partition Type: NTFS
Drive D: | 16,01 Gb Total Space | 5,87 Gb Free Space | 36,65% Space Free | Partition Type: FAT32
Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BE91E6E-CCB7-4F84-A8FB-782DE34E5CEB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43101F30-5110-4E0D-AB97-A258203289A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6C4550E5-1B29-4910-86AF-627F75A25A15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C6BE9CF-5E5C-4DB5-861B-81DFE7233E05}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C83248E-7F9D-45D7-A2EC-C6189D72B289}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A447CF77-5E88-4524-86AA-049612B8F1CB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC946CC6-6D86-4FE4-82A0-16915165649B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D702DC3A-462C-4C23-A09A-D7E14671CAFF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F821AC9A-F548-4394-952F-B99D1A6CFCB0}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8DEFD0-3C2C-4C57-BAF6-A67AB3A7BB14}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{195391F9-7486-44D4-82B6-62F51C5EEAAC}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{1AD0EC51-8EAC-4877-A5A3-69726EF33E30}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C8BE436-1B82-48C1-8496-FAB011D6675D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1D92CFA8-381F-4142-BF16-07EF1040B32A}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{2482BC94-F67E-4D0F-8854-53A672490277}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E621CD8-C91F-4E80-9B2E-2B88354893A7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4F049111-2611-437E-B472-2845FC74CBE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{53347218-4606-411F-AABF-B1DA23A207BD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdupswx.exe |
"{55845BF9-09D4-4E8B-96DC-7BA3C953392C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5981739C-6528-442D-9C0A-B0EBB3688539}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{627A39C2-D6C5-4B6B-9440-63BDAE6FC94B}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{6D59A8B6-B04A-4C46-9919-71C97D8E18EF}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{772C0DFC-6AB4-4C27-BB03-39ABC0B33531}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{78EACCD7-D199-4CA8-9DE6-75DE1E150F4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BC1E931-73D3-4564-972C-24535669CF9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8161AC72-DA72-4CFF-AE1C-9288B1930366}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85C3D1F7-B7B6-448D-9B62-12546A6F7E91}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{910AFFD4-F893-40BA-AEC1-648CAB18489D}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\frun.exe |
"{A43CF466-2724-495A-B669-32534B4CAD21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B427460C-B320-469A-95A0-A76E0B26ACC1}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{B47FF16A-C314-4138-88CC-D336B15A7621}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8C827F1-58E6-4763-8BCF-CBDB24567BA7}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{C107DE62-679A-42B2-B4CB-91BE927C57CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5641E76-5B28-4373-ACEB-13BD5E99006A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D631661D-F76B-4EF8-A38F-DAC259223417}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\frun.exe |
"{DDFD0A79-29E7-4DF8-8659-D37F6A6730ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DE82C350-DFF3-4F0F-8E9B-CA87E94D74EF}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxduamon.exe |
"{DF7E2AD5-C38B-4B3C-B2C7-EC12E8AD9EF2}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxduamon.exe |
"{EEA00CC0-BAC9-4D1A-8E0F-43D909D7ED87}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{FDAB8B1E-32E3-4FD4-9D3E-BAF11C9AA181}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdupswx.exe |
"{FEAAC5C6-AA3F-4F85-995A-F145CB92A624}" = protocol=6 | dir=out | app=system |
"{FEFA7CB8-5193-4DE0-8515-6B03191DE79B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{085F09D8-7A4E-470C-95C7-89E024A7D1CE}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{29E633DB-4F68-40FF-AEE1-F9059B2026F2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{7600BBED-753D-4A6C-9BCB-4C0FAFD00F44}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{AD17744D-FF2F-489D-A742-B67B5F56A0F1}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{4F38E915-1BF5-411F-8FA2-39681C062108}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{93463B06-F015-4775-850C-85ADD2531EA7}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{CE5021E6-6457-45B6-853D-88CB490831BC}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{DB60B05C-F738-4095-B881-BF1B795DF801}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21BF1592-7D07-4516-930C-2BF40CE9E59B}" = PDF-XChange Viewer
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Aquarium_is1" = Deep Rybka Aquarium 4
"CCleaner" = CCleaner
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{484AC2C0-721B-49FE-B580-0177BB5D3942}" = CB10 ServicePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F4182DA-3D58-41E3-913D-480F8DA5C863}" = Fritz 12
"{581784CD-8A67-403F-B75B-A72AFC41C071}" = ChessBase 10 Service Pack
"{5C784162-B9B2-4A32-AF18-3517D602AF33}" = ChessBase 11
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{C004CE24-FF62-4A54-ADB8-D0C32A1DFCD4}_is1" = Wondershare PDF Converter (Build 3.0.0)
"{CF652E2D-6128-49E9-833E-F131C4FC42CA}" = ChessBase 10
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{D5B11428-F4C4-4FC2-AF89-4D2163BD1D28}" = ChessBase 10
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6CCD38C-8298-4F7B-91C5-C8DED0B24E5A}" = Fritz 12
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"Ashampoo Photo Optimizer 3_is1" = Ashampoo Photo Optimizer 3 v.3.13
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.50
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Avira UnErase Personal" = Avira UnErase Personal
"Chess Openings Encyclopedia 2010_is1" = Chess Openings Encyclopedia 2010
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Grammatiktrainer 4.0 Spanisch" = Langenscheidt Grammatiktrainer 4.0 Spanisch
"InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDFZilla_is1" = PDFZilla V1.2.9
"Router Installationsprogramm und Monitor_is1" = Router Installationsprogramm und Monitor
"TextMaker Viewer" = TextMaker Viewer
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 2.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.05.2012 19:40:24 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.05.2012 04:31:15 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.05.2012 09:52:40 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.05.2012 14:57:57 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.05.2012 16:12:59 | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 18.05.2012 08:26:17 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.05.2012 16:29:40 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.05.2012 17:13:53 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.05.2012 03:48:36 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.05.2012 08:44:33 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.05.2012 10:37:34 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.05.2012 12:21:08 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.05.2012 14:01:29 | Computer Name = Alexander-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 20.05.2012 07:31:37 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.05.2012 09:05:50 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.05.2012 12:23:48 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 10.07.2012 13:45:41 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxduCATSCustConnectService erreicht.
Error - 10.07.2012 13:45:41 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 10.07.2012 14:03:04 | Computer Name = Alexander-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 10.07.2012 14:03:04 | Computer Name = Alexander-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 10.07.2012 14:03:28 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxduCATSCustConnectService erreicht.
Error - 10.07.2012 14:03:28 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 11.07.2012 15:29:07 | Computer Name = Alexander-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 11.07.2012 15:29:07 | Computer Name = Alexander-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 11.07.2012 15:29:18 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxduCATSCustConnectService erreicht.
Error - 11.07.2012 15:29:18 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.11.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Alexander :: ALEXANDER-PC [Administrator] 12.07.2012 00:18:18 mbam-log-2012-07-12 (00-18-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 209043 Laufzeit: 3 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9666d4f14f2e4a4a8a17e1ed152c009f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-11 10:54:21
# local_time=2012-07-12 12:54:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5533151 5533151 0 0
# compatibility_mode=5893 16776574 100 94 170 93675908 0 0
# compatibility_mode=8192 67108863 100 0 369 369 0 0
# scanned=56518
# found=0
# cleaned=0
# scan_time=1224
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9666d4f14f2e4a4a8a17e1ed152c009f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-12 02:52:27
# local_time=2012-07-12 04:52:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 5534444 5534444 0 0
# compatibility_mode=5893 16776574 100 94 1463 93677201 0 0
# compatibility_mode=8192 67108863 100 0 1662 1662 0 0
# scanned=478463
# found=0
# cleaned=0
# scan_time=57416
|
| Themen zu Incredibar eingefangen - Tab-Weiterleitung |
| 7-zip, antivir, application/pdf:, audacity, autorun, avira, bho, chip.de, converter, desktop, device driver, error, excel, fehler, firefox, flash player, heuristiks/extra, heuristiks/shuriken, home, install.exe, langs, logfile, microsoft office word, mozilla, object, plug-in, realtek, registry, richtlinie, rundll, safer networking, scan, searchscopes, security, software, svchost.exe, tracker, usb, windows |
Baum-Darstellung