Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Mystart incredibar in jedem neuen Tab

Mystart incredibar in jedem neuen Tab


Plagegeister aller Art und deren Bekämpfung: Mystart incredibar in jedem neuen Tab

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.09.2012, 13:37   #1
Evusam
 
Mystart incredibar in jedem neuen Tab - Standard

Mystart incredibar in jedem neuen Tab


Hallo!
Seit gestern versuchen wir bereits erfolglos, Mystart incredibar aus unserem Firefox zu entfernen. Wir sind bereits alle Anweisungen aus diesem Thread http://www.trojaner-board.de/122337-...entfernen.html durchgegangen - erfolglos, das Ding ist immer noch drauf, erscheint in jedem neuen geöffneten Tab (außer im Ursprungstab). Nachdem wir nun angefangen haben, diesen Thread http://www.trojaner-board.de/121452-...neuen-tab.html hier durchzulesen fiel uns auf, dass wir ein eigens erstelltes Script für die Fix-Anwendung von OTL brauchen. Deswegen dieser Thread. Incredibar treibt uns in den Wahnsinn wir schaffen es alleine nicht ... Hilfe, bitte!
Vielen Dank schonmal im Voraus!

Alt 22.09.2012, 13:39   #2
markusg
/// Malware-holic
 
Mystart incredibar in jedem neuen Tab - Standard

Mystart incredibar in jedem neuen Tab


hi
und wie sollen wir ein fix ohne logs erstellen?
ws heißt "aus diesem thread" was habt ihr gemacht, und wo sind evtl. vorhandene logs mit funden :-)
__________________

__________________
Alt 22.09.2012, 13:44   #3
Evusam
 
Mystart incredibar in jedem neuen Tab - Standard

Mystart incredibar in jedem neuen Tab


Hui, warst du schnell, ich war ja noch am editieren...

Hier das OTL Log:
Code:
ATTFilter
OTL logfile created on: 22.09.2012 14:19:03 - Run 1
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895,23 Mb Total Physical Memory | 202,59 Mb Available Physical Memory | 22,63% Memory free
2,12 Gb Paging File | 1,38 Gb Available in Paging File | 64,96% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 109,50 Gb Free Space | 73,47% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-KK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\AJOBW0K6.5LP\3VQBC02T.5DZ\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Cognizance Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\AJOBW0K6.5LP\3VQBC02T.5DZ\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34886__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2589.35106__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34839__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34900__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2589.35144__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.35129__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.35080__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34876__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34898__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34860__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.35011__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.35177__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.35183__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2589.34892__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34854__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2589.34891__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.35093__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2589.35075__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.35098__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.35090__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2589.35080__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.35024__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34915__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34863__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.35114__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34907__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.35045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.35020__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.35044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.35137__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2589.35085__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.35014__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.35069__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34923__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.35012__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.35019__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34921__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.35066__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34870__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.35160__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.35158__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.35208__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34848__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34837__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34838__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2589.34836__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.35160__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Programme\Gemeinsame Dateien\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Gemeinsame Dateien\LightScribe\QtCore4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (stllssvr) -- c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (Skype C2C Service) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (ASBroker) -- C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (MZCCntrl) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ASChannel) -- C:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva398) -- C:\WINDOWS\system32\XDva398.sys File not found
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (mbr) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mbr.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found
DRV - (dump_wmimmc) -- C:\AeriaGames\Wolfteam-DE\GameGuard\dump_wmimmc.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (avmaudio) -- C:\WINDOWS\system32\drivers\avmaudio.sys (AVM Berlin)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avmaura) -- C:\WINDOWS\system32\drivers\avmaura.sys (AVM Berlin)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (ATSWPDRV) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (MACNDIS5) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4000339846-1403637847-164469848-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4000339846-1403637847-164469848-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4000339846-1403637847-164469848-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-4000339846-1403637847-164469848-500\..\SearchScopes\{AAF3474C-5038-42BD-9066-3FD113CCB2A6}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-4000339846-1403637847-164469848-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4000339846-1403637847-164469848-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2
FF - prefs.js..extensions.enabledAddons: {68bb078e-8477-41df-b016-118f0482ab60}:2.81
FF - prefs.js..extensions.enabledAddons: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb174/?loc=IB_DS&a=6PQKdiowuR&&i=26&search="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\62a54z8d.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.08 11:17:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.22 13:16:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.05.08 14:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.05.08 14:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.05.08 14:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.21 16:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\62a54z8d.default\extensions
[2010.05.12 12:21:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\62a54z8d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.08.19 16:09:55 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\62a54z8d.default\extensions\battlefieldplay4free@ea.com
[2012.09.20 13:32:05 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\62a54z8d.default\extensions\ffxtlbr@incredibar.com
[2012.08.29 15:46:20 | 000,025,032 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\62a54z8d.default\extensions\{68bb078e-8477-41df-b016-118f0482ab60}.xpi
[2012.08.29 15:43:42 | 000,080,872 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\62a54z8d.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2012.09.21 16:59:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\62a54z8d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.20 13:31:39 | 000,002,203 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\62a54z8d.default\searchplugins\MyStart Search.xml
[2012.05.29 15:59:13 | 000,009,936 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\62a54z8d.default\searchplugins\mywebsearch.xml
[2012.06.24 21:59:38 | 000,000,641 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\62a54z8d.default\searchplugins\search-web.xml
[2012.09.08 11:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.22 13:09:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.08 11:17:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.09.04 13:33:23 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.04 13:33:23 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.09.04 13:33:23 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.04 13:33:23 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.04 13:33:23 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.04 13:33:23 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=113865&tt=010712_3&babsrc=HP_ss&mntrId=5e09dc04000000000000001a73eca63e
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.babylon.com/?affID=113865&tt=010712_3&babsrc=HP_ss&mntrId=5e09dc04000000000000001a73eca63e
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm\2.3.15.10_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dnpmlnedpdikbgdghljdepnljfpkhccn\1.0.0_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb\1.0.7_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
 
O1 HOSTS File: ([2012.09.22 13:55:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CognizanceTS] C:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKU\S-1-5-21-4000339846-1403637847-164469848-500..\Run: [AVMUSBFernanschluss] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\AJOBW0K6.5LP\3VQBC02T.5DZ\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-4000339846-1403637847-164469848-500..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-4000339846-1403637847-164469848-500..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4000339846-1403637847-164469848-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4000339846-1403637847-164469848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4000339846-1403637847-164469848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4000339846-1403637847-164469848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-4000339846-1403637847-164469848-500\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4000339846-1403637847-164469848-500\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4000339846-1403637847-164469848-500\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4000339846-1403637847-164469848-500\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344537411437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F739643F-21C9-467B-844C-E32F90311AAC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OneCard: DllName - (C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll) - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.22 14:17:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.09.22 13:41:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.09.22 13:39:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.09.22 13:39:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.09.22 13:39:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.09.22 13:39:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.09.22 13:39:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.22 13:38:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.09.22 13:27:24 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2012.09.22 13:14:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.09.22 12:53:45 | 000,894,952 | ---- | C] (Oracle Corporation) -- C:\Dokumente und Einstellungen\Administrator\Desktop\jxpiinstall.exe
[2012.09.21 14:02:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Anti-Malware
[2012.09.20 13:36:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BANDISOFT
[2012.09.12 18:14:55 | 000,000,000 | ---D | C] -- C:\3729fa255816a48317544a38a4b177fd
[2012.09.08 11:17:08 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2012.09.08 08:56:35 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.09.08 08:56:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.09.08 08:56:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.09.08 08:56:25 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.22 14:11:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.22 13:57:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.22 13:55:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.09.22 13:55:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.22 13:55:18 | 938,790,912 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.22 13:41:28 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012.09.22 13:27:24 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2012.09.22 12:53:45 | 000,894,952 | ---- | M] (Oracle Corporation) -- C:\Dokumente und Einstellungen\Administrator\Desktop\jxpiinstall.exe
[2012.09.21 14:11:57 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.09.21 14:11:55 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.09.12 18:16:45 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.09.08 08:55:58 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012.09.08 08:55:55 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012.09.08 08:55:55 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012.09.08 08:55:55 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.09.08 08:55:55 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.09.08 08:55:55 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.09.08 08:55:55 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.22 13:41:28 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012.09.22 13:41:24 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.09.22 13:39:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.09.22 13:39:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.09.22 13:39:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.09.22 13:39:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.09.22 13:39:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.07.20 11:51:36 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys
[2012.07.19 12:39:28 | 000,163,136 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.02.16 14:03:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2007.08.01 23:05:33 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2012.02.07 17:39:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\SGJ7GM29\www8.agame.com\games\flash\l
[2011.06.21 12:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\SGJ7GM29\www8.agame.com\games\flash\u
[2012.03.25 19:12:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\SGJ7GM29\www8.agame.com\mirror\flash\l
[2012.07.16 22:00:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\SGJ7GM29\www8.agame.com\mirror\flash\n
[2011.11.11 15:15:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\SGJ7GM29\www8.agame.com\mirror\flash\u
[2004.08.07 07:59:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

< End of report >
Und die Extras:
Code:
ATTFilter
OTL Extras logfile created on: 22.09.2012 14:19:03 - Run 1
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895,23 Mb Total Physical Memory | 202,59 Mb Available Physical Memory | 22,63% Memory free
2,12 Gb Paging File | 1,38 Gb Available in Paging File | 64,96% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 109,50 Gb Free Space | 73,47% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-KK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-4000339846-1403637847-164469848-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\AJOBW0K6.5LP\3VQBC02T.5DZ\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\AJOBW0K6.5LP\3VQBC02T.5DZ\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\AJOBW0K6.5LP\3VQBC02T.5DZ\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Apps\2.0\AJOBW0K6.5LP\3VQBC02T.5DZ\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin)
"C:\Programme\Java\jre7\bin\javaw.exe" = C:\Programme\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02892741-0201-BCB5-C2EC-1ACC90606E0A}" = Catalyst Control Center Localization Dutch
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07DEF940-7355-50C9-298F-38E8CE0EBDCA}" = Catalyst Control Center Graphics Light
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08AE3CD6-E065-37AA-D2B3-07051D45286F}" = CCC Help Russian
"{09258F12-48E7-B18E-C414-1F48C215685F}" = ccc-core-static
"{0B7BBC67-FFB4-3743-E3F8-03D1AF729B70}" = Catalyst Control Center Graphics Full New
"{1293BBC6-2E1F-995B-4229-1ADA86E747D2}" = Catalyst Control Center Localization French
"{1EDE8D45-7214-D099-53E7-749C1997329E}" = Catalyst Control Center Localization Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{272A7F68-5DB1-0929-8FBF-B458D450FE14}" = Catalyst Control Center Localization Japanese
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FBAC41E-9400-9975-78F4-B4EFBE1FD8E2}" = Catalyst Control Center Localization German
"{3110F6EA-EE42-C9C0-A177-860D75EDE636}" = Catalyst Control Center Localization Korean
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 F2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3F92730A-794E-01FC-4EBC-766F4DCE5D67}" = CCC Help English
"{435D2D09-D775-FDA4-2610-EE044A8270E8}" = CCC Help Italian
"{47471E78-EFA2-D9A2-7D01-5B0D3931D140}" = CCC Help Hungarian
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DBB9521-29F6-CE3D-FFE1-ADA665A0FB38}" = Catalyst Control Center Localization Chinese Traditional
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{53388D9F-0B31-B16D-2591-431837C84F8B}" = Catalyst Control Center Localization Finnish
"{541BFB68-41E7-1FB7-9718-27C46ED7B754}" = Catalyst Control Center Localization Portuguese
"{572B04AD-8812-ABDD-E78D-761D413F8D53}" = Catalyst Control Center Localization Norwegian
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6A1E7380-BE8C-A1F8-B94F-1D79A4C28985}" = CCC Help Japanese
"{6BE58A52-CB03-E69E-FE6A-5E500C2A6D05}" = CCC Help Chinese Traditional
"{6CE339FE-4FCB-CBCC-704C-092A044FA724}" = CCC Help Chinese Standard
"{70465DF9-5077-73E9-81F8-B7955DF74130}" = CCC Help Czech
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{73B591D7-32EF-9C1A-E2A9-D119390CBEF3}" = CCC Help German
"{7669846A-8FE4-55CC-D2FD-7D8FB015450E}" = CCC Help Swedish
"{778AA054-858E-3997-AA10-F9B378AB1DEF}" = Catalyst Control Center Localization Russian
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}" = HP User Guide Bluetooth Addendum 0062
"{81242661-5588-E2AC-65FF-06CEF7527D61}" = Catalyst Control Center Localization Polish
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8E9C9687-4EA2-9459-DE69-4CE1414DB265}" = Catalyst Control Center Localization Hungarian
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{93A94664-6CB9-54E2-D2E2-0FC894F457CD}" = CCC Help Dutch
"{941E6A4B-0B43-0875-2024-4F1A0FCE9293}" = CCC Help Danish
"{9A80B505-F97E-7813-A7DA-594CC6E20448}" = Catalyst Control Center Graphics Full Existing
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FB73888-C6F3-7687-DEA1-66AFAE237A7D}" = CCC Help Norwegian
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB105D15-5224-890B-7B28-1A4086C09F47}" = Catalyst Control Center Localization Greek
"{AB232CC2-7F49-2F07-8979-EF16498603BF}" = Catalyst Control Center Localization Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B84C847D-F708-EFC4-A7F4-16C0A407B0C3}" = CCC Help French
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4F9000B-677C-DBE0-8213-C47E04F098C1}" = Catalyst Control Center Core Implementation
"{C9EA192F-AEC6-18B1-D641-8ADF9F892260}" = CCC Help Turkish
"{CB8CDB72-8323-E26C-1FCB-C5497EA451A6}" = Catalyst Control Center Localization Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D52856-B412-9CEE-C10D-BA5C6F2DDD6E}" = Catalyst Control Center Localization Danish
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{D3F2542C-0962-1313-CA4F-942E37889349}" = Catalyst Control Center Localization Czech
"{D97215A1-196F-E4BA-B531-4E1AF9393E69}" = ccc-utility
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC5437E1-6C27-E514-5DD3-CDB9E516AF16}" = Catalyst Control Center Localization Thai
"{DC8CF830-12C4-2AFF-1DB6-09A47CEBFEAB}" = Catalyst Control Center Localization Italian
"{E1201237-AE20-F128-DA8E-47859AE55889}" = CCC Help Finnish
"{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E574C0AC-550B-68A4-4D89-B1940C536229}" = CCC Help Polish
"{E6451EF8-8ACB-7640-2DE3-AEF23DF02BFA}" = CCC Help Thai
"{E9339644-F92D-96C5-7AB7-384818825698}" = Catalyst Control Center Localization Turkish
"{EE52FA1D-A4F9-02A5-5C4A-00B1D15CCF26}" = CCC Help Portuguese
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EE9D54F6-EA22-6160-9C4F-45331E9104B6}" = CCC Help Greek
"{EEA1220D-9772-F11B-0110-AA5680DCEEDE}" = CCC Help Korean
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F7B5554B-5CDE-4D16-9ACF-00BFB1ACD668}" = HP BIOS Configuration for ProtectTools
"{F9A859AB-09BC-F1B4-83C1-F70C462AD066}" = CCC Help Spanish
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"ie8" = Windows Internet Explorer 8
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OpenAL" = OpenAL
"TeamViewer 7" = TeamViewer 7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4000339846-1403637847-164469848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.09.2012 02:55:33 | Computer Name = LAPTOP-KK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung jre-7u7-windows-i586-iftw.exe, Version 7.0.70.11,
 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 11.09.2012 07:37:53 | Computer Name = LAPTOP-KK | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 11.09.2012 11:56:04 | Computer Name = LAPTOP-KK | Source = PerfNet | ID = 2005
Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen 
werden.  Es werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene
 Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information
 ist DWORD 2.
 
Error - 11.09.2012 11:56:04 | Computer Name = LAPTOP-KK | Source = PerfNet | ID = 2006
Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden.
Es
 werden keine Server-Leistungsinformationen zurückgegeben.  Der zurückgegebene Fehlercode
 ist DWORD 0, der IOSB.Status ist DWORD 1 und  die IOSB.Information ist DWORD 2.
 
Error - 12.09.2012 12:02:07 | Computer Name = LAPTOP-KK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.10.0.116, fehlgeschlagenes
 Modul jscript.dll, Version 5.8.6001.23141, Fehleradresse 0x00014cdb.
 
Error - 12.09.2012 12:10:52 | Computer Name = LAPTOP-KK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung Skype.exe, Version 5.10.0.116, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000200.
 
Error - 12.09.2012 12:22:12 | Computer Name = LAPTOP-KK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung Skype.exe, Version 5.10.0.116, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000200.
 
Error - 17.09.2012 07:20:51 | Computer Name = LAPTOP-KK | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 19.09.2012 12:08:48 | Computer Name = LAPTOP-KK | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 20.09.2012 09:31:49 | Computer Name = LAPTOP-KK | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
[ Credential Manager Events ]
Error - 22.09.2010 04:04:45 | Computer Name = LAPTOP-KK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Administrator@LAPTOP-KK
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 29.09.2010 03:23:04 | Computer Name = LAPTOP-KK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Administrator@LAPTOP-KK
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 31.01.2011 12:00:05 | Computer Name = LAPTOP-KK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Administrator@LAPTOP-KK
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 04.01.2012 04:31:39 | Computer Name = LAPTOP-KK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Administrator@LAPTOP-KK
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 18.02.2012 04:37:41 | Computer Name = LAPTOP-KK | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Administrator@LAPTOP-KK
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
[ System Events ]
Error - 21.09.2012 06:20:27 | Computer Name = LAPTOP-KK | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ASBroker.
 
Error - 21.09.2012 07:48:54 | Computer Name = LAPTOP-KK | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ASBroker.
 
Error - 21.09.2012 07:51:20 | Computer Name = LAPTOP-KK | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
 Peer  "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
 Minuten  wiederholt.  Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
 (0x80072751)
 
Error - 21.09.2012 07:51:20 | Computer Name = LAPTOP-KK | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 22.09.2012 02:47:34 | Computer Name = LAPTOP-KK | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ASBroker.
 
Error - 22.09.2012 02:48:00 | Computer Name = LAPTOP-KK | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ASBroker.
 
Error - 22.09.2012 02:55:12 | Computer Name = LAPTOP-KK | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ASBroker.
 
Error - 22.09.2012 07:28:54 | Computer Name = LAPTOP-KK | Source = Service Control Manager | ID = 7034
Description = Dienst "Message Queuing" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 22.09.2012 07:28:54 | Computer Name = LAPTOP-KK | Source = Service Control Manager | ID = 7034
Description = Dienst "Message Queuing Triggers" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 22.09.2012 07:38:53 | Computer Name = LAPTOP-KK | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >
Erst bltzschnell und jetzt keine Antwort mehr...?
__________________
Alt 22.09.2012, 17:23   #4
markusg
/// Malware-holic
 
Mystart incredibar in jedem neuen Tab - Standard

Mystart incredibar in jedem neuen Tab


hi
lade den CCleaner standard:
CCleaner Download - CCleaner 3.22.1800
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Mystart incredibar in jedem neuen Tab
bereits, brauche, entferne, erfolglos, erstell, erstelltes, firefox, gefangen, gen, gestern, incredibar, mystart, mystart incredibar, neue, neuen, schonmal, script, tab, thread, treibt, versuche


« Ukash-Trojaner auf französisch! | Polizeivirus Österreich »


Ähnliche Themen: Mystart incredibar in jedem neuen Tab


  1. MyStart by IncrediBar.com
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (18)
  2. Mystart incredibar im neuen Tab
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (73)
  3. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 18.10.2012 (1)
  4. MyStart Trojaner in jedem neuen Tab (Mozilla)
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (49)
  5. mystart.incredibar.com
    Log-Analyse und Auswertung - 29.09.2012 (2)
  6. Mystart.Incredibar
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (3)
  7. MyStart Incredibar bei neuen Tabs lässt sich nicht beseitigen
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (55)
  8. MyStart @ Incredibar und MyStart Search trotz Deinstallation des Programms
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  9. mystart.incredibar.com/mb178?a=6OyKGh9pEf&loc=FF_NT kommt wenn ich einen neuen Tab öffne
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (15)
  10. http://mystart.incredibar.com/MB131?a=6PQHUto8HL erscheint beim öffnen eines neuen Tabs - ich möchte es entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (12)
  11. MyStart by IncrediBar im neuen Tab
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (14)
  12. Mystart Incredibar
    Log-Analyse und Auswertung - 20.07.2012 (32)
  13. MyStart by IncrediBar in neuen Tabs im FF 13.0.1
    Log-Analyse und Auswertung - 12.07.2012 (2)
  14. "MyStart by IncrediBar.com" in neuen Tabs im Firefox 13.0.1
    Log-Analyse und Auswertung - 12.07.2012 (2)
  15. MyStart by IncrediBar.com jedes Mal in neuen Tabs im Firefox 13.0.1 Vorgehensweise beheben.
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  16. Mystart by incredibar bei jedem neuenTab
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  17. Mystart Incredibar
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Mystart incredibar in jedem neuen Tab - Hallo! Seit gestern versuchen wir bereits erfolglos, Mystart incredibar aus unserem Firefox zu entfernen. Wir sind bereits alle Anweisungen aus diesem Thread http://www.trojaner-board.de/122337-...entfernen.html durchgegangen - erfolglos, das Ding ist immer - Mystart incredibar in jedem neuen Tab...
Archiv
Du betrachtest: Mystart incredibar in jedem neuen Tab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54