Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus hat alle Benutzerrechte geändert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.09.2012, 11:44   #1
Gerdi51
 
Virus hat alle Benutzerrechte geändert - Standard

Virus hat alle Benutzerrechte geändert



Hallo!
Seit einiger Zeit kann ich nichtmehr mit dem betroffenem PC arbeiten, da alle Benutzerrechte auf einmal geändert wurden, heißt ich kann kaum ein Programm öffnen/ausführen und auch Programme runterladen geht nicht. Manchmal hilft es in den Programmeinstellungen mich als Admin einzustellen, aber oft nicht.

Ich habe schon versucht in Eigenregie (bestimmt ein großer Fehler) das Problem mit Malwarebytes, AdwCleaner und Emsisoft zu beheben, aber es scheint immer noch da zu sein.

Malwarebytes habe ich oft drüberlaufen lass (Habe 12 Logdateien), und der hat auch EINIGES gefunden. Welche Logdatei wollt ihr da haben?

AdwCleaner habe ich einmal glaube ich laufen lassen. Hier die Log:

Code:
ATTFilter
# AdwCleaner v2.001 - Datei am 09/25/2012 um 20:26:13 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Gerd Becker - MEDION-P7300-D
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gerd Becker\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Gerd Becker\AppData\Local\funmoods-speeddial.crx
Datei Gefunden : C:\Users\GERDBE~1\AppData\Local\Temp\Uninstall.exe
Ordner Gefunden : C:\Program Files\Common Files\AVG Secure Search
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\FileConverter_1.3
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Gerd Becker\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\FileConverter_1.3
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Gerd Becker\AppData\Roaming\Mozilla\Firefox\Profiles\2nkra1ra.default\extensions\staged

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\FileConverter_1.3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{153D7D79-706C-443D-BA98-41CA86982C9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3241949
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\FileConverter_1.3
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00F05827-CD47-4E8D-AFD7-6BEB1D6A72AA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E04BFCCA-2B19-4B02-90E5-AAD3106C02A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{153D7D79-706C-443D-BA98-41CA86982C9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.3 Toolbar
Schlüssel Gefunden : HKLM\Software\Tarma Installer
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Gerd Becker\AppData\Roaming\Mozilla\Firefox\Profiles\2nkra1ra.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Gerd Becker\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R10].txt - [4586 octets] - [25/09/2012 20:26:13]

########## EOF - C:\AdwCleaner[R10].txt - [4647 octets] ##########
         
Emsisoft habe ich gestern das erste Mal laufen lassen. Das Programm hat eine Datei gefunden.
Die Logdatei habe ich nichtmehr, aber der Pfad ist wie folgt:
C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
Emsisoft sagt es wäre ein Trojan.Generic.7723167 (B) . Es stuft das als ein hohes Sicherheitsrisiko ein.

Entschuldigung sollte ich mit meiner Vorarbeit die Arbeit erschweren, aber ich komme hier einfach nicht mehr weiter.
Vielen Dank im Voraus für eure Hilfe!

Alt 01.10.2012, 07:55   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Virus hat alle Benutzerrechte geändert - Standard

Virus hat alle Benutzerrechte geändert



Hi,

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Starte bitte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen..
  • Schließe alle Programme. (Wichtig)
  • Klicke auf den Quick Scan Button.
  • Klick auf .
  • Kopiere den Inhalt aus OTL.txt und Extras.txt hier in Code-Tags[/B] in Deinen Thread.
__________________

__________________

Alt 03.10.2012, 20:49   #3
Gerdi51
 
Virus hat alle Benutzerrechte geändert - Standard

Virus hat alle Benutzerrechte geändert



Okay, ich habe OTL mit dem Quickscan laufen lassen. Hier sind die Log-Datein.

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 03.10.2012 18:21:38 - Run 1
OTL by OldTimer - Version 3.2.70.1     Folder = C:\Users\Gerd Becker\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 65,99% Memory free
8,12 Gb Paging File | 6,29 Gb Available in Paging File | 77,53% Paging File free
Paging file location(s): c:\pagefile.sys 4987 4987 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 823,08 Gb Free Space | 90,30% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,33 Gb Free Space | 41,65% Space Free | Partition Type: FAT32
Drive F: | 596,02 Gb Total Space | 566,67 Gb Free Space | 95,07% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-P7300-D | User Name: Gerd Becker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.03 18:20:49 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd Becker\Desktop\OTL.exe
PRC - [2012.09.19 11:29:44 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
PRC - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2012.09.19 05:33:36 | 003,082,640 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.09.19 05:33:14 | 003,363,240 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2guard.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.08 12:56:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.17 15:25:15 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.17 15:25:15 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.17 15:25:15 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.17 15:25:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.17 15:25:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.17 15:25:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.19 21:58:12 | 000,514,128 | ---- | M] (REINER SCT) -- C:\Windows\System32\cjpcsc.exe
PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.02.29 22:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.11.11 04:07:59 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2011.07.06 14:34:19 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.06.30 11:56:22 | 001,118,288 | ---- | M] (NCP Engineering GmbH) -- C:\Programme\LANCOM\Advanced VPN Client\ncprwsnt.exe
PRC - [2010.05.21 12:44:26 | 000,133,712 | ---- | M] (NCP engineering GmbH) -- C:\Programme\LANCOM\Advanced VPN Client\ncpclcfg.exe
PRC - [2010.05.07 13:08:38 | 000,093,184 | ---- | M] () -- C:\Programme\LANCOM\Advanced VPN Client\NCPSEC.EXE
PRC - [2009.06.24 11:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Programme\Hp\HPLaserJetService\HPLaserJetService.exe
PRC - [2008.09.09 18:32:00 | 006,281,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.06 14:34:19 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.21 18:36:28 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.09.19 11:29:40 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.09.19 05:33:36 | 003,082,640 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.25 03:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.28 18:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Disabled | Stopped] -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.05.17 15:25:15 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.17 15:25:15 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.17 15:25:15 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.17 15:25:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.17 15:25:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.19 21:58:12 | 000,514,128 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\System32\cjpcsc.exe -- (cjpcsc)
SRV - [2012.03.15 22:50:40 | 000,247,192 | ---- | M] (FileMaker, Inc.) [On_Demand | Stopped] -- C:\Programme\FileMaker\FileMaker Server\Database Server\fmshelper.exe -- (FileMaker Server)
SRV - [2012.03.09 20:00:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.03.08 19:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.11.11 04:07:59 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2011.09.23 21:51:22 | 000,045,592 | ---- | M] (NTI Corporation) [Disabled | Stopped] -- C:\Programme\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.08.09 04:04:02 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2010.06.30 11:56:22 | 001,118,288 | ---- | M] (NCP Engineering GmbH) [Auto | Running] -- C:\Programme\LANCOM\Advanced VPN Client\ncprwsnt.exe -- (ncprwsnt)
SRV - [2010.05.21 12:44:26 | 000,133,712 | ---- | M] (NCP engineering GmbH) [Auto | Running] -- C:\Programme\LANCOM\Advanced VPN Client\ncpclcfg.exe -- (ncpclcfg)
SRV - [2010.05.07 13:08:38 | 000,093,184 | ---- | M] () [Auto | Running] -- C:\Programme\LANCOM\Advanced VPN Client\NCPSEC.EXE -- (NcpSec)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.24 11:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Programme\Hp\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2008.10.14 02:52:50 | 000,376,937 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2008.10.14 02:52:50 | 000,184,423 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.28 15:22:34 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.06.24 22:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012.06.16 01:31:32 | 000,014,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys -- (Tq_91Assistant)
DRV - [2012.05.17 15:25:15 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.17 15:25:15 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.05.17 15:25:15 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.05.17 15:25:15 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2012.04.30 18:45:00 | 000,037,856 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.02.01 03:31:00 | 000,602,216 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2012.01.02 04:09:12 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.10.19 17:48:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.08 09:28:44 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2011.06.02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011.05.19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011.04.26 11:21:06 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011.03.29 11:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cjusb.sys -- (cjusb)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.07.06 12:28:34 | 000,077,808 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ncplelhp.sys -- (ncplelhp)
DRV - [2010.07.06 12:28:34 | 000,077,808 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ncplelhp.sys -- (ncpfilt)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2009.09.10 09:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2009.06.17 18:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009.06.17 18:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.02.25 19:58:56 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPEWSFXBULK)
DRV - [2008.09.25 15:28:06 | 001,332,576 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2008.03.17 18:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2007.05.31 07:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.08.28 18:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\MTictwl.sys -- (NCPro)
DRV - [2006.08.28 18:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTictwl.sys -- (MagicTune)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes,DefaultScope = {671EB503-4A27-0E26-7286-54FE44497503}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{671EB503-4A27-0E26-7286-54FE44497503}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzutDtBtDtDyE0EyEtAyDtDyEzy0DyD0F0BtN0D0TzutBtDtCtBtDyCtBtD&cr=1046637989
IE - HKLM\..\SearchScopes\{BB931CA0-9B96-4877-92C7-D0C34E0B0E1B}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-de&FORM=IEFM&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{671EB503-4A27-0E26-7286-54FE44497503}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.2
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.23 15:39:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.02 19:21:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.19 21:19:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.18 22:03:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.02 18:02:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.23 15:39:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
 
[2012.09.16 12:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd Becker\AppData\Roaming\mozilla\Extensions
[2011.11.24 01:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd Becker\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.25 20:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd Becker\AppData\Roaming\mozilla\Firefox\Profiles\2nkra1ra.default\extensions
[2012.09.25 20:49:52 | 000,616,675 | ---- | M] () (No name found) -- C:\Users\Gerd Becker\AppData\Roaming\mozilla\firefox\profiles\2nkra1ra.default\extensions\toolbar@web.de.xpi
[2012.09.25 20:50:43 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Gerd Becker\AppData\Roaming\mozilla\firefox\profiles\2nkra1ra.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.24 15:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.24 15:59:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.06.18 14:45:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.19 21:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.09.19 21:19:37 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.09.24 15:59:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.08.25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/webhp?source=search_app
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/webhp?source=search_app
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gerd Becker\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Programme\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe (NTI Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Iomega Home Storage Manager] C:\Programme\Iomega\Home Storage Manager\Iomega Discovery.exe (Iomega Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NcpBudgetGui] C:\Program Files\LANCOM\Advanced VPN Client\NcpBudgetGui.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpPopup] C:\Program Files\LANCOM\Advanced VPN Client\ncppopup.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [zzzHPSETUP] E:\Setup.exe \RESET File not found
O4 - Startup: C:\Users\Gerd Becker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Download with mediAvatar iPhone Softwarepaket Pro - C:\Program Files\mediAvatar\iPhone Software Suite Pro\upod_link.HTM File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]http in Vertrauenswürdige Sites)
O16 - DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} https://chipkarte.santanderbank.de/Estatico/ALP_EBANDE_SmartCardPres_E/Recursos/SantanderChipcardPlugin2610.cab (Security-Plugin-HBCI-Chipcard)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6CD70BB-A0EB-42F6-A1B5-B558DF885D5A}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Gerd Becker\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gerd Becker\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27 - HKLM IFEO\backitup.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\backupnowez.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\corel mediaone.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\corel photo downloader.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\devicecenter.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\eraser.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\fixitcenter.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\iastorui.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\intelcontrolcenter.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\iomega storage manager.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\ncpmon.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\ncpro.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\ncprotray.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\ncptrcw.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroupgrade.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\netviewer.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nvstlink.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nvstview.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pdf24-editor.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pdf24-fax.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\recode.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\restorestarter.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\schirmfoto.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\scrconfig.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\showtime.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\smkonv.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\startstarmoney.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\sump.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\waveedit.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{aba72ea7-326a-11e1-84f2-02004e435049}\Shell - "" = AutoRun
O33 - MountPoints2\{aba72ea7-326a-11e1-84f2-02004e435049}\Shell\AutoRun\command - "" = J:\unlock.exe autoplay=true
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.03 18:20:49 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Gerd Becker\Desktop\OTL.exe
[2012.10.01 01:26:22 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Roaming\MOBackup
[2012.10.01 01:22:51 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\Documents\mobackups
[2012.10.01 01:22:35 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MOBackup - Datensicherung für Outlook
[2012.10.01 01:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBackup - Datensicherung für Outlook
[2012.10.01 01:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\MOBackup
[2012.10.01 00:37:02 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Local\SimpleSYN
[2012.10.01 00:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimpleSYN 2.1
[2012.10.01 00:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\creativbox.net
[2012.09.29 01:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.09.29 01:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.09.29 01:24:56 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\Documents\Anti-Malware
[2012.09.26 00:24:32 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\Documents\iTunes
[2012.09.26 00:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.26 00:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.26 00:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.26 00:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.24 16:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FileMaker
[2012.09.24 16:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileMaker Server
[2012.09.24 15:30:44 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\Documents\FileMaker Server 12
[2012.09.24 13:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eric's TelNet98
[2012.09.23 21:39:53 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Roaming\U3
[2012.09.23 14:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NTIReg
[2012.09.23 14:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ
[2012.09.23 14:37:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Xp_x86
[2012.09.23 14:37:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\w2k_x86
[2012.09.23 14:37:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_x86
[2012.09.23 14:37:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_ia64
[2012.09.23 14:37:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_amd64
[2012.09.23 14:37:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_x86
[2012.09.23 14:37:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_ia64
[2012.09.23 14:37:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_amd64
[2012.09.23 14:37:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti
[2012.09.23 14:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\NTI
[2012.09.23 05:22:38 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\Documents\mediAvatar
[2012.09.22 14:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012.09.22 13:08:21 | 000,029,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012.09.22 02:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CrypKey
[2012.09.22 02:15:20 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe
[2012.09.22 02:15:20 | 000,122,880 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
[2012.09.22 02:15:18 | 001,207,808 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\PhoenixDll.dll
[2012.09.22 02:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix
[2012.09.22 02:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Outlook PST Repair
[2012.09.20 02:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.09.20 02:04:58 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Local\Conduit
[2012.09.20 02:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\FileConverter_1.3
[2012.09.19 22:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE Toolbar IE8
[2012.09.19 22:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.09.19 22:47:52 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Roaming\uiToolBar Desktop Icons
[2012.09.19 22:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012.09.19 22:30:40 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Roaming\Uniblue
[2012.09.19 22:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012.09.19 21:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.09.19 12:35:56 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.09.19 12:35:56 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.09.19 12:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.09.19 12:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.09.19 12:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2012.09.19 12:34:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.09.19 12:28:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.09.16 12:57:04 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Local\Seven Zip
[2012.09.16 12:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2012.09.14 17:14:58 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\AppData\Roaming\Malwarebytes
[2012.09.14 17:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.14 17:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.14 17:14:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.14 17:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.06 12:30:29 | 000,000,000 | ---D | C] -- C:\Users\Gerd Becker\Documents\CSV-Dokumente
[2012.09.03 20:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.09.03 20:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.03 18:20:49 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd Becker\Desktop\OTL.exe
[2012.10.03 18:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.03 18:11:02 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\MYPCTuneUp-Gerd Becker-Notification.job
[2012.10.03 15:42:35 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.03 15:42:35 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.03 15:32:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.02 18:02:43 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.10.02 17:56:24 | 000,760,120 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.02 17:56:24 | 000,704,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.02 17:56:24 | 000,174,124 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.02 17:56:24 | 000,140,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.01 01:22:36 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\MOBackup.lnk
[2012.10.01 00:36:55 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\SimpleSYN.lnk
[2012.09.29 01:25:24 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.09.28 15:40:34 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\Schirmfoto.job
[2012.09.28 00:32:08 | 000,002,373 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.26 17:38:52 | 000,002,416 | ---- | M] () -- C:\Users\Public\Desktop\FileMaker Pro 11 Advanced.lnk
[2012.09.26 08:22:35 | 000,517,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.26 00:46:35 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2012.09.26 00:19:57 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.25 23:35:20 | 000,000,208 | ---- | M] () -- C:\Windows\Ulead32.ini
[2012.09.25 23:18:13 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.25 20:22:20 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012.09.24 16:17:57 | 000,001,282 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\FileMaker Server 12.lnk
[2012.09.24 13:07:33 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Eric's TelNet98.lnk
[2012.09.24 11:37:32 | 000,002,302 | ---- | M] () -- C:\Users\Public\Desktop\mediAvatar iPhone Softwarepaket Pro.lnk
[2012.09.23 14:37:16 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\NTI Backup Now EZ.lnk
[2012.09.22 03:40:09 | 000,003,360 | ---- | M] () -- C:\Windows\System32\esnecil.ind
[2012.09.22 03:09:10 | 000,003,360 | ---- | M] () -- C:\Windows\System32\esnecil.nlp
[2012.09.22 03:09:10 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat
[2012.09.22 02:40:36 | 000,000,144 | ---- | M] () -- C:\Windows\Crypkey.ini
[2012.09.22 02:40:35 | 000,001,256 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\Stellar Phoenix Outlook PST Repair.lnk
[2012.09.19 22:52:22 | 000,002,157 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\Amazon.lnk
[2012.09.19 22:52:22 | 000,002,155 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\WEB.DE.lnk
[2012.09.19 22:30:41 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2012.09.19 21:19:44 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.19 19:52:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.19 19:52:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.19 12:35:55 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.09.19 12:35:55 | 000,002,202 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.09.19 11:29:46 | 000,031,584 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.09.19 11:29:40 | 000,029,536 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012.09.19 11:29:40 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.09.18 17:04:10 | 000,000,190 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\Microsoft Fix-it-Support.url
[2012.09.18 16:49:45 | 000,000,169 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\eBay.url
[2012.09.15 09:47:02 | 000,001,363 | ---- | M] () -- C:\Users\Gerd Becker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.09.14 17:14:55 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.14 12:07:10 | 000,512,399 | ---- | M] () -- C:\Users\Gerd Becker\Desktop\adwcleaner.exe
[2012.09.10 00:06:38 | 001,815,118 | ---- | M] () -- C:\Users\Gerd Becker\Localizable.strings
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.03 21:18:26 | 000,002,434 | R--- | M] () -- C:\Users\Gerd Becker\Desktop\Casio Digitalkamera.lnk
[2012.09.03 21:18:26 | 000,001,279 | R--- | M] () -- C:\Users\Gerd Becker\Desktop\Eigene Dokumente.lnk
[2012.09.03 21:18:25 | 000,001,869 | R--- | M] () -- C:\Users\Gerd Becker\Desktop\VPN-Key Balzer.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.02 17:56:55 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.10.02 17:56:55 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.10.01 01:22:36 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\MOBackup.lnk
[2012.10.01 00:36:55 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\SimpleSYN.lnk
[2012.09.29 01:25:24 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.09.26 08:22:21 | 000,517,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.26 00:19:57 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.24 15:43:12 | 000,001,282 | ---- | C] () -- C:\Users\Gerd Becker\Desktop\FileMaker Server 12.lnk
[2012.09.24 11:37:45 | 001,815,118 | ---- | C] () -- C:\Users\Gerd Becker\Localizable.strings
[2012.09.23 14:37:16 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\NTI Backup Now EZ.lnk
[2012.09.22 02:16:30 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2012.09.22 02:16:10 | 000,003,360 | ---- | C] () -- C:\Windows\System32\esnecil.nlp
[2012.09.22 02:16:10 | 000,003,360 | ---- | C] () -- C:\Windows\System32\esnecil.ind
[2012.09.22 02:15:49 | 000,000,144 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012.09.22 02:15:20 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012.09.22 02:15:20 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2012.09.22 02:15:20 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012.09.22 02:15:20 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012.09.22 02:15:18 | 000,178,176 | ---- | C] () -- C:\Windows\System32\StellarProfile.dll
[2012.09.22 02:15:18 | 000,001,256 | ---- | C] () -- C:\Users\Gerd Becker\Desktop\Stellar Phoenix Outlook PST Repair.lnk
[2012.09.20 16:48:00 | 000,002,113 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.09.20 16:47:59 | 000,001,647 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk
[2012.09.20 16:47:59 | 000,001,363 | ---- | C] () -- C:\Users\Gerd Becker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.09.19 22:30:43 | 000,000,268 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2012.09.19 22:30:41 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2012.09.19 21:19:44 | 000,001,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.19 21:19:44 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.19 12:35:55 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.09.19 12:35:55 | 000,002,214 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.09.19 12:35:55 | 000,002,202 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.09.18 17:04:10 | 000,000,190 | ---- | C] () -- C:\Users\Gerd Becker\Desktop\Microsoft Fix-it-Support.url
[2012.09.18 16:49:45 | 000,000,169 | ---- | C] () -- C:\Users\Gerd Becker\Desktop\eBay.url
[2012.09.14 17:14:55 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.14 17:13:06 | 000,512,399 | ---- | C] () -- C:\Users\Gerd Becker\Desktop\adwcleaner.exe
[2012.07.14 04:12:17 | 000,003,584 | R--- | C] () -- C:\Users\Gerd Becker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.20 18:09:08 | 000,302,425 | R--- | C] () -- C:\Users\Gerd Becker\AppData\Local\funmoods-speeddial.crx
[2012.06.13 13:50:47 | 000,000,208 | ---- | C] () -- C:\Windows\Ulead32.ini
[2012.05.10 00:15:21 | 000,000,026 | ---- | C] () -- C:\Windows\cJCC.INI
[2012.05.10 00:04:58 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.05.10 00:04:34 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SerialXP.dll
[2012.05.10 00:04:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\win32com.dll
[2012.04.13 13:04:42 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.01.18 19:33:03 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2012.01.18 19:33:03 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2012.01.18 19:33:03 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2012.01.18 19:33:03 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2012.01.17 23:15:10 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.01.08 00:40:17 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.01.08 00:40:17 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.01.08 00:40:17 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.01.08 00:40:17 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat
[2012.01.08 00:32:09 | 000,000,123 | ---- | C] () -- C:\Windows\System32\QVPMON.INI
[2011.12.28 14:09:55 | 000,024,772 | ---- | C] () -- C:\ProgramData\P1100DEF.css
[2011.12.28 14:09:55 | 000,004,447 | R--- | C] () -- C:\ProgramData\P1100OS.HTM
[2011.12.28 14:09:55 | 000,002,944 | ---- | C] () -- C:\ProgramData\P1100SIG.GIF
[2011.12.28 13:54:53 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2011.12.28 13:54:53 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2011.12.28 13:54:53 | 000,054,272 | R--- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2011.12.28 13:50:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2011.12.28 13:50:22 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL
[2011.11.23 17:18:15 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2011.11.23 16:45:55 | 000,226,609 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011.11.23 16:45:55 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.11.23 15:37:23 | 000,177,121 | ---- | C] () -- C:\Windows\hphins30.dat.temp
[2011.11.23 15:37:23 | 000,000,366 | ---- | C] () -- C:\Windows\hphmdl30.dat.temp
[2011.11.23 15:34:45 | 000,177,284 | ---- | C] () -- C:\Windows\hphins30.dat
[2011.11.23 15:34:45 | 000,000,366 | ---- | C] () -- C:\Windows\hphmdl30.dat
[2011.11.14 21:37:49 | 000,000,017 | R--- | C] () -- C:\Users\Gerd Becker\AppData\Local\resmon.resmoncfg
[2011.06.21 08:42:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2009.11.29 02:44:01 | 000,000,760 | R--- | C] () -- C:\Users\Gerd Becker\AppData\Roaming\setup_ldm.iss
[2008.12.03 23:30:31 | 000,000,019 | R--- | C] () -- C:\Users\Gerd Becker\AppData\Roaming\mdbu.bin
[2008.12.03 20:03:01 | 000,000,000 | R--- | C] () -- C:\Users\Gerd Becker\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.20 11:12:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\1&1 Mail & Media GmbH
[2011.11.28 01:47:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Abelssoft
[2009.11.29 06:22:38 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\acccore
[2009.11.29 06:22:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Buhl Data Service
[2009.11.29 06:22:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Buhl Data Service GmbH
[2009.11.29 06:22:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\CDZilla
[2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\CoSoSys
[2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\DataDesign
[2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\DisplayTune
[2012.02.06 14:38:42 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Eric's TelNet98
[2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\eXPert PDF Editor
[2011.11.25 19:51:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\FileMaker
[2011.11.25 20:19:36 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\FileMaker Pro Advanced
[2012.01.02 04:30:23 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\FinalVideoDownloader
[2012.06.20 18:04:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\FreeHideIP
[2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\GHISLER
[2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\klickTel
[2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Leadertech
[2009.11.29 06:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Lexware
[2009.11.29 06:22:42 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\MAGIX
[2012.06.18 00:39:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\mediAvatar
[2012.10.01 01:54:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\MOBackup
[2009.11.29 06:22:47 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Musicmatch
[2009.11.29 06:22:47 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\NAVIGON
[2009.11.29 06:22:47 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\NettoPro
[2009.11.29 06:22:47 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\OfficeUpdate12
[2009.11.29 06:22:47 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\OpenOffice.org3
[2011.11.24 14:57:32 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\PC-FAX TX
[2012.09.02 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\PCCUStubInstaller
[2009.11.29 06:22:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Samsung
[2009.11.29 06:22:49 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\ScanSoft
[2012.08.30 23:23:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Steganos
[2012.08.30 23:23:52 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Steganos VPN
[2009.11.29 06:22:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\SYBEX
[2009.11.29 06:22:51 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Teleca
[2011.11.28 03:07:23 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Template
[2011.11.24 01:01:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Thunderbird
[2012.09.19 12:35:20 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\TuneUp Software
[2008.12.04 03:15:43 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\TVG
[2012.09.19 22:47:52 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\uiToolBar Desktop Icons
[2012.06.25 00:14:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Ulead Systems
[2012.09.19 22:30:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Uniblue
[2009.11.29 06:22:51 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\WEB.DE
[2009.11.29 06:22:51 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\WinBatch
[2012.03.24 02:06:49 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Windows Live Writer
[2011.11.28 01:03:02 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\WinSweep
[2012.01.04 17:58:20 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Xilisoft
[2009.11.29 06:22:51 | 000,000,000 | ---D | M] -- C:\Users\Gerd Becker\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt wäre zu lang für den Beitrag. Ich füge es als Archiv hinzu.
__________________

Alt 03.10.2012, 20:52   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Virus hat alle Benutzerrechte geändert - Standard

Virus hat alle Benutzerrechte geändert



AdwCleaner bitte vom Desktop löschen.


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.10.2012, 14:14   #5
Gerdi51
 
Virus hat alle Benutzerrechte geändert - Standard

Virus hat alle Benutzerrechte geändert



So, entschuldiung das erst jetzt eine Antwort kommt, aber ich hatte leider vorher keine Zeit.

adwCleaner-Log:

Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 10/07/2012 um 14:12:13 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Gerd Becker - MEDION-P7300-D
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gerd Becker\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Gerd Becker\AppData\Local\funmoods-speeddial.crx
Ordner Gefunden : C:\Program Files\Common Files\AVG Secure Search
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\FileConverter_1.3
Ordner Gefunden : C:\Program Files\incredibar.com
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Gerd Becker\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\FileConverter_1.3
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\incredibar.com
Ordner Gefunden : C:\Users\Gerd Becker\AppData\LocalLow\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\FileConverter_1.3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\incredibar.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{153D7D79-706C-443D-BA98-41CA86982C9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3241949
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\FileConverter_1.3
Schlüssel Gefunden : HKLM\Software\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00F05827-CD47-4E8D-AFD7-6BEB1D6A72AA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E04BFCCA-2B19-4B02-90E5-AAD3106C02A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78E516EF-11DE-47A1-8364-A99B917EC5EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{153D7D79-706C-443D-BA98-41CA86982C9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileConverter_1.3 Toolbar
Schlüssel Gefunden : HKLM\Software\Tarma Installer
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{78E516EF-11DE-47A1-8364-A99B917EC5EE}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Gerd Becker\AppData\Roaming\Mozilla\Firefox\Profiles\2nkra1ra.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Gerd Becker\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4349 octets] - [07/10/2012 14:12:14]

########## EOF - C:\AdwCleaner[R1].txt - [4409 octets] ##########
         


Alt 07.10.2012, 18:49   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Virus hat alle Benutzerrechte geändert - Standard

Virus hat alle Benutzerrechte geändert



  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




Und ein frisches OTL log bitte.
__________________
--> Virus hat alle Benutzerrechte geändert

Antwort

Themen zu Virus hat alle Benutzerrechte geändert
appdatalow, avg, becker, browser, desktop, emsisoft, erste mal, explorer, fehler, firefox, google, helper, home, internet, internet browser, internet explorer, malwarebytes, microsoft, mozilla, ordner, problem, programm, programme, registrierungsdatenbank, secure, software, suche, tarma, temp, trojan.generic., virus, windows



Ähnliche Themen: Virus hat alle Benutzerrechte geändert


  1. Immer wieder Entfernen meiner Benutzerrechte und Ersatz durch Standard-SID
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (3)
  2. Alle Ordner und Programme weg - Virus?
    Plagegeister aller Art und deren Bekämpfung - 14.12.2011 (8)
  3. Windows Vista Benutzerrechte
    Alles rund um Windows - 06.10.2011 (6)
  4. BKA Virus deaktiviert alle Benutzerkonnten
    Log-Analyse und Auswertung - 07.09.2011 (9)
  5. Virus, der alle Virenscans killt
    Log-Analyse und Auswertung - 05.08.2011 (59)
  6. Virus blockiert alle Antivirenprogramme !
    Log-Analyse und Auswertung - 26.08.2010 (1)
  7. Alle Dateinamen geändert
    Plagegeister aller Art und deren Bekämpfung - 31.01.2010 (2)
  8. Virus hat alle Scanner lahmgelegt
    Antiviren-, Firewall- und andere Schutzprogramme - 20.10.2009 (9)
  9. Virus loescht ALLE Daten?
    Plagegeister aller Art und deren Bekämpfung - 19.10.2009 (3)
  10. PC Langsam, Desktop geändert! Virus?? Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 22.02.2008 (1)
  11. MSN , Yahoo, DHD24 alle Passwörter weg/geändert ??
    Plagegeister aller Art und deren Bekämpfung - 13.08.2007 (1)
  12. Benutzerrechte
    Alles rund um Windows - 22.06.2007 (2)
  13. Virus auf dem PC, alle Programme sind weg, was nu?
    Plagegeister aller Art und deren Bekämpfung - 23.02.2007 (2)
  14. Virus deaktiviert alle Antivirenprogramme
    Plagegeister aller Art und deren Bekämpfung - 27.08.2006 (10)
  15. Plötzlich sind alle .exe nurnoch 259k groß und alle am 05.01.2006 geändert
    Plagegeister aller Art und deren Bekämpfung - 13.01.2006 (2)
  16. "Ausführen als", Admin- und Benutzerrechte
    Antiviren-, Firewall- und andere Schutzprogramme - 08.09.2005 (3)
  17. WindowsXP Pro - Benutzerrechte
    Alles rund um Windows - 31.05.2003 (10)

Zum Thema Virus hat alle Benutzerrechte geändert - Hallo! Seit einiger Zeit kann ich nichtmehr mit dem betroffenem PC arbeiten, da alle Benutzerrechte auf einmal geändert wurden, heißt ich kann kaum ein Programm öffnen/ausführen und auch Programme runterladen - Virus hat alle Benutzerrechte geändert...
Archiv
Du betrachtest: Virus hat alle Benutzerrechte geändert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.