| |
| |||||||
Log-Analyse und Auswertung: Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistentWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
03.11.2012, 12:10
| #1 |
 |  Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent Hallo, mir ergeht es wie einigen vor mir; Claro ist nach diversen Durchläufen mit Spybot zwar erkannt und anscheinend gelöscht, meldet sich jedoch stets im Mozilla Browser, sowie Explorer und setzt die Geschwindigkeit erheblich herab. Habe nun bereits AntiMalWare eingesetzt; das Ergebnis wie folgt (ist leider nicht anhängbar, da der Internet Explorer regelmäßig abbricht. Sorry.) Und Danke für Eure Hilfe Boris :: BORIS-PC [Administrator] Schutz: Aktiviert 03.11.2012 10:54:56 mbam-log-2012-11-03 (11-44-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 257572 Laufzeit: 46 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt. Infizierte Dateien: 1 C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt. (Ende) |
|
03.11.2012, 18:15
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistentZitat:
Sie müssen nur dann in den Anhang (als eine ZIP-Datei mit allen Logdateien), wenn sie zu groß sind um direkt gepostet zu werden! Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher, übersichtlicher und man spart sich ne Menge Rumklickerei! Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Geändert von cosinus (03.11.2012 um 19:25 Uhr) |
|
03.11.2012, 19:09
| #3 |
| | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent Hallo und danke für die schnelle Antwort,
__________________ich bin roch recht blutiger PC-Inneleben Anfänger, tue aber mein Bestes und frage im Zweifelsfall noch mal nach. Danke für die Nachsicht. Ich hoffe das klappt jetzt: Code:
ATTFilter Boris :: BORIS-PC [Administrator]
Schutz: Aktiviert
03.11.2012 10:54:56
mbam-log-2012-11-03 (11-44-45).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 257572
Laufzeit: 46 Minute(n), 53 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.
Infizierte Dateien: 1
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.
(Ende)
|
|
03.11.2012, 19:25
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent Sind das alle Logs? Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.11.2012, 19:33
| #5 |
| | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent ich denke, das sind alle, habe die 2 Probleme ignoriert und bei Malware in die Ignorierliste, lassen sich aber nicht öffnen oder kopieren, nur hinzufügen. hoffe, das passt und danke Code:
ATTFilter 2012/11/03 10:53:40 +0100 BORIS-PC Boris MESSAGE Starting protection
2012/11/03 10:53:40 +0100 BORIS-PC Boris MESSAGE Protection started successfully
2012/11/03 10:53:40 +0100 BORIS-PC Boris MESSAGE Starting IP protection
2012/11/03 10:53:50 +0100 BORIS-PC Boris MESSAGE IP Protection started successfully
2012/11/03 10:53:57 +0100 BORIS-PC Boris MESSAGE Starting database refresh
2012/11/03 10:53:57 +0100 BORIS-PC Boris MESSAGE Stopping IP protection
2012/11/03 10:53:58 +0100 BORIS-PC Boris MESSAGE IP Protection stopped successfully
2012/11/03 10:54:02 +0100 BORIS-PC Boris MESSAGE Database refreshed successfully
2012/11/03 10:54:02 +0100 BORIS-PC Boris MESSAGE Starting IP protection
2012/11/03 10:54:08 +0100 BORIS-PC Boris MESSAGE IP Protection started successfully
2012/11/03 12:23:12 +0100 BORIS-PC Boris MESSAGE Stopping IP protection
2012/11/03 12:23:12 +0100 BORIS-PC Boris MESSAGE IP Protection stopped successfully
2012/11/03 12:23:12 +0100 BORIS-PC Boris MESSAGE Starting IP protection
2012/11/03 12:23:18 +0100 BORIS-PC Boris MESSAGE IP Protection started successfully
2012/11/03 12:23:18 +0100 BORIS-PC Boris MESSAGE Stopping IP protection
2012/11/03 12:23:18 +0100 BORIS-PC Boris MESSAGE IP Protection stopped successfully
2012/11/03 12:23:18 +0100 BORIS-PC Boris MESSAGE Starting IP protection
2012/11/03 12:23:23 +0100 BORIS-PC Boris MESSAGE IP Protection started successfully
2012/11/03 12:48:29 +0100 BORIS-PC Boris MESSAGE Starting protection
2012/11/03 12:48:29 +0100 BORIS-PC Boris MESSAGE Protection started successfully
2012/11/03 12:48:29 +0100 BORIS-PC Boris MESSAGE Starting IP protection
2012/11/03 12:48:34 +0100 BORIS-PC Boris MESSAGE IP Protection started successfully
2012/11/03 15:21:12 +0100 BORIS-PC Boris MESSAGE Starting protection
2012/11/03 15:21:12 +0100 BORIS-PC Boris MESSAGE Protection started successfully
2012/11/03 15:21:12 +0100 BORIS-PC Boris MESSAGE Starting IP protection
2012/11/03 15:21:21 +0100 BORIS-PC Boris MESSAGE IP Protection started successfully
2012/11/03 15:48:43 +0100 BORIS-PC Boris MESSAGE Executing scheduled update: Daily
2012/11/03 15:48:52 +0100 BORIS-PC Boris MESSAGE Starting database refresh
2012/11/03 15:48:52 +0100 BORIS-PC Boris MESSAGE Scheduled update executed successfully: database updated from version v2012.11.03.03 to version v2012.11.03.06
2012/11/03 15:48:52 +0100 BORIS-PC Boris MESSAGE Stopping IP protection
2012/11/03 15:48:52 +0100 BORIS-PC Boris MESSAGE IP Protection stopped successfully
2012/11/03 15:48:55 +0100 BORIS-PC Boris MESSAGE Database refreshed successfully
2012/11/03 15:48:55 +0100 BORIS-PC Boris MESSAGE Starting IP protection
2012/11/03 15:49:00 +0100 BORIS-PC Boris MESSAGE IP Protection started successfully
2012/11/03 18:00:45 +0100 BORIS-PC Boris MESSAGE Starting protection
2012/11/03 18:00:45 +0100 BORIS-PC Boris MESSAGE Protection started successfully
2012/11/03 18:00:45 +0100 BORIS-PC Boris MESSAGE Starting IP protection
2012/11/03 18:00:52 +0100 BORIS-PC Boris MESSAGE IP Protection started successfully
2012/11/03 19:00:43 +0100 BORIS-PC Boris MESSAGE Starting protection
2012/11/03 19:00:43 +0100 BORIS-PC Boris MESSAGE Protection started successfully
2012/11/03 19:00:43 +0100 BORIS-PC Boris MESSAGE Starting IP protection
2012/11/03 19:00:53 +0100 BORIS-PC Boris MESSAGE IP Protection started successfully
|
|
03.11.2012, 19:58
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent |
|
03.11.2012, 20:22
| #7 |
| | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent hier nummer 1  extras.txt.)OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.11.2012 20:09:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Boris\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,51% Memory free
6,19 Gb Paging File | 4,99 Gb Available in Paging File | 80,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 84,67 Gb Free Space | 75,68% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 110,91 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{477BFF00-DF8C-40B0-B32E-91EDBA395AA1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7A0F6AC6-5367-430D-BD90-76A296BBCF9E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{86943CF6-5FD9-4345-B287-0232B36EF8BD}" = lport=445 | protocol=6 | dir=in | app=system |
"{8AB85165-73B9-48D3-9CC6-3AC59F69D2F5}" = rport=138 | protocol=17 | dir=out | app=system |
"{984DFBB9-1B8C-4465-A336-0293B3BEB192}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF73E81B-0871-49BB-9E71-3E4A88947E90}" = lport=139 | protocol=6 | dir=in | app=system |
"{C267E99A-083B-4FED-A854-D1F21FA37A86}" = rport=137 | protocol=17 | dir=out | app=system |
"{CF701E67-39D0-4D31-9084-30202D8ACFF2}" = rport=445 | protocol=6 | dir=out | app=system |
"{E3995B4B-D1C6-4849-A213-710756DA8CEC}" = rport=139 | protocol=6 | dir=out | app=system |
"{FC73584B-1566-4647-97E4-1A5F1D07528F}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2602B52B-4F4C-435F-9EEB-DCF70565ABA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{363FD5FE-625A-48E2-9C24-9A2958B5E415}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{584DA8A5-CFDD-4EFA-B81C-675C9FA54D35}" = protocol=6 | dir=in | app=c:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe |
"{83778B43-0E78-4333-8EEA-852C7530EC05}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8678EA0D-EE22-4F29-BF0B-6B6413C34ABB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AE99901D-16AB-44CE-8343-F09596C96584}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B650F765-347A-47F0-A3D5-E858C44467FD}" = protocol=17 | dir=in | app=c:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe |
"{F73EF69F-978F-4BB1-9C41-B449AB7EF792}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"TCP Query User{369E448A-D8F7-4BA0-9DFE-538158E67071}C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{EA9E3BA5-0C6D-4AC6-A611-9389435C59BA}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{972B5D3D-D968-42EE-A585-BF8352039899}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{F7880D89-7C9D-471D-A100-A64E6667B713}C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{018FE763-ECD9-577B-05D5-3A67364FBAAA}" = Catalyst Control Center Localization Hungarian
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{1252B4EB-51F1-F349-6D79-954D877FB865}" = Catalyst Control Center Localization Swedish
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{14F91018-2A76-725D-056C-ECFF03F40F54}" = CCC Help Swedish
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F7A2A3A-B874-1E81-D291-A5ACB452F23F}" = CCC Help Italian
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2433BAD7-453F-473D-BE81-455E68940DEB}" = Catalyst Control Center - Branding
"{28A78C92-AC8C-DA80-6100-99A3AC4C3911}" = CCC Help Turkish
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{303A3978-8F11-DAAB-6F72-3D399477CC31}" = Catalyst Control Center Localization Chinese Standard
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4890127D-D62F-C496-9EFF-89FC910ABFE5}" = Catalyst Control Center Localization Polish
"{4C82121C-EB17-CEB0-996B-4D73FA0FAB47}" = Catalyst Control Center Graphics Light
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{5466620C-3B00-0BEE-D626-1FBE29A16AC4}" = Catalyst Control Center Localization Russian
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5508C9EB-5336-87F4-C2DB-53F2B3A482E7}" = Catalyst Control Center Graphics Previews Vista
"{5611C71F-AFC6-EBA3-E3E1-9FCCEC9647EE}" = ccc-core-static
"{5D7D1784-84A9-0EDB-62A6-D479F7F75DF6}" = CCC Help Chinese Traditional
"{62172AFD-E7F0-CAC1-1334-CB0159566F6C}" = Catalyst Control Center Localization Greek
"{65A0F799-1E9A-093B-BB8B-986203DAD390}" = Catalyst Control Center Core Implementation
"{67B41BEF-F407-D81D-762F-CC44CC6FEB7A}" = Catalyst Control Center Localization Italian
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6DFBD0A2-C692-44F5-1C96-773ED9B16002}" = Catalyst Control Center Graphics Full Existing
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{768361B2-F78F-FFAA-5B1F-EFDB41C70D95}" = CCC Help French
"{7A98B8DF-687E-8F7F-9A4A-ED1D9B306EAF}" = CCC Help Russian
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{818F922E-DE7A-6FC1-D85C-C44495070174}" = Catalyst Control Center Localization Dutch
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8DB12734-9543-FBB3-E94D-3BE397ED8078}" = Catalyst Control Center Localization Japanese
"{9001B8A7-B591-7559-2264-B4A0F480D1A8}" = CCC Help Polish
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{905DF41F-D74C-6DF4-9453-D29CDE46A4A4}" = CCC Help Finnish
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92041735-0623-CD56-9BCB-6CD4385232B0}" = CCC Help Thai
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{96A1E845-A730-4488-99A2-054C5BFAB9D1}" = CCC Help Greek
"{97EE277B-C0D9-6394-9A01-7681086EED5C}" = Catalyst Control Center Localization Portuguese
"{99F9ACB2-BCD2-B5A7-7738-24FB0B7B7763}" = ccc-utility
"{9DCC214C-CD1A-1115-6775-A9056185FE4E}" = ATI Catalyst Install Manager
"{9F06F30E-5138-2315-EC57-D4A23D572649}" = CCC Help Portuguese
"{A3D22413-28D3-636E-1CE9-BC55C46364C3}" = Catalyst Control Center Graphics Full New
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53EA764-AB97-445E-002B-A32165BB0B3B}" = CCC Help Dutch
"{A586A89F-2BC4-CEB3-3C52-D1F4B57F572F}" = Catalyst Control Center Localization Turkish
"{A5EF9152-55CC-DF0E-AEDA-98D20EC3293E}" = CCC Help Japanese
"{A952B4E1-913A-1492-A551-43EAE1D44E1D}" = Catalyst Control Center Localization Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B0524CD7-2B3F-50C1-B3AD-87457B7FF852}" = Catalyst Control Center Localization Spanish
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C359699C-2D0A-5F08-9C44-4C1A508C4990}" = CCC Help Hungarian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDA83283-8D9F-321F-5C76-AF68D3039B87}" = Catalyst Control Center Localization Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1C099EA-C28C-6593-8CE1-38F63EBD22F4}" = CCC Help Korean
"{D885CD8B-343B-271D-85EB-DFE5BE962C0D}" = Catalyst Control Center Localization Norwegian
"{DDDA0B2B-674E-A49F-6E31-184F00BDDC85}" = CCC Help Czech
"{E2430405-1983-852E-B297-4FF9207E6C16}" = CCC Help German
"{E596EC1C-4C61-2457-21B3-EDDA326E8157}" = CCC Help English
"{E64D1146-55AE-61E3-7C43-0DA16C0E4416}" = CCC Help Spanish
"{ED924786-EFE7-392D-F37C-64F4B6E19C2F}" = CCC Help Danish
"{EE174D9D-EF64-9FC7-C900-57C64F02E80D}" = Catalyst Control Center Localization Danish
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFF43C31-5F5A-574E-563C-68190FA13F0C}" = CCC Help Chinese Standard
"{F023B88F-DD32-8C85-F372-5319180597A5}" = Catalyst Control Center Localization Thai
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2912763-486E-B5D1-D0C6-BD1AE24D0C20}" = Catalyst Control Center Localization Korean
"{F2D65205-A1D0-5B53-4399-8AA39F738D9D}" = CCC Help Norwegian
"{F4ECB8B5-737F-6910-C26F-7DA94A2C0710}" = Catalyst Control Center Localization Finnish
"{F59778FB-4F31-0ADE-84C3-D7D77676A1A5}" = Catalyst Control Center Localization French
"{FAAE0782-8073-112D-BC19-12C64A2D90D9}" = Skins
"{FAC15A44-64C7-1908-CC36-83BC9A308EA9}" = Catalyst Control Center Localization German
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.5.3.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1411231321-3497987553-1682086313-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.11.2012 17:42:43 | Computer Name = Boris-PC | Source = EventSystem | ID = 4621
Description =
Error - 02.11.2012 18:19:26 | Computer Name = Boris-PC | Source = EventSystem | ID = 4621
Description =
Error - 02.11.2012 21:18:39 | Computer Name = Boris-PC | Source = Application Hang | ID = 1002
Description = Programm SpybotSD.exe, Version 1.6.2.46 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1514 Anfangszeit: 01cdb96120572fa2 Zeitpunkt der Beendigung:
32
Error - 02.11.2012 21:42:21 | Computer Name = Boris-PC | Source = EventSystem | ID = 4621
Description =
Error - 03.11.2012 06:54:59 | Computer Name = Boris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6000.16982, Zeitstempel
0x4b2b56f5, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc0000005, Fehleroffset 0x0003b15f, Prozess-ID 0x1064, Anwendungsstartzeit
01cdb9b063210598.
Error - 03.11.2012 07:02:21 | Computer Name = Boris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6000.16982, Zeitstempel
0x4b2b56f5, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc0000005, Fehleroffset 0x0003b15f, Prozess-ID 0x16bc, Anwendungsstartzeit
01cdb9b1af36f7e8.
Error - 03.11.2012 07:28:18 | Computer Name = Boris-PC | Source = EventSystem | ID = 4621
Description =
Error - 03.11.2012 09:40:26 | Computer Name = Boris-PC | Source = EventSystem | ID = 4621
Description =
Error - 03.11.2012 12:53:37 | Computer Name = Boris-PC | Source = EventSystem | ID = 4621
Description =
Error - 03.11.2012 13:08:42 | Computer Name = Boris-PC | Source = EventSystem | ID = 4621
Description =
[ System Events ]
Error - 01.08.2012 14:35:29 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
2, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.08.2012 14:35:29 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
5, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.08.2012 14:35:29 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
6, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.08.2012 14:35:30 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
7, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.08.2012 14:37:30 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.08.2012 01:44:33 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
2, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 02.08.2012 01:44:33 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
5, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 02.08.2012 01:44:33 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
6, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 02.08.2012 01:44:34 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
7, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 02.08.2012 01:46:32 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
un hier nummer 2: (otl.txt) OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.11.2012 20:09:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Boris\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,51% Memory free 6,19 Gb Paging File | 4,99 Gb Available in Paging File | 80,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 84,67 Gb Free Space | 75,68% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 110,91 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Boris\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe () MOD - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2999.36899__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2999.36858__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2999.36911__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2999.37087__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2999.36892__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2999.36878__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2999.37051__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2999.37008__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2999.37120__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2999.37127__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2999.37065__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2999.36872__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2999.37059__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2999.37058__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2999.37118__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2999.37017__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2999.36923__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2999.36879__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2999.37079__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2999.36917__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2999.37010__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2999.37045__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2999.37009__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2999.37044__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2999.37102_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2999.37138__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2999.37149__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2999.37110__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2999.37109__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2999.36886__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2999.37102__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2999.36865__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2999.36850__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2999.37110__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2999.36849__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2999.36849__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\System32\btwhidcs.dll () MOD - C:\Programme\Samsung\Easy Display Manager\WinMove.dll () MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll () MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VMC302) -- System32\Drivers\VMC302.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.samsungcomputer.com/ IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.samsungcomputer.com/ IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=311012_ctrl_4412_2&babsrc=SP_clro&mntrId=c865d5940000000000000021630a1bfc IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=70f35fee-2396-41bf-855a-c3fafc5a7533&apn_sauid=F3299634-4EF8-4F9D-A7A6-F6545D8CBDCF IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.03 15:21:52 | 000,000,000 | ---D | M] [2008.08.02 17:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Extensions [2012.11.02 16:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\pwqe3lw3.default\extensions [2012.11.02 14:17:25 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\pwqe3lw3.default\extensions\crossriderapp5060@crossrider.com [2012.11.02 13:11:23 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\pwqe3lw3.default\extensions\firefox@tvunetworks.com [2012.11.02 16:19:12 | 000,000,000 | ---D | M] (Feedback) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\pwqe3lw3.default\extensions\testpilot@labs.mozilla.com [2012.08.01 12:39:01 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\pwqe3lw3.default\extensions\toolbar@ask.com [2012.11.02 14:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\pwqe3lw3.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode [2012.11.02 16:19:10 | 000,573,138 | ---- | M] () (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\firefox\profiles\pwqe3lw3.default\extensions\testpilot@labs.mozilla.com.xpi [2012.10.16 18:29:09 | 000,499,324 | ---- | M] () (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\firefox\profiles\pwqe3lw3.default\extensions\toolbar@gmx.net.xpi [2012.08.01 12:39:01 | 000,002,344 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\mozilla\firefox\profiles\pwqe3lw3.default\searchplugins\askcom.xml File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.811.154\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION [2012.11.02 14:17:40 | 000,006,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7044E990-DB48-44BA-B743-E604CF9DB3DB}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.03 20:04:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe [2012.11.03 10:53:27 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Malwarebytes [2012.11.03 10:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.03 10:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.03 10:53:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.03 10:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.03 02:27:55 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\PeerNetworking [2012.11.02 20:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.02 20:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.02 20:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.11.02 16:12:34 | 000,000,000 | ---D | C] -- C:\58649530f01846f06b [2012.11.02 14:17:26 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Google [2012.11.02 14:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2012.11.02 14:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.02 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\vlc [2012.11.02 14:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.11.02 13:11:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\TVU Networks [2012.11.02 13:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks [2012.11.02 13:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TVUPlayer [2012.11.02 13:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\TVUPlayer [2012.10.21 18:22:08 | 000,000,000 | ---D | C] -- C:\Users\Boris\Desktop\Sport [2012.10.21 18:18:58 | 000,000,000 | ---D | C] -- C:\Users\Boris\Desktop\Englisch [2012.10.17 15:20:24 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\AskToolbar [2012.10.11 10:01:16 | 000,000,000 | ---D | C] -- C:\Users\Boris\Desktop\Schule [2012.10.06 16:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache ========== Files - Modified Within 30 Days ========== [2012.11.03 20:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.03 20:04:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe [2012.11.03 20:00:25 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 20:00:25 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 19:08:04 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.03 19:08:04 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.03 19:08:04 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.03 19:08:04 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.03 19:00:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.03 19:00:01 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys [2012.11.03 18:08:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.11.03 10:53:18 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.03 02:27:56 | 000,017,089 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\UserTile.png [2012.11.02 20:26:23 | 000,001,061 | ---- | M] () -- C:\Users\Boris\Desktop\Spybot - Search & Destroy.lnk [2012.10.25 15:52:53 | 000,002,623 | ---- | M] () -- C:\Users\Boris\Desktop\Microsoft Word.lnk [2012.10.11 08:30:23 | 000,003,584 | ---- | M] () -- C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.09 17:11:04 | 000,554,366 | ---- | M] () -- C:\Users\Boris\Desktop\attachment.pdf [2012.10.08 19:06:33 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.08 19:06:33 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.06 17:13:36 | 000,000,993 | ---- | M] () -- C:\Users\Boris\Desktop\WORDVIEW - Verknüpfung.lnk [2012.10.06 16:55:26 | 000,000,194 | ---- | M] () -- C:\Windows\System32\dmlg.dat ========== Files Created - No Company Name ========== [2012.11.03 10:53:18 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.03 02:27:56 | 000,017,089 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\UserTile.png [2012.11.02 20:26:23 | 000,001,061 | ---- | C] () -- C:\Users\Boris\Desktop\Spybot - Search & Destroy.lnk [2012.11.02 17:05:15 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys [2012.10.11 08:30:19 | 000,003,584 | ---- | C] () -- C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.09 17:11:04 | 000,554,366 | ---- | C] () -- C:\Users\Boris\Desktop\attachment.pdf [2012.10.06 17:13:36 | 000,000,993 | ---- | C] () -- C:\Users\Boris\Desktop\WORDVIEW - Verknüpfung.lnk [2012.10.06 16:47:09 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk [2012.09.19 14:11:59 | 000,059,338 | ---- | C] () -- C:\Users\Boris\Entspannungsspiele.pdf [2012.09.19 14:11:48 | 003,879,110 | ---- | C] () -- C:\Users\Boris\BVK - Lernzirkel Sport - 1. Erlebnisorientiertes Bewegen.pdf [2012.09.19 13:58:15 | 000,000,261 | ---- | C] () -- C:\Users\Boris\Boris.lnk [2012.08.03 13:15:21 | 000,000,194 | ---- | C] () -- C:\Windows\System32\dmlg.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2008.11.06 13:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
04.11.2012, 02:00
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2012, 14:07
| #9 |
| | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent und hier kommt das nächste paket Code:
ATTFilter # AdwCleaner v2.006 - Datei am 04/11/2012 um 13:33:57 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium (32 bits)
# Benutzer : Boris - BORIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Boris\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : Browser Manager
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files\Ask.com
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\IBUpdaterService
Ordner Gefunden : C:\Users\Boris\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\Boris\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\Boris\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6000.16982
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Profilname : default
Datei : C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\prefs.js
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale[...]
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gefunden : user_pref("extensions.crossriderapp5060.adsOldValue", -1);
*************************
AdwCleaner[R1].txt - [6671 octets] - [04/11/2012 13:33:57]
########## EOF - C:\AdwCleaner[R1].txt - [6731 octets] ##########
übrigens: habe die auftauchten Probleme z.B. bei Malware nicht gelöscht sondern nur an dich geschickt, hoffe das passt. |
|
04.11.2012, 17:12
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent Versuch bitte alle im adwCleaner-Log erwähnten Einträge wie zB "Browser Manager" über die Systemsteuerung zu deinstallieren, danach ein neues Suchlog mit dem adwCleaner machen. Reste und was sich nicht deinstallieren lassen will machen wir mit dem adwCleaner weg.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2012, 17:35
| #11 |
| | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent Danke für die Antwort. und nur dass ich dich richtig verstehe: wirklich alle Einträge die hier stehen, also ungefähr 60? (die Zahl nenne ich nur, damit wir über das gleiche sprechen noch eine Frage: ist der Browser Manager über die Systemsteuerung leicht zu finden? Nochmals Dankeschön und Gruß |
|
05.11.2012, 10:53
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent Was heißt leicht zu finden?! Entweder findest du die Toolbars und Adware gelistet in der Systemsteuerung unter "Programme deinstallieren oder ändern" oder eben nicht! Was ist denn daran so unklar? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.11.2012, 16:32
| #13 |
| | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent versucht über Systemst. zu deinstallieren, jedoch alles nicht mehr auffindbar. habe glaub ich bevor ich Kontakt mit Euch hatte schonmal einen solchen Durchlauf gemacht. Jedenfalls: Habe dann alles mit ADW gelöscht. Bericht folgt hier...Danach kam allerdings Meldung ich solle Browser Schutz wieder über ToolBar aktivieren - und im Suchfenster bei IE erscheint nun LiveSearch (gefährlich?). Hier der Bericht: Code:
ATTFilter # AdwCleaner v2.006 - Datei am 06/11/2012 um 16:21:31 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium (32 bits)
# Benutzer : Boris - BORIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Boris\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Browser Manager
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\searchplugins\Askcom.xml
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\Users\Boris\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Boris\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Boris\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6000.16982
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Profilname : default
Datei : C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\prefs.js
C:\Users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\pwqe3lw3.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale[...]
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("extensions.crossriderapp5060.adsOldValue", -1);
*************************
AdwCleaner[R1].txt - [6800 octets] - [04/11/2012 13:33:57]
AdwCleaner[R2].txt - [6860 octets] - [06/11/2012 16:19:50]
AdwCleaner[R3].txt - [6920 octets] - [06/11/2012 16:21:08]
AdwCleaner[S3].txt - [6478 octets] - [06/11/2012 16:21:31]
########## EOF - C:\AdwCleaner[S3].txt - [6538 octets] ##########
|
|
06.11.2012, 16:44
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.11.2012, 17:21
| #15 |
| | Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent erst der otl.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.11.2012 17:04:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Boris\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,19% Memory free 6,19 Gb Paging File | 5,02 Gb Available in Paging File | 81,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 86,99 Gb Free Space | 77,75% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 110,91 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Boris\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2999.36899__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2999.36858__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2999.36911__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2999.37087__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2999.36892__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2999.36878__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2999.37051__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2999.37008__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2999.37120__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2999.37127__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2999.37065__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2999.36872__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2999.37059__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2999.37058__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2999.37118__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2999.37017__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2999.36923__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2999.36879__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2999.37079__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2999.36917__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2999.37010__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2999.37045__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2999.37009__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2999.37044__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2999.37102_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2999.37138__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2999.37149__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2999.37110__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2999.37109__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2999.36886__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2999.37102__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2999.36865__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2999.36850__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2999.37110__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2999.36849__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2999.36849__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\System32\btwhidcs.dll () MOD - C:\Programme\Samsung\Easy Display Manager\WinMove.dll () MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll () MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VMC302) -- System32\Drivers\VMC302.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NETw2v32) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.samsungcomputer.com/ IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.samsungcomputer.com/ IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\..\SearchScopes,bProtectorDefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2008.08.02 17:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Extensions [2012.11.06 16:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\pwqe3lw3.default\extensions [2012.11.02 14:17:25 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\pwqe3lw3.default\extensions\crossriderapp5060@crossrider.com [2012.11.02 13:11:23 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\pwqe3lw3.default\extensions\firefox@tvunetworks.com [2012.11.02 16:19:12 | 000,000,000 | ---D | M] (Feedback) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\pwqe3lw3.default\extensions\testpilot@labs.mozilla.com [2012.11.02 14:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Firefox\Profiles\pwqe3lw3.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode [2012.11.02 16:19:10 | 000,573,138 | ---- | M] () (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\firefox\profiles\pwqe3lw3.default\extensions\testpilot@labs.mozilla.com.xpi [2012.10.16 18:29:09 | 000,499,324 | ---- | M] () (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\firefox\profiles\pwqe3lw3.default\extensions\toolbar@gmx.net.xpi File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.811.154\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1411231321-3497987553-1682086313-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Boris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7044E990-DB48-44BA-B743-E604CF9DB3DB}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.03 20:04:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe [2012.11.03 10:53:27 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Malwarebytes [2012.11.03 10:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.03 10:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.03 10:53:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.03 10:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.03 02:27:55 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\PeerNetworking [2012.11.02 20:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.02 20:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.02 20:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.11.02 16:12:34 | 000,000,000 | ---D | C] -- C:\58649530f01846f06b [2012.11.02 14:17:26 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Google [2012.11.02 14:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.02 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\vlc [2012.11.02 14:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.11.02 13:11:35 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\TVU Networks [2012.11.02 13:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks [2012.11.02 13:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TVUPlayer [2012.11.02 13:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\TVUPlayer [2012.10.21 18:22:08 | 000,000,000 | ---D | C] -- C:\Users\Boris\Desktop\Sport [2012.10.21 18:18:58 | 000,000,000 | ---D | C] -- C:\Users\Boris\Desktop\Englisch [2012.10.11 10:01:16 | 000,000,000 | ---D | C] -- C:\Users\Boris\Desktop\Schule ========== Files - Modified Within 30 Days ========== [2012.11.06 17:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.06 16:29:54 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.06 16:29:54 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.06 16:29:54 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.06 16:29:54 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.06 16:23:32 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.06 16:23:32 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.06 16:23:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.06 16:23:10 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys [2012.11.06 16:22:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.11.04 13:31:52 | 000,540,977 | ---- | M] () -- C:\Users\Boris\Desktop\adwcleaner.exe [2012.11.03 20:04:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Desktop\OTL.exe [2012.11.03 10:53:18 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.03 02:27:56 | 000,017,089 | ---- | M] () -- C:\Users\Boris\AppData\Roaming\UserTile.png [2012.11.02 20:26:23 | 000,001,061 | ---- | M] () -- C:\Users\Boris\Desktop\Spybot - Search & Destroy.lnk [2012.10.25 15:52:53 | 000,002,623 | ---- | M] () -- C:\Users\Boris\Desktop\Microsoft Word.lnk [2012.10.11 08:30:23 | 000,003,584 | ---- | M] () -- C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.09 17:11:04 | 000,554,366 | ---- | M] () -- C:\Users\Boris\Desktop\attachment.pdf [2012.10.08 19:06:33 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.08 19:06:33 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012.11.04 13:30:34 | 000,540,977 | ---- | C] () -- C:\Users\Boris\Desktop\adwcleaner.exe [2012.11.03 10:53:18 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.03 02:27:56 | 000,017,089 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\UserTile.png [2012.11.02 20:26:23 | 000,001,061 | ---- | C] () -- C:\Users\Boris\Desktop\Spybot - Search & Destroy.lnk [2012.11.02 17:05:15 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys [2012.10.11 08:30:19 | 000,003,584 | ---- | C] () -- C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.09 17:11:04 | 000,554,366 | ---- | C] () -- C:\Users\Boris\Desktop\attachment.pdf [2012.09.19 14:11:59 | 000,059,338 | ---- | C] () -- C:\Users\Boris\Entspannungsspiele.pdf [2012.09.19 14:11:48 | 003,879,110 | ---- | C] () -- C:\Users\Boris\BVK - Lernzirkel Sport - 1. Erlebnisorientiertes Bewegen.pdf [2012.09.19 13:58:15 | 000,000,261 | ---- | C] () -- C:\Users\Boris\Boris.lnk [2012.08.03 13:15:21 | 000,000,194 | ---- | C] () -- C:\Windows\System32\dmlg.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2008.11.06 13:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > und der extra.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.11.2012 17:04:57 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Boris\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,19% Memory free
6,19 Gb Paging File | 5,02 Gb Available in Paging File | 81,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 86,99 Gb Free Space | 77,75% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 110,91 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{477BFF00-DF8C-40B0-B32E-91EDBA395AA1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7A0F6AC6-5367-430D-BD90-76A296BBCF9E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{86943CF6-5FD9-4345-B287-0232B36EF8BD}" = lport=445 | protocol=6 | dir=in | app=system |
"{8AB85165-73B9-48D3-9CC6-3AC59F69D2F5}" = rport=138 | protocol=17 | dir=out | app=system |
"{984DFBB9-1B8C-4465-A336-0293B3BEB192}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF73E81B-0871-49BB-9E71-3E4A88947E90}" = lport=139 | protocol=6 | dir=in | app=system |
"{C267E99A-083B-4FED-A854-D1F21FA37A86}" = rport=137 | protocol=17 | dir=out | app=system |
"{CF701E67-39D0-4D31-9084-30202D8ACFF2}" = rport=445 | protocol=6 | dir=out | app=system |
"{E3995B4B-D1C6-4849-A213-710756DA8CEC}" = rport=139 | protocol=6 | dir=out | app=system |
"{FC73584B-1566-4647-97E4-1A5F1D07528F}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2602B52B-4F4C-435F-9EEB-DCF70565ABA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{363FD5FE-625A-48E2-9C24-9A2958B5E415}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{584DA8A5-CFDD-4EFA-B81C-675C9FA54D35}" = protocol=6 | dir=in | app=c:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe |
"{83778B43-0E78-4333-8EEA-852C7530EC05}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8678EA0D-EE22-4F29-BF0B-6B6413C34ABB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AE99901D-16AB-44CE-8343-F09596C96584}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B650F765-347A-47F0-A3D5-E858C44467FD}" = protocol=17 | dir=in | app=c:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe |
"{F73EF69F-978F-4BB1-9C41-B449AB7EF792}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"TCP Query User{369E448A-D8F7-4BA0-9DFE-538158E67071}C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{EA9E3BA5-0C6D-4AC6-A611-9389435C59BA}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{972B5D3D-D968-42EE-A585-BF8352039899}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{F7880D89-7C9D-471D-A100-A64E6667B713}C:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\boris\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{018FE763-ECD9-577B-05D5-3A67364FBAAA}" = Catalyst Control Center Localization Hungarian
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{1252B4EB-51F1-F349-6D79-954D877FB865}" = Catalyst Control Center Localization Swedish
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{14F91018-2A76-725D-056C-ECFF03F40F54}" = CCC Help Swedish
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F7A2A3A-B874-1E81-D291-A5ACB452F23F}" = CCC Help Italian
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2433BAD7-453F-473D-BE81-455E68940DEB}" = Catalyst Control Center - Branding
"{28A78C92-AC8C-DA80-6100-99A3AC4C3911}" = CCC Help Turkish
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{303A3978-8F11-DAAB-6F72-3D399477CC31}" = Catalyst Control Center Localization Chinese Standard
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4890127D-D62F-C496-9EFF-89FC910ABFE5}" = Catalyst Control Center Localization Polish
"{4C82121C-EB17-CEB0-996B-4D73FA0FAB47}" = Catalyst Control Center Graphics Light
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{5466620C-3B00-0BEE-D626-1FBE29A16AC4}" = Catalyst Control Center Localization Russian
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5508C9EB-5336-87F4-C2DB-53F2B3A482E7}" = Catalyst Control Center Graphics Previews Vista
"{5611C71F-AFC6-EBA3-E3E1-9FCCEC9647EE}" = ccc-core-static
"{5D7D1784-84A9-0EDB-62A6-D479F7F75DF6}" = CCC Help Chinese Traditional
"{62172AFD-E7F0-CAC1-1334-CB0159566F6C}" = Catalyst Control Center Localization Greek
"{65A0F799-1E9A-093B-BB8B-986203DAD390}" = Catalyst Control Center Core Implementation
"{67B41BEF-F407-D81D-762F-CC44CC6FEB7A}" = Catalyst Control Center Localization Italian
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6DFBD0A2-C692-44F5-1C96-773ED9B16002}" = Catalyst Control Center Graphics Full Existing
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{768361B2-F78F-FFAA-5B1F-EFDB41C70D95}" = CCC Help French
"{7A98B8DF-687E-8F7F-9A4A-ED1D9B306EAF}" = CCC Help Russian
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{818F922E-DE7A-6FC1-D85C-C44495070174}" = Catalyst Control Center Localization Dutch
"{8DB12734-9543-FBB3-E94D-3BE397ED8078}" = Catalyst Control Center Localization Japanese
"{9001B8A7-B591-7559-2264-B4A0F480D1A8}" = CCC Help Polish
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{905DF41F-D74C-6DF4-9453-D29CDE46A4A4}" = CCC Help Finnish
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92041735-0623-CD56-9BCB-6CD4385232B0}" = CCC Help Thai
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{96A1E845-A730-4488-99A2-054C5BFAB9D1}" = CCC Help Greek
"{97EE277B-C0D9-6394-9A01-7681086EED5C}" = Catalyst Control Center Localization Portuguese
"{99F9ACB2-BCD2-B5A7-7738-24FB0B7B7763}" = ccc-utility
"{9DCC214C-CD1A-1115-6775-A9056185FE4E}" = ATI Catalyst Install Manager
"{9F06F30E-5138-2315-EC57-D4A23D572649}" = CCC Help Portuguese
"{A3D22413-28D3-636E-1CE9-BC55C46364C3}" = Catalyst Control Center Graphics Full New
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53EA764-AB97-445E-002B-A32165BB0B3B}" = CCC Help Dutch
"{A586A89F-2BC4-CEB3-3C52-D1F4B57F572F}" = Catalyst Control Center Localization Turkish
"{A5EF9152-55CC-DF0E-AEDA-98D20EC3293E}" = CCC Help Japanese
"{A952B4E1-913A-1492-A551-43EAE1D44E1D}" = Catalyst Control Center Localization Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B0524CD7-2B3F-50C1-B3AD-87457B7FF852}" = Catalyst Control Center Localization Spanish
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C359699C-2D0A-5F08-9C44-4C1A508C4990}" = CCC Help Hungarian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDA83283-8D9F-321F-5C76-AF68D3039B87}" = Catalyst Control Center Localization Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1C099EA-C28C-6593-8CE1-38F63EBD22F4}" = CCC Help Korean
"{D885CD8B-343B-271D-85EB-DFE5BE962C0D}" = Catalyst Control Center Localization Norwegian
"{DDDA0B2B-674E-A49F-6E31-184F00BDDC85}" = CCC Help Czech
"{E2430405-1983-852E-B297-4FF9207E6C16}" = CCC Help German
"{E596EC1C-4C61-2457-21B3-EDDA326E8157}" = CCC Help English
"{E64D1146-55AE-61E3-7C43-0DA16C0E4416}" = CCC Help Spanish
"{ED924786-EFE7-392D-F37C-64F4B6E19C2F}" = CCC Help Danish
"{EE174D9D-EF64-9FC7-C900-57C64F02E80D}" = Catalyst Control Center Localization Danish
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFF43C31-5F5A-574E-563C-68190FA13F0C}" = CCC Help Chinese Standard
"{F023B88F-DD32-8C85-F372-5319180597A5}" = Catalyst Control Center Localization Thai
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2912763-486E-B5D1-D0C6-BD1AE24D0C20}" = Catalyst Control Center Localization Korean
"{F2D65205-A1D0-5B53-4399-8AA39F738D9D}" = CCC Help Norwegian
"{F4ECB8B5-737F-6910-C26F-7DA94A2C0710}" = Catalyst Control Center Localization Finnish
"{F59778FB-4F31-0ADE-84C3-D7D77676A1A5}" = Catalyst Control Center Localization French
"{FAAE0782-8073-112D-BC19-12C64A2D90D9}" = Skins
"{FAC15A44-64C7-1908-CC36-83BC9A308EA9}" = Catalyst Control Center Localization German
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.5.3.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1411231321-3497987553-1682086313-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.11.2012 21:18:39 | Computer Name = Boris-PC | Source = Application Hang | ID = 1002
Description = Programm SpybotSD.exe, Version 1.6.2.46 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1514 Anfangszeit: 01cdb96120572fa2 Zeitpunkt der Beendigung:
32
Error - 02.11.2012 21:42:21 | Computer Name = Boris-PC | Source = EventSystem | ID = 4621
Description =
Error - 03.11.2012 06:54:59 | Computer Name = Boris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6000.16982, Zeitstempel
0x4b2b56f5, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc0000005, Fehleroffset 0x0003b15f, Prozess-ID 0x1064, Anwendungsstartzeit
01cdb9b063210598.
Error - 03.11.2012 07:02:21 | Computer Name = Boris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6000.16982, Zeitstempel
0x4b2b56f5, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc0000005, Fehleroffset 0x0003b15f, Prozess-ID 0x16bc, Anwendungsstartzeit
01cdb9b1af36f7e8.
Error - 03.11.2012 07:28:18 | Computer Name = Boris-PC | Source = EventSystem | ID = 4621
Description =
Error - 03.11.2012 09:40:26 | Computer Name = Boris-PC | Source = EventSystem | ID = 4621
Description =
Error - 03.11.2012 12:53:37 | Computer Name = Boris-PC | Source = EventSystem | ID = 4621
Description =
Error - 03.11.2012 13:08:42 | Computer Name = Boris-PC | Source = EventSystem | ID = 4621
Description =
Error - 03.11.2012 17:38:02 | Computer Name = Boris-PC | Source = EventSystem | ID = 4621
Description =
Error - 05.11.2012 11:21:03 | Computer Name = Boris-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 01.08.2012 14:35:29 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
2, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.08.2012 14:35:29 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
5, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.08.2012 14:35:29 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
6, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.08.2012 14:35:30 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
7, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.08.2012 14:37:30 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.08.2012 01:44:33 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
2, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 02.08.2012 01:44:33 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
5, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 02.08.2012 01:44:33 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
6, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 02.08.2012 01:44:34 | Computer Name = Boris-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
7, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 02.08.2012 01:46:32 | Computer Name = Boris-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
| Themen zu Claro nicht löschbar, auch nach mehreren Spybot Durchläufen resistent |
| administrator, aktion, antimalware, autostart, browser, claro, dateien, diverse, ergebnis, erkannt, explorer, gelöscht, geschwindigkeit, ibupdaterservice, interne, internet, internet explorer, löschbar, melde, meldet, minute, mozilla, nicht löschbar, pup.installbrain, registrierung, setzt, speicher, spybot |
Linear-Darstellung
