Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: default-search.net nicht zulöschen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.04.2014, 12:49   #1
steffiglaubi
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Hallo, ich habe bereits alles befolgt, was in diesem Thema beschrieben ist

http://www.trojaner-board.de/146735-...entfernen.html

der Befall ist jedoch nicht beseitigt. Können Sie mir bitte helfen?

Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2014/04/07 10:08:52 +0200</date>

<log>mbam-log-2014-04-07 (10-01-36).xml</log>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.00.1.1004</version>

<rules-database>v2014.04.07.05</rules-database>

<swissarmy-database>v2014.03.27.01</swissarmy-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x86</arch>

<username>Büro</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>221436</objects>

<time>434</time>

<processes>5</processes>

<modules>42</modules>

<keys>18</keys>

<values>6</values>

<datas>2</datas>

<folders>5</folders>

<files>33</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<shuriken>enabled</shuriken>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<process>

<path>C:\Program Files\Settings Manager\systemk\systemku.exe</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>delete-on-reboot</action>

<pid>2780</pid>

<hash>5a2744e31f5c3cfafac23c2732cf9d63</hash>

</process>


-<process>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\PirritDesktop.exe</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<pid>5032</pid>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</process>


-<process>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\PirritService.exe</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<pid>2164</pid>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</process>


-<process>

<path>C:\Program Files\Settings Manager\systemk\SystemkService.exe</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<pid>2648</pid>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</process>


-<process>

<path>C:\Program Files\Settings Manager\systemk\SystemkService.exe</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<pid>2756</pid>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</process>


-<module>

<path>C:\Program Files\Settings Manager\systemk\systemk.dll</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>delete-on-reboot</action>

<hash>0180e047b3c8df57ccf01350ea17fa06</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\systemk.dll</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>delete-on-reboot</action>

<hash>0180e047b3c8df57ccf01350ea17fa06</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\systemk.dll</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>delete-on-reboot</action>

<hash>0180e047b3c8df57ccf01350ea17fa06</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\systemkbho.dll</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>delete-on-reboot</action>

<hash>6a176fb84d2e1b1b6e4f6300b74a15eb</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\systemkbho.dll</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>delete-on-reboot</action>

<hash>6a176fb84d2e1b1b6e4f6300b74a15eb</hash>

</module>


-<module>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\msvcp100.dll</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</module>


-<module>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\msvcp100.dll</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</module>


-<module>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\msvcr100.dll</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</module>


-<module>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\msvcr100.dll</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</module>


-<module>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\QtCore4.dll</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</module>


-<module>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\QtCore4.dll</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</module>


-<module>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\QtNetwork4.dll</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\syskldr.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\syskldr.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\syskldr.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\syskldr.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<module>

<path>C:\Program Files\Settings Manager\systemk\syskldr.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</module>


-<key>

<path>HKLM\SOFTWARE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>success</action>

<hash>6a176fb84d2e1b1b6e4f6300b74a15eb</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>success</action>

<hash>6a176fb84d2e1b1b6e4f6300b74a15eb</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard.1</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>success</action>

<hash>6a176fb84d2e1b1b6e4f6300b74a15eb</hash>

</key>


-<key>

<path>HKU\S-1-5-21-3313896547-2878084619-875718404-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{54739D49-AC03-4C57-9264-C5195596B3A1}</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>delete-on-reboot</action>

<hash>6a176fb84d2e1b1b6e4f6300b74a15eb</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>success</action>

<hash>6a176fb84d2e1b1b6e4f6300b74a15eb</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\TYPELIB\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>success</action>

<hash>6a176fb84d2e1b1b6e4f6300b74a15eb</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\INTERFACE\{AA760BA8-5862-4BC5-9263-4452CBC0B264}</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>success</action>

<hash>6a176fb84d2e1b1b6e4f6300b74a15eb</hash>

</key>


-<key>

<path>HKU\S-1-5-21-3313896547-2878084619-875718404-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}</path>

<vendor>PUP.Optional.VBates</vendor>

<action>delete-on-reboot</action>

<hash>89f80d1a413a5adc20da818d22e0956b</hash>

</key>


-<key>

<path>HKU\S-1-5-21-3313896547-2878084619-875718404-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}</path>

<vendor>PUP.Optional.Linkey.A</vendor>

<action>delete-on-reboot</action>

<hash>9ce566c127549a9c2a3223e9768ce51b</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\SYSTEMK\General</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>success</action>

<hash>08799196f487e056cd7e431e897951af</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\SYSTEMK</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>success</action>

<hash>c8b9ee393e3dae88b29a095810f20cf4</hash>

</key>


-<key>

<path>HKU\S-1-5-21-3313896547-2878084619-875718404-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong</path>

<vendor>PUP.Optional.PriceGong.A</vendor>

<action>delete-on-reboot</action>

<hash>0f72b1767cff61d57ee6b0b9c53df40c</hash>

</key>


-<key>

<path>HKU\S-1-5-21-3313896547-2878084619-875718404-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps</path>

<vendor>PUP.Optional.ValueApps.A</vendor>

<action>delete-on-reboot</action>

<hash>443d64c3f487d16594044f20c240c838</hash>

</key>


-<key>

<path>HKU\S-1-5-21-3313896547-2878084619-875718404-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path>

<vendor>PUP.Optional.InstallCore.A</vendor>

<action>delete-on-reboot</action>

<hash>9de40a1d4f2cd56172afd29dec169f61</hash>

</key>


-<key>

<path>HKU\S-1-5-21-3313896547-2878084619-875718404-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path>

<vendor>PUP.Optional.InstallCore.A</vendor>

<action>delete-on-reboot</action>

<hash>5b26e83fa1da45f1eb74790c18eb43bd</hash>

</key>


-<key>

<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PirritDesktop</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>success</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</key>


-<key>

<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SystemkService</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>success</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Settings Manager</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>success</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</key>


-<value>

<path>HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS</path>

<valuename>{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}</valuename>

<vendor>PUP.Optional.VBates</vendor>

<action>success</action>

<valuedata>C:\Program Files\V-bates\Firefox</valuedata>

<hash>89f80d1a413a5adc20da818d22e0956b</hash>

</value>


-<value>

<path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path>

<valuename>{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}</valuename>

<vendor>PUP.Optional.VBates</vendor>

<action>success</action>

<valuedata>C:\Program Files\V-bates\Firefox</valuedata>

<hash>89f80d1a413a5adc20da818d22e0956b</hash>

</value>


-<value>

<path>HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}</path>

<valuename/>

<vendor>PUP.Optional.VBates</vendor>

<action>success</action>

<valuedata/>

<hash>d9a8a681b2c98da9c43653bbc141d42c</hash>

</value>


-<value>

<path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}</path>

<valuename/>

<vendor>PUP.Optional.VBates</vendor>

<action>success</action>

<valuedata/>

<hash>94ed7fa86318a1956d8dec22758d827e</hash>

</value>


-<value>

<path>HKLM\SOFTWARE\SYSTEMK</path>

<valuename>browser</valuename>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>success</action>

<valuedata> ie ff cr</valuedata>

<hash>c8b9ee393e3dae88b29a095810f20cf4</hash>

</value>


-<value>

<path>HKU\S-1-5-21-3313896547-2878084619-875718404-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path>

<valuename>tb</valuename>

<vendor>PUP.Optional.InstallCore.A</vendor>

<action>delete-on-reboot</action>

<valuedata>0K1M1R</valuedata>

<hash>5b26e83fa1da45f1eb74790c18eb43bd</hash>

</value>


-<data>

<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS</path>

<valuename>AppInit_DLLs</valuename>

<vendor>PUP.Optional.Datamngr.A</vendor>

<action>replaced</action>

<valuedata>C:\PROGRA~2\Wincert\WIN32C~1.DLL C:\PROGRA~1\SETTIN~1\systemk\syskldr.dll </valuedata>

<baddata>C:\PROGRA~2\Wincert\WIN32C~1.DLL</baddata>

<gooddata/>

<hash>86fb0a1da5d6a98d985b1c6c92716898</hash>

</data>


-<data>

<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS</path>

<valuename>AppInit_DLLs</valuename>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>replaced</action>

<valuedata>C:\PROGRA~2\Wincert\WIN32C~1.DLL C:\PROGRA~1\SETTIN~1\systemk\syskldr.dll </valuedata>

<baddata>C:\PROGRA~1\SETTIN~1\systemk\syskldr.dll</baddata>

<gooddata/>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</data>


-<folder>

<path>C:\ProgramData\systemk</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>success</action>

<hash>077a4bdcb2c90c2aa73b3b24be44c838</hash>

</folder>


-<folder>

<path>C:\Users\Büro\AppData\Local\DownloadGuide</path>

<vendor>PUP.Optional.DownloadGuide.A</vendor>

<action>success</action>

<hash>5c25ae79730823133da73b55e32051af</hash>

</folder>


-<folder>

<path>C:\Users\Büro\AppData\Local\DownloadGuide\Offers</path>

<vendor>PUP.Optional.DownloadGuide.A</vendor>

<action>success</action>

<hash>5c25ae79730823133da73b55e32051af</hash>

</folder>


-<folder>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</folder>


-<folder>

<path>C:\Program Files\Settings Manager\systemk</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</folder>


-<file>

<path>C:\Program Files\Settings Manager\systemk\systemku.exe</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>delete-on-reboot</action>

<hash>5a2744e31f5c3cfafac23c2732cf9d63</hash>

</file>


-<file>

<path>C:\Program Files\Settings Manager\systemk\systemk.dll</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>delete-on-reboot</action>

<hash>0180e047b3c8df57ccf01350ea17fa06</hash>

</file>


-<file>

<path>C:\Program Files\Settings Manager\systemk\systemkbho.dll</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>delete-on-reboot</action>

<hash>6a176fb84d2e1b1b6e4f6300b74a15eb</hash>

</file>


-<file>

<path>C:\ProgramData\systemk\general.cfg</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>success</action>

<hash>077a4bdcb2c90c2aa73b3b24be44c838</hash>

</file>


-<file>

<path>C:\ProgramData\systemk\coordinator.cfg</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>success</action>

<hash>077a4bdcb2c90c2aa73b3b24be44c838</hash>

</file>


-<file>

<path>C:\ProgramData\systemk\S-1-5-21-3313896547-2878084619-875718404-1000.cfg</path>

<vendor>PUP.Optional.SystemK.A</vendor>

<action>success</action>

<hash>077a4bdcb2c90c2aa73b3b24be44c838</hash>

</file>


-<file>

<path>C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\searchplugins\default-search.xml</path>

<vendor>PUP.Optional.DefaultSearch.A</vendor>

<action>success</action>

<hash>4c35b572334837fff14f09587a88fd03</hash>

</file>


-<file>

<path>C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml</path>

<vendor>PUP.Optional.DefaultSearch.A</vendor>

<action>success</action>

<hash>ee9364c381fa092d58e99dc43ac8e31d</hash>

</file>


-<file>

<path>C:\Windows\System32\roboot.exe</path>

<vendor>PUP.Optional.PCPerformer.A</vendor>

<action>success</action>

<hash>cdb44add7ffc7cba5602a0e6907354ac</hash>

</file>


-<file>

<path>C:\ProgramData\Wincert\win32cert.dll</path>

<vendor>PUP.Optional.Datamngr.A</vendor>

<action>success</action>

<hash>86fb0a1da5d6a98d985b1c6c92716898</hash>

</file>


-<file>

<path>C:\ProgramData\Wincert\win64cert.dll</path>

<vendor>PUP.Optional.Datamngr.A</vendor>

<action>success</action>

<hash>b0d1c0670b701f172cc72c5c2fd49967</hash>

</file>


-<file>

<path>C:\ProgramData\Wincert\win32prop.dll</path>

<vendor>PUP.Optional.Datamngr.A</vendor>

<action>success</action>

<hash>9de4c562116a231313e11e6a14efb050</hash>

</file>


-<file>

<path>C:\ProgramData\Wincert\win64prop.dll</path>

<vendor>PUP.Optional.Datamngr.A</vendor>

<action>success</action>

<hash>a3de35f2b8c31b1b8470aaded82b946c</hash>

</file>


-<file>

<path>C:\Users\Büro\AppData\Local\DownloadGuide\amazon.ico</path>

<vendor>PUP.Optional.DownloadGuide.A</vendor>

<action>success</action>

<hash>5c25ae79730823133da73b55e32051af</hash>

</file>


-<file>

<path>C:\Users\Büro\AppData\Local\DownloadGuide\FreeSystemUtilities.exe</path>

<vendor>PUP.Optional.DownloadGuide.A</vendor>

<action>success</action>

<hash>5c25ae79730823133da73b55e32051af</hash>

</file>


-<file>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\gd.txt</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>success</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</file>


-<file>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\msvcp100.dll</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</file>


-<file>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\msvcr100.dll</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</file>


-<file>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\PirritDesktop.exe</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</file>


-<file>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\PirritService.exe</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</file>


-<file>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\QtCore4.dll</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</file>


-<file>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\QtNetwork4.dll</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>delete-on-reboot</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</file>


-<file>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\unins000.dat</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>success</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</file>


-<file>

<path>C:\Users\Büro\AppData\Local\PirritSuggestor\unins000.exe</path>

<vendor>PUP.Optional.PirritSuggestor.A</vendor>

<action>success</action>

<hash>ea97fa2ddaa10333fc1eff5d986ab44c</hash>

</file>


-<file>

<path>C:\Program Files\Settings Manager\systemk\favicon.ico</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</file>


-<file>

<path>C:\Program Files\Settings Manager\systemk\Helper.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</file>


-<file>

<path>C:\Program Files\Settings Manager\systemk\Internet Explorer Settings.exe</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</file>


-<file>

<path>C:\Program Files\Settings Manager\systemk\sysapcrt.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</file>


-<file>

<path>C:\Program Files\Settings Manager\systemk\syskldr.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</file>


-<file>

<path>C:\Program Files\Settings Manager\systemk\syskldr_u.dll</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</file>


-<file>

<path>C:\Program Files\Settings Manager\systemk\SystemkService.exe</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</file>


-<file>

<path>C:\Program Files\Settings Manager\systemk\Uninstall.exe</path>

<vendor>PUP.Optional.SettingsManager.A</vendor>

<action>delete-on-reboot</action>

<hash>e9980b1c47345dd9cda0ca92f210b749</hash>

</file>


-<file>

<path>C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\prefs.js</path>

<vendor>PUP.Optional.Conduit.A</vendor>

<action>replaced</action>

<baddata>user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=");</baddata>

<gooddata/>

<hash>daa74fd88ceff244ee3b4ef36d9718e8</hash>

</file>

</items>

</mbam-log>
         
Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2014/04/07 12:49:24 +0200</date>

<log>mbam-log-2014-04-07 (12-43-55).xml</log>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.00.1.1004</version>

<rules-database>v2014.04.07.05</rules-database>

<swissarmy-database>v2014.03.27.01</swissarmy-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x86</arch>

<username>Büro</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>221419</objects>

<time>327</time>

<processes>0</processes>

<modules>0</modules>

<keys>0</keys>

<values>0</values>

<datas>0</datas>

<folders>0</folders>

<files>0</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<shuriken>enabled</shuriken>

<pup>enabled</pup>

<pum>enabled</pum>

</options>

<items> </items>

</mbam-log>
         
Code:
ATTFilter
<?xml version="1.0" encoding="UTF-8"?>

-<logs>

<record toVersion="2014.3.27.1" name="Rootkit Database" last_modified_tag="613e205b-e1e2-4fa9-96e4-21be3587a3f2" fromVersion="2014.2.20.1" systemname="BÜRO-PC" username="SYSTEM" type="Update" source="Manual" datetime="2014-04-07T10:00:18.418058+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2014.4.7.5" name="Malware Database" last_modified_tag="d7191609-77ae-433a-94f5-0a969532f071" fromVersion="2014.3.4.9" systemname="BÜRO-PC" username="SYSTEM" type="Update" source="Manual" datetime="2014-04-07T10:00:43.768508+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2.0.1.1004" name="program" last_modified_tag="51d81ac6-bdd6-494c-9804-73a1f63f9629" fromVersion="2.0.0.1000" systemname="BÜRO-PC" username="SYSTEM" type="Update" source="Manual" datetime="2014-04-07T10:00:57.187276+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2014.3.27.1" name="Rootkit Database" last_modified_tag="f603b692-6e33-42dd-b785-e5f2ffe84992" fromVersion="2014.2.20.1" systemname="BÜRO-PC" username="SYSTEM" type="Update" source="Manual" datetime="2014-04-07T10:01:25.561338+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2014.4.7.5" name="Malware Database" last_modified_tag="62fe0d6f-905e-4bbd-b5e6-aa95061d8363" fromVersion="2014.3.4.9" systemname="BÜRO-PC" username="SYSTEM" type="Update" source="Manual" datetime="2014-04-07T10:01:28.104143+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2.0.1.1004" name="program" last_modified_tag="50c54bca-9f30-4d8c-9047-d880e1928ff0" fromVersion="2.0.0.1000" systemname="BÜRO-PC" username="SYSTEM" type="Update" source="Manual" datetime="2014-04-07T12:18:40.417689+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2014.3.27.1" name="Rootkit Database" last_modified_tag="ab363dfb-f73c-44cf-93ed-cbcf511b25df" fromVersion="2014.2.20.1" systemname="BÜRO-PC" username="SYSTEM" type="Update" source="Manual" datetime="2014-04-07T12:18:40.691290+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2014.3.27.1" name="Rootkit Database" last_modified_tag="d05bd908-a019-46cb-a939-26b4bc8bae3f" fromVersion="2014.2.20.1" systemname="BÜRO-PC" username="SYSTEM" type="Update" source="Manual" datetime="2014-04-07T12:19:00.600125+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2014.4.7.5" name="Malware Database" last_modified_tag="fb4e8d00-90a4-42ed-9cdf-f6082ef7a862" fromVersion="2014.3.4.9" systemname="BÜRO-PC" username="SYSTEM" type="Update" source="Manual" datetime="2014-04-07T12:19:03.096129+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2014.3.27.1" name="Rootkit Database" last_modified_tag="083cc07c-f584-4f75-a4a8-51cb19a72d56" fromVersion="2014.2.20.1" systemname="BÜRO-PC" username="SYSTEM" type="Update" source="Manual" datetime="2014-04-07T12:19:32.019580+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2014.4.7.5" name="Malware Database" last_modified_tag="5cb662bd-4589-4ed5-932a-89e7710b8dfa" fromVersion="2014.3.4.9" systemname="BÜRO-PC" username="SYSTEM" type="Update" source="Manual" datetime="2014-04-07T12:19:34.515585+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2014.3.27.1" name="Rootkit Database" last_modified_tag="71ada40f-2014-4399-b335-d1afbf2ad85e" fromVersion="2014.2.20.1" systemname="BÜRO-PC" username="SYSTEM" type="Update" source="Manual" datetime="2014-04-07T12:35:46.144970+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2014.4.7.5" name="Malware Database" last_modified_tag="b390cb0a-c1d5-4932-95fa-acfea26936c3" fromVersion="2014.3.4.9" systemname="BÜRO-PC" username="SYSTEM" type="Update" source="Manual" datetime="2014-04-07T12:35:48.828175+02:00" LoggingEventType="1" severity="debug"/>

</logs>
         

Alt 07.04.2014, 12:51   #2
steffiglaubi
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 07/04/2014 um 10:16:43
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Büro - BÜRO-PC
# Gestartet von : C:\Users\Büro\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : PirritUpdater

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\wincert
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files\Pirrit
Ordner Gelöscht : C:\Program Files\Settings Manager
Ordner Gelöscht : C:\Program Files\softonic-de3
Ordner Gelöscht : C:\Program Files\Winload
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Büro\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Büro\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Büro\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Büro\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Büro\AppData\LocalLow\softonic-de3
Ordner Gelöscht : C:\Users\Büro\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\Büro\AppData\Roaming\Pirrit
Ordner Gelöscht : C:\Users\Büro\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\Conduit
Ordner Gelöscht : C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\ConduitCommon
Ordner Gelöscht : C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\ConduitEngine
Datei Gelöscht : C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\invalidprefs.js
Datei Gelöscht : C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\user.js
Datei Gelöscht : C:\Windows\Tasks\FoxTab.job
Datei Gelöscht : C:\Windows\System32\Tasks\FoxTab

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E71DBF08-CF1E-42AC-97C8-0C8620469DB1}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E71DBF08-CF1E-42AC-97C8-0C8620469DB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Wert Gelöscht : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Wert Gelöscht : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Wert Gelöscht : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader67322_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader67322_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mp3-2-wav-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mp3-2-wav-converter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{85851D5E-19F8-4C75-9D50-9EF6533C4600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{531CD8D4-35F0-4DFB-89C5-12B6A23BC843}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85851D5E-19F8-4C75-9D50-9EF6533C4600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{531CD8D4-35F0-4DFB-89C5-12B6A23BC843}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\softonic-de3
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Pirrit
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\softonic-de3
Schlüssel Gelöscht : HKLM\Software\Winload
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LanConfig
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\prefs.js ]

Zeile gelöscht : user_pref("CT2319825_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1396605713286,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2431245.CTID", "CT2431245");
Zeile gelöscht : user_pref("CT2431245.CurrentServerDate", "13-12-2010");
Zeile gelöscht : user_pref("CT2431245.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2431245.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2431245.EMailNotifierPollDate", "Mon Dec 13 2010 14:50:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedLastCount129009402595187825", 574);
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014180506963", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014269327586", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014329599698", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014537505092", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634014970726540", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015410831318", "Mon Dec 13 2010 10:55:03 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015483395460", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015636754705", "Mon Dec 13 2010 12:55:03 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015768347545", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634015855543602", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016030710453", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016114705611", "Mon Dec 13 2010 12:55:03 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016129205152", "Mon Dec 13 2010 10:55:03 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016143724791", "Mon Dec 13 2010 10:55:03 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016271239162", "Mon Dec 13 2010 10:55:03 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016568520719", "Mon Dec 13 2010 12:55:03 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634016726993788", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017109031809", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017132743740", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017299547668", "Mon Dec 13 2010 12:55:03 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017302327846", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017344111490", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017478360748", "Mon Dec 13 2010 10:55:03 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017732797593", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634017821686064", "Mon Dec 13 2010 10:55:03 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedPollDate7470634018090228721", "Mon Dec 13 2010 12:55:03 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Zeile gelöscht : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Zeile gelöscht : user_pref("CT2431245.FirstServerDate", "13-12-2010");
Zeile gelöscht : user_pref("CT2431245.FirstTime", true);
Zeile gelöscht : user_pref("CT2431245.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2431245.FirstTimeSettingsDone", true);
Zeile gelöscht : user_pref("CT2431245.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2431245.Initialize", true);
Zeile gelöscht : user_pref("CT2431245.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2431245.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT2431245.InstalledDate", "Fri Sep 03 2010 15:58:05 GMT+0200");
Zeile gelöscht : user_pref("CT2431245.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2431245.IsGrouping", false);
Zeile gelöscht : user_pref("CT2431245.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2431245.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2431245.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2431245.LanguagePackLastCheckTime", "Mon Dec 13 2010 10:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2431245.LastLogin_2.7.1.3", "Mon Dec 13 2010 10:55:01 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.LatestVersion", "2.7.2.0");
Zeile gelöscht : user_pref("CT2431245.Locale", "de-de");
Zeile gelöscht : user_pref("CT2431245.LoginCache", 4);
Zeile gelöscht : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2431245.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2431245.RadioLastCheckTime", "Mon Dec 13 2010 10:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Zeile gelöscht : user_pref("CT2431245.RadioMediaID", "20503672");
Zeile gelöscht : user_pref("CT2431245.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Zeile gelöscht : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Zeile gelöscht : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Zeile gelöscht : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2431245&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gelöscht : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=");
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Mon Dec 13 2010 10:55:02 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2431245.SearchInNewTabUserEnabled", false);
Zeile gelöscht : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2431245.SettingsLastCheckTime", "Mon Dec 13 2010 10:55:01 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.SettingsLastUpdate", "1283360208");
Zeile gelöscht : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Mon Dec 13 2010 10:55:01 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257");
Zeile gelöscht : user_pref("CT2431245.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2431245.Uninstall", true);
Zeile gelöscht : user_pref("CT2431245.UserID", "UN49006694936721257");
Zeile gelöscht : user_pref("CT2431245.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2431245.WeatherPollDate", "Mon Dec 13 2010 14:25:09 GMT+0100");
Zeile gelöscht : user_pref("CT2431245.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2431245.alertChannelId", "825452");
Zeile gelöscht : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Zeile gelöscht : user_pref("CT2431245.clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2431245.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825", "\"2246482cef9bb626b46c1bbf8bba81912\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825", "\"84df7a85bec3b2a3dd055a4bedea5adc\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b5761f23e164ca5aa8a71b6bddf4f276\"");
Zeile gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2431245,CT2319825,ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245,CT2319825");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Jun 15 2011 11:07:58 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 06 2012 10:41:47 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jul 05 2012 13:32:49 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "b7a011f8-556b-4c1c-af90-489b91299e1e");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Dec 13 2010 10:55:07 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "71101792-41c4-4bc4-816d-db4f1d07c45e");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Feb 27 2012 18:40:53 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Zeile gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Apr 14 2011 09:11:53 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.FirstServerDate", "04/04/2011 11");
Zeile gelöscht : user_pref("ConduitEngine.FirstTime", true);
Zeile gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Zeile gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("ConduitEngine.Initialize", true);
Zeile gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("ConduitEngine.InstalledDate", "Mon Apr 04 2011 10:27:29 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Apr 14 2011 09:14:06 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Apr 14 2011 12:02:09 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Apr 14 2011 12:02:07 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.UserID", "UN12200974052808156");
Zeile gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Zeile gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Zeile gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Apr 14 2011 09:14:06 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Apr 14 2011 13:02:07 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.initDone", true);
Zeile gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("extensions.booly.shopping_supporteddoms", "amazon.,ebay.,007.,0700aloeshop.,1-2-3-brille.,1-2-3-spielzeugwelt.,1-2-3.,1-days.,100champagner.,123haushalt.,123koffer.,123matratzen.,123moebel.[...]
Zeile gelöscht : user_pref("smartbar.machineId", "DYRGYA5OHZZCM8K5POYZEFTRCN5SGGSRZOXWO7JAOYPV4TZXJA9XNWWD2KFR5MGUEXEBP/6LK0MD5BVHT1I6NW");

*************************

AdwCleaner[R0].txt - [30666 octets] - [07/04/2014 10:16:14]
AdwCleaner[S0].txt - [28534 octets] - [07/04/2014 10:16:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28595 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 07/04/2014 um 10:16:14
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Büro - BÜRO-PC
# Gestartet von : C:\Users\Büro\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : PirritUpdater

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\invalidprefs.js
Datei Gefunden : C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\user.js
Datei Gefunden : C:\Windows\System32\Tasks\FoxTab
Datei Gefunden : C:\Windows\Tasks\FoxTab.job
Ordner Gefunden C:\Program Files\Ask.com
Ordner Gefunden C:\Program Files\Conduit
Ordner Gefunden C:\Program Files\PC Speed Maximizer
Ordner Gefunden C:\Program Files\Pirrit
Ordner Gefunden C:\Program Files\Settings Manager
Ordner Gefunden C:\Program Files\softonic-de3
Ordner Gefunden C:\Program Files\softonic-de3
Ordner Gefunden C:\Program Files\Winload
Ordner Gefunden C:\ProgramData\wincert
Ordner Gefunden C:\Users\Büro\AppData\Local\AskToolbar
Ordner Gefunden C:\Users\Büro\AppData\LocalLow\AskToolbar
Ordner Gefunden C:\Users\Büro\AppData\LocalLow\Conduit
Ordner Gefunden C:\Users\Büro\AppData\LocalLow\PriceGong
Ordner Gefunden C:\Users\Büro\AppData\LocalLow\softonic-de3
Ordner Gefunden C:\Users\Büro\AppData\LocalLow\softonic-de3
Ordner Gefunden C:\Users\Büro\AppData\LocalLow\Winload
Ordner Gefunden C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\Conduit
Ordner Gefunden C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\ConduitCommon
Ordner Gefunden C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\ConduitEngine
Ordner Gefunden C:\Users\Büro\AppData\Roaming\Pirrit
Ordner Gefunden C:\Users\Büro\AppData\Roaming\Systweak
Ordner Gefunden C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\softonic-de3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{531CD8D4-35F0-4DFB-89C5-12B6A23BC843}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{85851D5E-19F8-4C75-9D50-9EF6533C4600}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mp3-2-wav-converter_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mp3-2-wav-converter_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader67322_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader67322_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\FoxTab
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E71DBF08-CF1E-42AC-97C8-0C8620469DB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{531CD8D4-35F0-4DFB-89C5-12B6A23BC843}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85851D5E-19F8-4C75-9D50-9EF6533C4600}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LanConfig
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gefunden : HKLM\Software\Pirrit
Schlüssel Gefunden : HKLM\Software\softonic-de3
Schlüssel Gefunden : HKLM\Software\systweak
Schlüssel Gefunden : HKLM\Software\Winload
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Wert Gefunden : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Wert Gefunden : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Wert Gefunden : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Wert Gefunden : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Wert Gefunden : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default\prefs.js ]

Zeile gefunden : user_pref("CT2319825_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1396605713286,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gefunden : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gefunden : user_pref("CT2431245.CTID", "CT2431245");
Zeile gefunden : user_pref("CT2431245.CurrentServerDate", "13-12-2010");
Zeile gefunden : user_pref("CT2431245.DialogsAlignMode", "LTR");
Zeile gefunden : user_pref("CT2431245.DownloadReferralCookieData", "");
Zeile gefunden : user_pref("CT2431245.EMailNotifierPollDate", "Mon Dec 13 2010 14:50:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedLastCount129009402595187825", 574);
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634014180506963", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634014269327586", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634014329599698", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634014537505092", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634014970726540", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634015410831318", "Mon Dec 13 2010 10:55:03 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634015483395460", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634015636754705", "Mon Dec 13 2010 12:55:03 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634015768347545", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634015855543602", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634016030710453", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634016114705611", "Mon Dec 13 2010 12:55:03 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634016129205152", "Mon Dec 13 2010 10:55:03 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634016143724791", "Mon Dec 13 2010 10:55:03 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634016271239162", "Mon Dec 13 2010 10:55:03 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634016568520719", "Mon Dec 13 2010 12:55:03 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634016726993788", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634017109031809", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634017132743740", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634017299547668", "Mon Dec 13 2010 12:55:03 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634017302327846", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634017344111490", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634017478360748", "Mon Dec 13 2010 10:55:03 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634017732797593", "Mon Dec 13 2010 12:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634017821686064", "Mon Dec 13 2010 10:55:03 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedPollDate7470634018090228721", "Mon Dec 13 2010 12:55:03 GMT+0100");
Zeile gefunden : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Zeile gefunden : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Zeile gefunden : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Zeile gefunden : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Zeile gefunden : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Zeile gefunden : user_pref("CT2431245.FirstServerDate", "13-12-2010");
Zeile gefunden : user_pref("CT2431245.FirstTime", true);
Zeile gefunden : user_pref("CT2431245.FirstTimeFF3", true);
Zeile gefunden : user_pref("CT2431245.FirstTimeSettingsDone", true);
Zeile gefunden : user_pref("CT2431245.FixPageNotFoundErrors", true);
Zeile gefunden : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Zeile gefunden : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gefunden : user_pref("CT2431245.Initialize", true);
Zeile gefunden : user_pref("CT2431245.InitializeCommonPrefs", true);
Zeile gefunden : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Zeile gefunden : user_pref("CT2431245.InstallationType", "UnknownIntegration");
Zeile gefunden : user_pref("CT2431245.InstalledDate", "Fri Sep 03 2010 15:58:05 GMT+0200");
Zeile gefunden : user_pref("CT2431245.InvalidateCache", false);
Zeile gefunden : user_pref("CT2431245.IsGrouping", false);
Zeile gefunden : user_pref("CT2431245.IsMulticommunity", false);
Zeile gefunden : user_pref("CT2431245.IsOpenThankYouPage", false);
Zeile gefunden : user_pref("CT2431245.IsOpenUninstallPage", true);
Zeile gefunden : user_pref("CT2431245.LanguagePackLastCheckTime", "Mon Dec 13 2010 10:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Zeile gefunden : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gefunden : user_pref("CT2431245.LastLogin_2.7.1.3", "Mon Dec 13 2010 10:55:01 GMT+0100");
Zeile gefunden : user_pref("CT2431245.LatestVersion", "2.7.2.0");
Zeile gefunden : user_pref("CT2431245.Locale", "de-de");
Zeile gefunden : user_pref("CT2431245.LoginCache", 4);
Zeile gefunden : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Zeile gefunden : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gefunden : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Zeile gefunden : user_pref("CT2431245.RadioIsPodcast", false);
Zeile gefunden : user_pref("CT2431245.RadioLastCheckTime", "Mon Dec 13 2010 10:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Zeile gefunden : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Zeile gefunden : user_pref("CT2431245.RadioMediaID", "20503672");
Zeile gefunden : user_pref("CT2431245.RadioMediaType", "Media Player");
Zeile gefunden : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Zeile gefunden : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Zeile gefunden : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Zeile gefunden : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2431245&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gefunden : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Zeile gefunden : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=");
Zeile gefunden : user_pref("CT2431245.SearchInNewTabEnabled", true);
Zeile gefunden : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Zeile gefunden : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Mon Dec 13 2010 10:55:02 GMT+0100");
Zeile gefunden : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gefunden : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gefunden : user_pref("CT2431245.SearchInNewTabUserEnabled", false);
Zeile gefunden : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Zeile gefunden : user_pref("CT2431245.SettingsLastCheckTime", "Mon Dec 13 2010 10:55:01 GMT+0100");
Zeile gefunden : user_pref("CT2431245.SettingsLastUpdate", "1283360208");
Zeile gefunden : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Zeile gefunden : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Mon Dec 13 2010 10:55:01 GMT+0100");
Zeile gefunden : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257");
Zeile gefunden : user_pref("CT2431245.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gefunden : user_pref("CT2431245.Uninstall", true);
Zeile gefunden : user_pref("CT2431245.UserID", "UN49006694936721257");
Zeile gefunden : user_pref("CT2431245.WeatherNetwork", "");
Zeile gefunden : user_pref("CT2431245.WeatherPollDate", "Mon Dec 13 2010 14:25:09 GMT+0100");
Zeile gefunden : user_pref("CT2431245.WeatherUnit", "C");
Zeile gefunden : user_pref("CT2431245.alertChannelId", "825452");
Zeile gefunden : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Zeile gefunden : user_pref("CT2431245.clientLogIsEnabled", true);
Zeile gefunden : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gefunden : user_pref("CT2431245.myStuffEnabled", true);
Zeile gefunden : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Zeile gefunden : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gefunden : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Zeile gefunden : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gefunden : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825", "\"2246482cef9bb626b46c1bbf8bba81912\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", "\"0\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825", "\"84df7a85bec3b2a3dd055a4bedea5adc\"");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Zeile gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b5761f23e164ca5aa8a71b6bddf4f276\"");
Zeile gefunden : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Zeile gefunden : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Zeile gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Zeile gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Zeile gefunden : user_pref("CommunityToolbar.IsEngineShown", false);
Zeile gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Zeile gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Zeile gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Zeile gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Zeile gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2431245,CT2319825,ConduitEngine");
Zeile gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245,CT2319825");
Zeile gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Jun 15 2011 11:07:58 GMT+0200");
Zeile gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 06 2012 10:41:47 GMT+0200");
Zeile gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jul 05 2012 13:32:49 GMT+0200");
Zeile gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Zeile gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gefunden : user_pref("CommunityToolbar.alert.userId", "b7a011f8-556b-4c1c-af90-489b91299e1e");
Zeile gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Dec 13 2010 10:55:07 GMT+0100");
Zeile gefunden : user_pref("CommunityToolbar.globalUserId", "71101792-41c4-4bc4-816d-db4f1d07c45e");
Zeile gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gefunden : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Feb 27 2012 18:40:53 GMT+0100");
Zeile gefunden : user_pref("ConduitEngine.CTID", "ConduitEngine");
Zeile gefunden : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Apr 14 2011 09:11:53 GMT+0200");
Zeile gefunden : user_pref("ConduitEngine.FirstServerDate", "04/04/2011 11");
Zeile gefunden : user_pref("ConduitEngine.FirstTime", true);
Zeile gefunden : user_pref("ConduitEngine.FirstTimeFF3", true);
Zeile gefunden : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Zeile gefunden : user_pref("ConduitEngine.Initialize", true);
Zeile gefunden : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Zeile gefunden : user_pref("ConduitEngine.InstalledDate", "Mon Apr 04 2011 10:27:29 GMT+0200");
Zeile gefunden : user_pref("ConduitEngine.IsMulticommunity", false);
Zeile gefunden : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Zeile gefunden : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Zeile gefunden : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Apr 14 2011 09:14:06 GMT+0200");
Zeile gefunden : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Apr 14 2011 12:02:09 GMT+0200");
Zeile gefunden : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Zeile gefunden : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Apr 14 2011 12:02:07 GMT+0200");
Zeile gefunden : user_pref("ConduitEngine.UserID", "UN12200974052808156");
Zeile gefunden : user_pref("ConduitEngine.componentAlertEnabled", false);
Zeile gefunden : user_pref("ConduitEngine.engineLocale", "de");
Zeile gefunden : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Apr 14 2011 09:14:06 GMT+0200");
Zeile gefunden : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Apr 14 2011 13:02:07 GMT+0200");
Zeile gefunden : user_pref("ConduitEngine.initDone", true);
Zeile gefunden : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Zeile gefunden : user_pref("ConduitEngine.usagesFlag", 2);
Zeile gefunden : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Zeile gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gefunden : user_pref("extensions.booly.shopping_supporteddoms", "amazon.,ebay.,007.,0700aloeshop.,1-2-3-brille.,1-2-3-spielzeugwelt.,1-2-3.,1-days.,100champagner.,123haushalt.,123koffer.,123matratzen.,123moebel.[...]
Zeile gefunden : user_pref("smartbar.machineId", "DYRGYA5OHZZCM8K5POYZEFTRCN5SGGSRZOXWO7JAOYPV4TZXJA9XNWWD2KFR5MGUEXEBP/6LK0MD5BVHT1I6NW");

*************************

AdwCleaner[R0].txt - [30524 octets] - [07/04/2014 10:16:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [30585 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by Bro on 07.04.2014 at 10:28:10,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Bro\appdata\locallow\datamngr"



~~~ FireFox

Emptied folder: C:\Users\Bro\AppData\Roaming\mozilla\firefox\profiles\zoi7ce94.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.04.2014 at 10:30:03,50
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Shortcut Cleaner 1.3.2 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Professional Service Pack 1
Program started at: 04/07/2014 10:32:10 AM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Büro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Büro\Desktop


0 bad shortcuts found.

Program finished at: 04/07/2014 10:32:10 AM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
         
Code:
ATTFilter
OTL logfile created on: 07.04.2014 13:37:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Büro\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,80 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 62,71% Memory free
5,61 Gb Paging File | 4,25 Gb Available in Paging File | 75,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 422,26 Gb Free Space | 90,66% Space Free | Partition Type: NTFS
Drive E: | 76,33 Gb Total Space | 69,96 Gb Free Space | 91,66% Space Free | Partition Type: NTFS
 
Computer Name: BÜRO-PC | User Name: Büro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Büro\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation)
PRC - C:\Program Files\WinRST\WinRST.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (HP)
PRC - C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)
PRC - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - E:\Fusion\FotoCopy\FotoCopy.exe (Exsoft GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c233151b685c540524f87931632423a\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\Alerts.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\PLSDMXMLObjects.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\LEDMXMLObjects.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\DMBaseObjects.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\HPTools.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\de\Alerts.resources.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\de\HPAppTools.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll ()
MOD - C:\Program Files\Acronis\TrueImageHome\fox.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found
SRV - (TeamViewer9) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (WinRST) -- C:\Program Files\WinRST\WinRST.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (HP LaserJet Service) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\Windows\System32\drivers\tdrpman.sys (Acronis)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=11471&tm=307&src=ds&p={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3313896547-2878084619-875718404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=492&aid=103&itype=n&ver=11471&tm=307&src=hmp
IE - HKU\S-1-5-21-3313896547-2878084619-875718404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3313896547-2878084619-875718404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3313896547-2878084619-875718404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A DE AA C4 C3 71 CB 01  [binary data]
IE - HKU\S-1-5-21-3313896547-2878084619-875718404-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
IE - HKU\S-1-5-21-3313896547-2878084619-875718404-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=11471&tm=307&src=ds&p={searchTerms}
IE - HKU\S-1-5-21-3313896547-2878084619-875718404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3313896547-2878084619-875718404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3313896547-2878084619-875718404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=hxxp://127.0.0.1:9880
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.03.31 12:37:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.03.31 12:37:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.03.01 10:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Büro\AppData\Roaming\mozilla\Extensions
[2011.03.01 10:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Büro\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014.04.04 13:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Büro\AppData\Roaming\mozilla\Firefox\Profiles\zoi7ce94.default\extensions
[2014.04.07 09:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.04.07 09:46:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008.08.16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008.08.16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008.08.16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008.05.21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008.05.21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008.05.21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.08.16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2008.08.16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
 
O1 HOSTS File: ([2010.10.20 14:36:39 | 000,000,849 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.1.109 NPI80BA31
O2 - BHO: (Quick Time) - {91CE4C4A-4888-410C-842A-F24D0AD57A3E} - C:\Users\Büro\AppData\Roaming\QuickTime\IE\QuickTime.dll (Apple Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM1312_MFP_Series -f PQOptimizerVideo.xml -o remindLater File not found
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3313896547-2878084619-875718404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{753749FA-80AE-4759-A2D1-0104058F5704}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.04.07 13:36:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Büro\Desktop\OTL.exe
[2014.04.07 13:14:31 | 000,000,000 | ---D | C] -- C:\FRST
[2014.04.07 13:14:14 | 001,145,856 | ---- | C] (Farbar) -- C:\Users\Büro\Desktop\FRST.exe
[2014.04.07 12:34:03 | 017,523,384 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Büro\Desktop\mbam-setup-2.0.0.1000.exe
[2014.04.07 12:25:57 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Büro\Desktop\OTH.scr
[2014.04.07 12:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014.04.07 12:15:57 | 000,000,000 | ---D | C] -- C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014.04.07 12:14:07 | 000,000,000 | ---D | C] -- C:\Users\Büro\AppData\Roaming\GlarySoft
[2014.04.07 12:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller
[2014.04.07 12:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Absolute Uninstaller
[2014.04.07 10:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014.04.07 10:32:51 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Büro\Desktop\esetsmartinstaller_enu.exe
[2014.04.07 10:31:53 | 000,441,592 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Büro\Desktop\sc-cleaner.exe
[2014.04.07 10:26:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.04.07 10:26:01 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Büro\Desktop\JRT.exe
[2014.04.07 10:11:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.04.07 10:00:07 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.04.07 10:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.04.07 09:59:57 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.04.07 09:59:57 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.04.07 09:59:57 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.04.07 09:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\ Malwarebytes Anti-Malware 
[2014.04.07 09:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.04.07 09:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2014.04.07 09:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2014.04.04 13:22:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014.04.04 11:22:34 | 001,176,896 | ---- | C] (AnyProtect.com) -- C:\Users\Büro\AppData\Local\AnyProtectScannerSetup.exe
[2014.04.04 11:21:05 | 000,000,000 | ---D | C] -- C:\Users\Büro\AppData\Local\WinRST
[2014.04.04 11:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinRST
[2014.04.04 11:19:42 | 000,000,000 | ---D | C] -- C:\Users\Büro\AppData\Local\Programs
[2014.03.31 12:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.03.26 11:20:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014.03.26 11:20:18 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014.03.26 11:20:18 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.03.26 11:20:18 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.03.26 11:20:18 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014.03.26 11:20:18 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.03.26 11:20:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014.03.26 11:20:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014.03.26 11:20:17 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.03.26 11:20:16 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.03.26 11:20:16 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.03.26 11:20:14 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.03.26 11:20:14 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.03.26 11:20:14 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.03.26 11:20:14 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.03.26 11:20:14 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014.03.26 11:20:13 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014.03.26 11:20:05 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.03.26 11:20:05 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014.03.26 11:19:46 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014.03.26 11:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014.03.26 11:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014.03.24 11:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010.08.31 09:29:18 | 001,503,744 | ---- | C] (Vallen Systeme GmbH) -- C:\Program Files\jpegger.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014.04.07 13:36:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Büro\Desktop\OTL.exe
[2014.04.07 13:26:36 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.04.07 13:20:00 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\FF Watcher {6A9C9C8C-AAAD-452F-860B-235D37A44311}.job
[2014.04.07 13:14:19 | 001,145,856 | ---- | M] (Farbar) -- C:\Users\Büro\Desktop\FRST.exe
[2014.04.07 13:10:05 | 000,000,000 | ---- | M] () -- C:\Users\Büro\defogger_reenable
[2014.04.07 13:02:27 | 000,018,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.04.07 13:02:27 | 000,018,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.04.07 12:59:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.04.07 12:59:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.04.07 12:57:39 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014.04.07 12:57:39 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.04.07 12:57:39 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014.04.07 12:57:39 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.04.07 12:53:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.04.07 12:53:06 | 2257,936,384 | -HS- | M] () -- C:\hiberfil.sys
[2014.04.07 12:35:39 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.04.07 12:34:03 | 017,523,384 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Büro\Desktop\mbam-setup-2.0.0.1000.exe
[2014.04.07 12:31:20 | 248,639,150 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.04.07 12:26:09 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Büro\Desktop\OTH.scr
[2014.04.07 10:32:38 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Büro\Desktop\esetsmartinstaller_enu.exe
[2014.04.07 10:31:29 | 000,441,592 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Büro\Desktop\sc-cleaner.exe
[2014.04.07 10:26:11 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Büro\Desktop\JRT.exe
[2014.04.07 10:09:52 | 001,426,178 | ---- | M] () -- C:\Users\Büro\Desktop\adwcleaner.exe
[2014.04.07 09:46:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.04.04 12:20:32 | 000,004,157 | ---- | M] () -- C:\Windows\ULEAD32.INI
[2014.04.04 11:24:40 | 000,000,444 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014.04.04 11:23:07 | 000,000,042 | ---- | M] () -- C:\Users\Büro\AppData\Roaming\WB.CFG
[2014.04.04 10:06:21 | 000,048,234 | ---- | M] () -- C:\Users\Büro\Desktop\Report.pdf
[2014.04.04 10:05:23 | 000,057,399 | ---- | M] () -- C:\Users\Büro\Desktop\Leistungsnachweis Henze.pdf
[2014.04.04 09:33:46 | 000,000,057 | ---- | M] () -- C:\Windows\iltwain.ini
[2014.04.04 09:12:16 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014.04.03 11:08:26 | 001,176,896 | ---- | M] (AnyProtect.com) -- C:\Users\Büro\AppData\Local\AnyProtectScannerSetup.exe
[2014.04.03 09:51:14 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.04.03 09:51:00 | 000,073,432 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.04.03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.03.27 10:18:23 | 000,563,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014.04.07 13:10:05 | 000,000,000 | ---- | C] () -- C:\Users\Büro\defogger_reenable
[2014.04.07 12:27:12 | 248,639,150 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.04.07 12:18:22 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.04.07 10:11:47 | 001,426,178 | ---- | C] () -- C:\Users\Büro\Desktop\adwcleaner.exe
[2014.04.07 09:46:48 | 000,001,083 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014.04.07 09:46:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.04.04 11:23:07 | 000,000,042 | ---- | C] () -- C:\Users\Büro\AppData\Roaming\WB.CFG
[2014.04.04 11:21:31 | 000,000,444 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014.04.04 11:20:36 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\FF Watcher {6A9C9C8C-AAAD-452F-860B-235D37A44311}.job
[2014.04.04 10:07:48 | 000,048,234 | ---- | C] () -- C:\Users\Büro\Desktop\Report.pdf
[2014.04.04 10:07:47 | 000,057,399 | ---- | C] () -- C:\Users\Büro\Desktop\Leistungsnachweis Henze.pdf
[2014.03.26 11:04:01 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014.03.10 14:23:26 | 000,001,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014.03.10 14:23:26 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2011.07.18 11:12:35 | 000,364,580 | ---- | C] () -- C:\Users\Büro\Fahrzeugbrief Henze.jpeg
[2011.03.22 13:18:19 | 000,007,601 | ---- | C] () -- C:\Users\Büro\AppData\Local\Resmon.ResmonCfg
[2010.10.19 11:01:44 | 000,037,295 | ---- | C] () -- C:\Users\Büro\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2010.09.06 09:34:55 | 000,013,030 | ---- | C] () -- C:\Users\Büro\AppData\Local\PDOXUSRS.NET
[2010.08.31 09:29:18 | 000,583,061 | ---- | C] () -- C:\Program Files\JPegger.chm
[2010.08.31 09:29:18 | 000,000,111 | ---- | C] () -- C:\Program Files\AUTORUN.INF
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.07.18 11:03:55 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\AUTOonline
[2011.07.04 11:19:01 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014.04.04 09:35:01 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\Fahrzeugsystemdaten GmbH
[2011.01.03 12:12:58 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\fotobuch.de AG
[2014.04.07 12:15:37 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\GlarySoft
[2010.09.02 11:15:34 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\ICAClient
[2010.12.13 11:38:59 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\Serif
[2014.03.10 14:23:28 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\TeamViewer
[2011.03.01 10:51:26 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\Thunderbird
[2010.08.31 09:31:16 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\WordToPDF
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\Users\Büro\Fahrzeugbrief Henze.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
         
__________________


Alt 07.04.2014, 12:51   #3
steffiglaubi
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Code:
ATTFilter
OTL Extras logfile created on: 07.04.2014 13:37:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Büro\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,80 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 62,71% Memory free
5,61 Gb Paging File | 4,25 Gb Available in Paging File | 75,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 422,26 Gb Free Space | 90,66% Space Free | Partition Type: NTFS
Drive E: | 76,33 Gb Total Space | 69,96 Gb Free Space | 91,66% Space Free | Partition Type: NTFS
 
Computer Name: BÜRO-PC | User Name: Büro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
 
[HKEY_USERS\S-1-5-21-3313896547-2878084619-875718404-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0064FE5D-6F14-4F16-9143-98B2A56532B9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{02D56B66-C949-4660-99E8-555356EDB19B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{04FCE2E7-B6A5-4B86-A21C-F4418B66DD3D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0658789D-0D10-40F0-B527-D3ED1C903C32}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0AA1D356-0F56-4E22-AB54-ED829F34469A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{10A2AB70-CA1A-4536-B8EA-96193036AFD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2AE3DAA9-B9F8-492B-A14C-A56ABA0B6103}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2CB2A53E-1122-4282-A69A-C546F6A88900}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{437E3DAC-4409-435E-9474-839FB0FCDAB2}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{553F7494-502B-48A9-8A3E-4FC001C83180}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{57FA29AC-FF5A-468C-8DBC-809EDFEE7F10}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{585687B3-0ACF-41C8-80BA-8579E1F7C6C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5DCB2DBF-DC6C-41E4-B715-80DE574E21EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6544EF13-3BEC-41EA-B08C-29CECAC7D979}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{657EDCEA-A3D7-47B5-A81D-790D375AEE2F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7334C4BE-E592-4804-9D0F-D2F9282EEFCC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7D50CC37-0F01-4D3F-A844-827D588391A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{82925E8B-C343-44D9-8556-0A1DC08AEE98}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8C7B70D3-F2B7-4280-AAE8-558898C407B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8EC9E96A-4852-45D5-9058-F5684CE7B06B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9001634C-9451-42DE-A22C-B66D40CDA346}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99D7B8CD-735F-4743-9436-5621CEC3BEC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9E554E38-ABB5-4871-8774-4F6A42467F7A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A2A0ED5D-3FCA-46F4-AB0D-5E1A21C2693A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BB9907D7-B89E-497E-986B-7FB09E9CF2E3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BE5C5BD9-B6BF-4D15-A02D-AAF8A0334EA4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CBB48F39-6A85-424A-94DD-9F9F90047ECA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D2EC626F-505F-4EF8-B88C-E980064D5334}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E26455BD-2D76-4F52-BA9E-E56738368ED9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EB7DF4DB-4A24-433A-A81D-F83EE6964571}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ED71DA9B-DAEF-4334-A5F8-B7CA2DA01E9E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FFF5C91B-4C91-456C-B2A4-5FC1252ECD73}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0514E17E-17BA-40A2-8CD0-8940AF84050D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{078CAD4B-D97F-4765-B883-379D8892059C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{079EB9DD-F5DD-4B1C-AC3F-9061B653CFDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{09897A30-0F5F-4D6B-B747-61467D5B2ED7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{12109C01-380A-4844-8BB4-AB3FA2A1FF73}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{1358B309-0EFA-453E-9144-2684604F2A66}" = protocol=6 | dir=out | app=system | 
"{146BE0A3-AA09-4876-A622-3111E9B2BF34}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{148D2754-BE43-4196-85E4-822B2EAAD191}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{1D731229-5148-4F6E-9D1A-FFB6CB0BD073}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{1EC74FA9-8B7C-48A0-8B48-D93197B39976}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{205F9DD5-991C-4D04-A675-D11267654FA4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{211700B1-F2E6-41B6-9961-34BF26A5BD77}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{24108FD0-A484-42DF-9ADA-52B785BF282B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{243F9D2B-B972-4032-97AD-C14DE768F355}" = protocol=17 | dir=in | app=d:\install\german\npwadmin.exe | 
"{27817575-C689-4A28-86F2-899A3294DE2D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{29ACB22F-F6CC-466D-B9A0-0F85ACC4AC22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A271765-7BCB-4B17-918A-C7FB26E9C091}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{2B149A23-0945-407D-97DC-114D3FFFE5B0}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{2EFA623B-A186-436A-ABCF-260A06F2BFAE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{2FF4299C-F26B-4007-8D35-FDD0F1DE0CD6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{31E026CF-DCBD-4043-82E8-B96BEF0020CD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{3606471C-D5F8-4AD9-A9A8-8254FD9FCF46}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{403394DF-FEEE-4B03-AB11-F5C0E4EE4A53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4412A9FE-F5A7-4C94-93D7-8DCB04FAEE83}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4E30EE28-2544-4244-9A47-C31CD8B011A8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{53DFC753-1758-477B-984B-A63F6A082D64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{57DB38E3-ABD8-48B3-969F-A6B9DEC57ADD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5F2D0648-3507-46B0-B17D-05F48E086FD7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{63C739B8-6D77-41E2-A57D-A3B367FC90F8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{6AF10024-DC18-4076-8366-3661C296388D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{6F08FFEC-A9ED-4302-A90A-7E41D879DEC7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{758AFFC3-CB7C-4EE6-87E6-FA40D0C18093}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{7AE40F6D-3938-4340-BBC7-CDD3F23BE5B4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe | 
"{7C9CCF70-786B-4323-A6EA-AA206B9622BD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe | 
"{8DF52602-E5FB-410D-99E1-349E5878B732}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{8FDAB963-C6CB-4724-9CDD-392696B7B45C}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{9421BB8B-4D1B-4B1A-A48D-FA78623CB58E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{954F82FA-534F-4600-934D-ADF7472F1D3C}" = protocol=6 | dir=in | app=d:\install\german\npwadmin.exe | 
"{973C2EA7-3270-4725-814A-BAA3C633B68F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9F2B8346-58FE-4EB4-8EC5-6CFD4DA59B34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{A528B8A6-D948-4EBB-9E32-0C4AC69A7B60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A875BC8F-94BA-4F60-A771-004F74748943}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{AB4E435D-9E32-4B31-BC72-6A6832C92ECD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe | 
"{B158DDCE-3A89-41DD-BE09-4B90C57C25AD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{B6236BDC-1802-40D3-B8EC-8A08E954FDC3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{BA7EFEC6-A9E4-4E6A-9239-A305D8B7AC5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2574CF8-9492-4415-BEEE-E37C21C99EB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{C4557F82-F033-4F3C-9A8F-E8F23CE65F06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{C99405ED-7176-4AFE-B29C-094040CA1E1F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{DB2889AA-41C0-4A91-B603-8B112C3524B4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe | 
"{DE9ED81C-3D50-405B-86B3-D9C724D07293}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{E16288A0-FEFE-4814-A273-67BC8F3BE369}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{E32248A5-ABF7-4A03-9436-37FA9D35868B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{E5AC7E50-481A-49BB-BBA4-36FBC039B558}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{E632D316-CD8E-46EE-A455-7EF9F3452293}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{EB0B10D3-860B-4DDC-BBA7-87C7EF21BC53}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{F4E1EB90-BE25-4A11-81A4-1116A0CE7E4A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{F7EDB374-F704-47D2-9A92-39C536B81523}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FC6A2657-52A0-420E-8C58-5257D32FFBEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{0DD10F70-C250-413E-B003-50D7B73C02E5}D:\install\german\npwadmin.exe" = protocol=6 | dir=in | app=d:\install\german\npwadmin.exe | 
"TCP Query User{3A5FCAE1-D64D-4DE8-AD35-89A4F3FE49A2}E:\kues-programm\ds_support.exe" = protocol=6 | dir=in | app=e:\kues-programm\ds_support.exe | 
"TCP Query User{4A8149A5-EA1F-46FD-B5C7-4CBA9C4BC344}D:\extras\ds_support.exe" = protocol=6 | dir=in | app=d:\extras\ds_support.exe | 
"UDP Query User{21B76C96-DE4C-4A9A-9420-47999BDE0ACC}E:\kues-programm\ds_support.exe" = protocol=17 | dir=in | app=e:\kues-programm\ds_support.exe | 
"UDP Query User{8AE957F5-1126-40E8-BDED-C0356ADC2224}D:\extras\ds_support.exe" = protocol=17 | dir=in | app=d:\extras\ds_support.exe | 
"UDP Query User{A1500BAF-E94D-495D-995E-DB5420A40B22}D:\install\german\npwadmin.exe" = protocol=17 | dir=in | app=d:\install\german\npwadmin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0626C86E-5A8F-4A6D-8C0A-5FF38BD2DA3A}" = hppFaxUtilityCM1312
"{07B85EEC-05BD-4E6A-AAEB-502FB2473DFA}" = hppCLJCM1312
"{12DFECAA-63F5-11D5-981E-000374890932}" = EtaxRepo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{2D30D92F-AD5C-428F-8029-5A913104F262}" = hppTLBXFXCM1312
"{325D1D94-4F34-46A7-A489-737C801B931D}" = hppusgCM1312
"{37FFEAFA-B80A-490A-99AB-73CE998CA861}" = KÜS KE Upgrade 7.5.03
"{3D960387-76B3-4758-BAF7-D156B14A032F}" = Ulead PhotoImpact 8
"{484A13AB-A4C1-41FD-87E0-EBE2DA01250E}" = hppSendFaxCM1312
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{73182AC3-5CC3-4161-AE97-F23E09B13147}" = Vallen JPegger
"{7985C7FA-B151-4BA7-B19E-1577A7B527F1}" = hppFaxDrvCM1312
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 5.1
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1EC0453-AD15-4359-94A1-A0054399E5F4}" = KÜS KE
"{A7285D92-27EE-4D91-AB57-5EF326B572C6}" = hpzTLBXFX
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Deutsch
"{B59ACF5E-0FF7-44D2-B57D-E516F334AC2E}" = hppScanToCM1312
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{E243C06E-F368-43AD-8B8B-98AB53C4EDCD}" = FotoCopy
"{EBC3147B-36BE-4846-9A3D-0C6292B78350}" = hppPQVideoCM1312
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED498DD7-FBC1-4C67-8D9B-C9218FBC818D}" = hppManualsCM1312
"{EE676C87-F97D-42B5-81C9-B16FC857DD35}" = VALUEpilot.pro
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"7-Zip" = 7-Zip 9.20
"Absolute Uninstaller_is1" = Absolute Uninstaller 2.9.0.722
"Avira AntiVir Desktop" = Avira Free Antivirus
"Corel Applications" = Corel Applications
"ESET Online Scanner" = ESET Online Scanner v3
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"LANmonitor" = LANmonitor
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.1.1004
"Mozilla Firefox 28.0 (x86 de)" = Mozilla Firefox 28.0 (x86 de)
"Mozilla Thunderbird 24.4.0 (x86 de)" = Mozilla Thunderbird 24.4.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Revo Uninstaller" = Revo Uninstaller 1.95
"TeamViewer 9" = TeamViewer 9
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 07.04.2014 06:53:30 | Computer Name = Büro-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "System" den Befehl "chkdsk" aus.
 
Error - 07.04.2014 06:53:31 | Computer Name = Büro-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "System" den Befehl "chkdsk" aus.
 
Error - 07.04.2014 06:53:32 | Computer Name = Büro-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "System" den Befehl "chkdsk" aus.
 
Error - 07.04.2014 06:53:34 | Computer Name = Büro-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "System" den Befehl "chkdsk" aus.
 
Error - 07.04.2014 06:53:37 | Computer Name = Büro-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "System" den Befehl "chkdsk" aus.
 
Error - 07.04.2014 06:53:38 | Computer Name = Büro-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "System" den Befehl "chkdsk" aus.
 
Error - 07.04.2014 06:53:38 | Computer Name = Büro-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "System" den Befehl "chkdsk" aus.
 
Error - 07.04.2014 06:55:24 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
 
Error - 07.04.2014 06:55:24 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "WinRST" wurde nicht richtig gestartet.
 
Error - 07.04.2014 06:57:24 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
 
< End of report >
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Büro (administrator) on BÜRO-PC on 07-04-2014 13:14:50
Running from C:\Users\Büro\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP UT\bin\hppusg.exe
() C:\Program Files\WinRST\WinRST.exe
(HP) C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Exsoft GmbH) E:\Fusion\FotoCopy\FotoCopy.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8505888 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2622104 2007-12-03] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [911184 2007-12-03] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-12-03] (Acronis)
HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] - C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [2453504 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [HPUsageTracking] - C:\Program Files\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM\...\Run: [HPPQVideo] - C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe [106496 2007-05-07] (Hewlett-Packard)
HKLM\...\Run: [ToolBoxFX] - C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2009-10-22] (HP)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Lsa: [Authentication Packages] msv1_0 relog_ap
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer: http=hxxp://127.0.0.1:9880
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=492&aid=103&itype=n&ver=11471&tm=307&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9ADEAAC4C371CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=11471&tm=307&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=11471&tm=307&src=ds&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=11471&tm=307&src=ds&p={searchTerms}
BHO: Quick Time - {91CE4C4A-4888-410C-842A-F24D0AD57A3E} - C:\Users\Büro\AppData\Roaming\QuickTime\IE\QuickTime.dll (Apple Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Hosts: 192.168.1.109 NPI80BA31
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=8 - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-12-03] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-06-01] (HP)
R2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498792 2007-12-03] ()
R2 WinRST; C:\Program Files\WinRST\WinRST.exe [59904 2014-02-26] ()
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2010-10-20] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2010-10-20] (Acronis)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 13:14 - 2014-04-07 13:14 - 01145856 _____ (Farbar) C:\Users\Büro\Desktop\FRST.exe
2014-04-07 13:14 - 2014-04-07 13:14 - 00011379 _____ () C:\Users\Büro\Desktop\FRST.txt
2014-04-07 13:14 - 2014-04-07 13:14 - 00000000 ____D () C:\FRST
2014-04-07 13:10 - 2014-04-07 13:10 - 00000470 _____ () C:\Users\Büro\Downloads\defogger_disable.log
2014-04-07 13:10 - 2014-04-07 13:10 - 00000000 _____ () C:\Users\Büro\defogger_reenable
2014-04-07 13:08 - 2014-04-07 13:08 - 00050477 _____ () C:\Users\Büro\Downloads\Defogger.exe
2014-04-07 12:34 - 2014-04-07 12:34 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Büro\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-07 12:31 - 2014-04-07 12:31 - 00147392 _____ () C:\Windows\Minidump\040714-17518-01.dmp
2014-04-07 12:29 - 2014-04-07 12:29 - 00147392 _____ () C:\Windows\Minidump\040714-17440-01.dmp
2014-04-07 12:27 - 2014-04-07 12:31 - 248639150 _____ () C:\Windows\MEMORY.DMP
2014-04-07 12:27 - 2014-04-07 12:27 - 00147392 _____ () C:\Windows\Minidump\040714-20342-01.dmp
2014-04-07 12:25 - 2014-04-07 12:26 - 00259584 _____ (OldTimer Tools) C:\Users\Büro\Desktop\OTH.scr
2014-04-07 12:18 - 2014-04-07 12:35 - 00001026 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-07 12:15 - 2014-04-07 12:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Büro\Downloads\revosetup95.exe
2014-04-07 12:15 - 2014-04-07 12:15 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-07 12:14 - 2014-04-07 12:15 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\GlarySoft
2014-04-07 12:13 - 2014-04-07 12:13 - 02194784 _____ (Glarysoft.com ) C:\Users\Büro\Downloads\au29setup.exe
2014-04-07 10:32 - 2014-04-07 10:32 - 02347384 _____ (ESET) C:\Users\Büro\Downloads\esetsmartinstaller_enu.exe
2014-04-07 10:32 - 2014-04-07 10:32 - 02347384 _____ (ESET) C:\Users\Büro\Desktop\esetsmartinstaller_enu.exe
2014-04-07 10:32 - 2014-04-07 10:32 - 00001790 _____ () C:\sc-cleaner.txt
2014-04-07 10:32 - 2014-04-07 10:32 - 00000000 ____D () C:\Program Files\ESET
2014-04-07 10:31 - 2014-04-07 10:31 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Büro\Downloads\sc-cleaner.exe
2014-04-07 10:31 - 2014-04-07 10:31 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Büro\Desktop\sc-cleaner.exe
2014-04-07 10:26 - 2014-04-07 10:26 - 01016261 _____ (Thisisu) C:\Users\Büro\Desktop\JRT.exe
2014-04-07 10:26 - 2014-04-07 10:26 - 00000000 ____D () C:\Windows\ERUNT
2014-04-07 10:25 - 2014-04-07 10:25 - 01016261 _____ (Thisisu) C:\Users\Büro\Downloads\JRT.exe
2014-04-07 10:11 - 2014-04-07 10:16 - 00000000 ____D () C:\AdwCleaner
2014-04-07 10:11 - 2014-04-07 10:09 - 01426178 _____ () C:\Users\Büro\Desktop\adwcleaner.exe
2014-04-07 10:09 - 2014-04-07 10:09 - 01426178 _____ () C:\Users\Büro\Downloads\adwcleaner.exe
2014-04-07 10:00 - 2014-04-07 12:43 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 09:59 - 2014-04-07 12:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-07 09:59 - 2014-04-07 09:59 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Büro\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-07 09:59 - 2014-04-07 09:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 09:59 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-07 09:59 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-07 09:59 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-07 09:46 - 2014-04-07 09:46 - 00001071 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-04 13:22 - 2014-04-07 12:31 - 00000000 ____D () C:\Windows\Minidump
2014-04-04 11:34 - 2014-04-04 11:35 - 00013312 ___SH () C:\Users\Büro\Thumbs.db
2014-04-04 11:23 - 2014-04-04 11:23 - 00000042 _____ () C:\Users\Büro\AppData\Roaming\WB.CFG
2014-04-04 11:22 - 2014-04-03 11:08 - 01176896 _____ (AnyProtect.com) C:\Users\Büro\AppData\Local\AnyProtectScannerSetup.exe
2014-04-04 11:21 - 2014-04-04 11:24 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 11:21 - 2014-04-04 11:21 - 00000000 ____D () C:\Users\Büro\AppData\Local\WinRST
2014-04-04 11:21 - 2014-04-04 11:21 - 00000000 ____D () C:\Program Files\WinRST
2014-04-04 11:20 - 2014-04-07 12:53 - 00000280 _____ () C:\Windows\Tasks\FF Watcher {6A9C9C8C-AAAD-452F-860B-235D37A44311}.job
2014-03-31 12:37 - 2014-04-07 09:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-26 11:41 - 2014-03-26 11:41 - 29011992 _____ (Microsoft Corporation) C:\Users\Büro\Downloads\FileFormatConverters4.exe
2014-03-26 11:22 - 2013-12-21 10:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-26 11:20 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-26 11:20 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-26 11:20 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-26 11:20 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-26 11:20 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-26 11:20 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-26 11:20 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-26 11:20 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-26 11:20 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-26 11:20 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-26 11:20 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-26 11:20 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-26 11:20 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-26 11:20 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-26 11:20 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-26 11:20 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-26 11:20 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-26 11:20 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-26 11:20 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-26 11:20 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-26 11:20 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-26 11:20 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-26 11:20 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-26 11:20 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-26 11:19 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-26 11:03 - 2014-04-04 12:20 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-26 11:03 - 2014-03-26 11:03 - 00000000 ____D () C:\Program Files\Adobe
2014-03-24 13:46 - 2014-04-03 13:00 - 00199168 _____ () C:\Users\Büro\Documents\Kassenbericht 2014.xls
2014-03-24 13:46 - 2014-01-02 22:40 - 00208896 _____ () C:\Users\Büro\Documents\Kassenbericht 2013.xls
2014-03-24 11:52 - 2014-04-04 13:08 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-10 14:23 - 2014-04-04 09:12 - 00001014 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-03-10 14:23 - 2014-03-10 14:23 - 05852336 _____ (TeamViewer GmbH) C:\Users\Büro\Downloads\TeamViewer_Setup_de.exe

==================== One Month Modified Files and Folders =======

2014-04-07 13:14 - 2014-04-07 13:14 - 01145856 _____ (Farbar) C:\Users\Büro\Desktop\FRST.exe
2014-04-07 13:14 - 2014-04-07 13:14 - 00011379 _____ () C:\Users\Büro\Desktop\FRST.txt
2014-04-07 13:14 - 2014-04-07 13:14 - 00000000 ____D () C:\FRST
2014-04-07 13:10 - 2014-04-07 13:10 - 00000470 _____ () C:\Users\Büro\Downloads\defogger_disable.log
2014-04-07 13:10 - 2014-04-07 13:10 - 00000000 _____ () C:\Users\Büro\defogger_reenable
2014-04-07 13:10 - 2010-07-16 11:23 - 00000000 ____D () C:\Users\Büro
2014-04-07 13:08 - 2014-04-07 13:08 - 00050477 _____ () C:\Users\Büro\Downloads\Defogger.exe
2014-04-07 13:02 - 2009-07-14 06:34 - 00018352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 13:02 - 2009-07-14 06:34 - 00018352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 12:59 - 2010-12-13 13:49 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 12:59 - 2010-12-13 13:49 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 12:58 - 2010-07-16 11:22 - 01625457 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 12:57 - 2009-09-30 08:19 - 01480666 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 12:53 - 2014-04-04 11:20 - 00000280 _____ () C:\Windows\Tasks\FF Watcher {6A9C9C8C-AAAD-452F-860B-235D37A44311}.job
2014-04-07 12:53 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 12:53 - 2009-07-14 06:39 - 00126201 _____ () C:\Windows\setupact.log
2014-04-07 12:43 - 2014-04-07 10:00 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 12:35 - 2014-04-07 12:18 - 00001026 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-07 12:35 - 2014-04-07 09:59 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-07 12:34 - 2014-04-07 12:34 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Büro\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-07 12:31 - 2014-04-07 12:31 - 00147392 _____ () C:\Windows\Minidump\040714-17518-01.dmp
2014-04-07 12:31 - 2014-04-07 12:27 - 248639150 _____ () C:\Windows\MEMORY.DMP
2014-04-07 12:31 - 2014-04-04 13:22 - 00000000 ____D () C:\Windows\Minidump
2014-04-07 12:29 - 2014-04-07 12:29 - 00147392 _____ () C:\Windows\Minidump\040714-17440-01.dmp
2014-04-07 12:27 - 2014-04-07 12:27 - 00147392 _____ () C:\Windows\Minidump\040714-20342-01.dmp
2014-04-07 12:26 - 2014-04-07 12:25 - 00259584 _____ (OldTimer Tools) C:\Users\Büro\Desktop\OTH.scr
2014-04-07 12:15 - 2014-04-07 12:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Büro\Downloads\revosetup95.exe
2014-04-07 12:15 - 2014-04-07 12:15 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-07 12:15 - 2014-04-07 12:14 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\GlarySoft
2014-04-07 12:13 - 2014-04-07 12:13 - 02194784 _____ (Glarysoft.com ) C:\Users\Büro\Downloads\au29setup.exe
2014-04-07 12:03 - 2010-09-07 12:59 - 00000000 ____D () C:\Users\Büro\Documents\Spesenabrechung
2014-04-07 12:02 - 2010-09-07 13:00 - 00000000 ____D () C:\Users\Büro\Documents\Schriftverkehr allg
2014-04-07 10:32 - 2014-04-07 10:32 - 02347384 _____ (ESET) C:\Users\Büro\Downloads\esetsmartinstaller_enu.exe
2014-04-07 10:32 - 2014-04-07 10:32 - 02347384 _____ (ESET) C:\Users\Büro\Desktop\esetsmartinstaller_enu.exe
2014-04-07 10:32 - 2014-04-07 10:32 - 00001790 _____ () C:\sc-cleaner.txt
2014-04-07 10:32 - 2014-04-07 10:32 - 00000000 ____D () C:\Program Files\ESET
2014-04-07 10:31 - 2014-04-07 10:31 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Büro\Downloads\sc-cleaner.exe
2014-04-07 10:31 - 2014-04-07 10:31 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Büro\Desktop\sc-cleaner.exe
2014-04-07 10:26 - 2014-04-07 10:26 - 01016261 _____ (Thisisu) C:\Users\Büro\Desktop\JRT.exe
2014-04-07 10:26 - 2014-04-07 10:26 - 00000000 ____D () C:\Windows\ERUNT
2014-04-07 10:25 - 2014-04-07 10:25 - 01016261 _____ (Thisisu) C:\Users\Büro\Downloads\JRT.exe
2014-04-07 10:17 - 2010-08-27 12:11 - 00199094 _____ () C:\Windows\PFRO.log
2014-04-07 10:16 - 2014-04-07 10:11 - 00000000 ____D () C:\AdwCleaner
2014-04-07 10:10 - 2012-07-06 10:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-07 10:10 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-04-07 10:09 - 2014-04-07 10:11 - 01426178 _____ () C:\Users\Büro\Desktop\adwcleaner.exe
2014-04-07 10:09 - 2014-04-07 10:09 - 01426178 _____ () C:\Users\Büro\Downloads\adwcleaner.exe
2014-04-07 09:59 - 2014-04-07 09:59 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Büro\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-07 09:59 - 2014-04-07 09:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 09:46 - 2014-04-07 09:46 - 00001071 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-07 09:46 - 2014-03-31 12:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-04 13:50 - 2013-12-09 13:28 - 00000000 ____D () C:\Users\Büro\Documents\Schriftverkehr 2014
2014-04-04 13:50 - 2010-09-07 12:58 - 00000000 ____D () C:\Users\Büro\Documents\Deckblätter
2014-04-04 13:08 - 2014-03-24 11:52 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-04 12:20 - 2014-03-26 11:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-04 12:20 - 2010-10-20 11:47 - 00004157 _____ () C:\Windows\ULEAD32.INI
2014-04-04 12:00 - 2011-04-20 12:47 - 00032640 _____ () C:\fpRedmon.log
2014-04-04 12:00 - 2010-09-07 10:10 - 00000000 ____D () C:\ProgramData\FreePDF
2014-04-04 11:35 - 2014-04-04 11:34 - 00013312 ___SH () C:\Users\Büro\Thumbs.db
2014-04-04 11:24 - 2014-04-04 11:21 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 11:23 - 2014-04-04 11:23 - 00000042 _____ () C:\Users\Büro\AppData\Roaming\WB.CFG
2014-04-04 11:21 - 2014-04-04 11:21 - 00000000 ____D () C:\Users\Büro\AppData\Local\WinRST
2014-04-04 11:21 - 2014-04-04 11:21 - 00000000 ____D () C:\Program Files\WinRST
2014-04-04 11:21 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-04 09:35 - 2012-06-01 09:53 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\Fahrzeugsystemdaten GmbH
2014-04-04 09:33 - 2010-08-30 09:53 - 00000057 _____ () C:\Windows\iltwain.ini
2014-04-04 09:12 - 2014-03-10 14:23 - 00001014 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-03 13:00 - 2014-03-24 13:46 - 00199168 _____ () C:\Users\Büro\Documents\Kassenbericht 2014.xls
2014-04-03 13:00 - 2010-09-07 13:00 - 00026112 _____ () C:\Users\Büro\Documents\Geldzähler.xls
2014-04-03 11:08 - 2014-04-04 11:22 - 01176896 _____ (AnyProtect.com) C:\Users\Büro\AppData\Local\AnyProtectScannerSetup.exe
2014-04-03 09:51 - 2014-04-07 09:59 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-07 09:59 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-07 09:59 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 13:07 - 2010-09-07 13:00 - 00000000 ____D () C:\Users\Büro\Documents\Schwacke
2014-03-31 12:37 - 2011-04-20 14:14 - 00000000 ____D () C:\Users\Büro\Documents\Arbeitsvertrag & Betreibseigentum
2014-03-27 14:45 - 2010-09-07 13:00 - 00000000 ____D () C:\Users\Büro\Documents\Tourenpläne Mitarbeiter
2014-03-27 13:16 - 2010-07-16 12:22 - 00154680 _____ () C:\Users\Büro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-27 10:18 - 2009-07-14 06:33 - 00563120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-26 12:32 - 2010-10-20 10:28 - 00000000 ____D () C:\ProgramData\Acronis
2014-03-26 11:44 - 2010-07-12 09:30 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-26 11:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-26 11:41 - 2014-03-26 11:41 - 29011992 _____ (Microsoft Corporation) C:\Users\Büro\Downloads\FileFormatConverters4.exe
2014-03-26 11:36 - 2012-01-17 14:15 - 00000000 ____D () C:\Users\Büro\Documents\Fahrzeugbriefe
2014-03-26 11:22 - 2013-12-09 11:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-26 11:20 - 2010-08-27 12:09 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-26 11:04 - 2013-10-04 09:06 - 00000000 ____D () C:\Users\Büro\AppData\Local\Adobe
2014-03-26 11:03 - 2014-03-26 11:03 - 00000000 ____D () C:\Program Files\Adobe
2014-03-26 11:03 - 2012-11-21 15:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-25 15:35 - 2013-01-04 11:42 - 00000000 ____D () C:\Users\Büro\Documents\Schriftverkehr 2013
2014-03-24 12:01 - 2010-09-07 13:00 - 00000000 ____D () C:\Users\Büro\Documents\Urlaub
2014-03-14 11:44 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-10 14:23 - 2014-03-10 14:23 - 05852336 _____ (TeamViewer GmbH) C:\Users\Büro\Downloads\TeamViewer_Setup_de.exe
2014-03-10 14:23 - 2010-09-06 11:40 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\TeamViewer
2014-03-10 13:39 - 2010-09-13 12:51 - 00000000 ____D () C:\Program Files\TeamViewer

Some content of TEMP:
====================
C:\Users\Büro\AppData\Local\Temp\AMPing.exe
C:\Users\Büro\AppData\Local\Temp\avgnt.exe
C:\Users\Büro\AppData\Local\Temp\InstallManager_BAB_BAB.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 01:05

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Büro at 2014-04-07 13:15:42
Running from C:\Users\Büro\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Absolute Uninstaller 2.9.0.722 (HKLM\...\Absolute Uninstaller_is1) (Version:  - Glarysoft.com)
Acronis True Image Home (HKLM\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8064 - Acronis)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Citrix XenApp Web Plugin (HKLM\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Applications (HKLM\...\Corel Applications) (Version:  - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
EasyCleaner (HKLM\...\{F5346614-B7C4-4E94-826A-E2363155233D}) (Version: 2.0.6.380 - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
EtaxRepo (HKLM\...\{12DFECAA-63F5-11D5-981E-000374890932}) (Version: 2.00.0000 - Schwacke-Bewertung GmbH & Co. KG)
FotoCopy (HKLM\...\{E243C06E-F368-43AD-8B8B-98AB53C4EDCD}) (Version: 1.00.0000 - exsoft Software Design)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
HP Color LaserJet CM1312 MFP Series 5.1 (HKLM\...\{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}) (Version: 5.1 - HP)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
hppCLJCM1312 (Version: 005.001.00142 - Hewlett-Packard) Hidden
hppFaxDrvCM1312 (Version: 005.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityCM1312 (Version: 005.001.00137 - Ihr Firmenname) Hidden
hppFonts (Version: 001.001.00061 - Hewlett-Packard) Hidden
hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppManualsCM1312 (Version: 005.001.00145 - Ihr Firmenname) Hidden
hppPQVideoCM1312 (Version: 005.001.00142 - Ihr Firmenname) Hidden
hppQFolderCM1312 (Version: 1.00.0000 - Hewlett-Packard) Hidden
hppScanToCM1312 (Version: 005.001.00140 - Ihr Firmenname) Hidden
hppSendFaxCM1312 (Version: 005.000.00001 - Ihr Firmenname) Hidden
hppTLBXFXCM1312 (Version: 001.017.00050 - Hewlett-Packard) Hidden
hppusgCM1312 (Version: 1.1.0.1 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
hpzTLBXFX (Version: 005.003.00171 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Java Auto Updater (Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
KÜS KE (HKLM\...\{A1EC0453-AD15-4359-94A1-A0054399E5F4}) (Version: 7.1.08 - DSW GmbH)
KÜS KE Upgrade 7.5.03 (HKLM\...\{37FFEAFA-B80A-490A-99AB-73CE998CA861}) (Version: 7.5.03 - DSW GmbH)
LANmonitor (HKLM\...\LANmonitor) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Ulead PhotoImpact 8 (HKLM\...\{3D960387-76B3-4758-BAF7-D156B14A032F}) (Version: 8.0 - Ulead System)
Vallen JPegger (HKLM\...\{73182AC3-5CC3-4161-AE97-F23E09B13147}) (Version: V5.62 (Build: 9.1221) - Vallen Systeme GmbH)
VALUEpilot.pro (HKLM\...\{EE676C87-F97D-42B5-81C9-B16FC857DD35}) (Version: 5.4.0.362 - AUTOonline GmbH Informationssysteme)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}) (Version: 17.0.10283 - WinZip Computing, S.L. )

==================== Restore Points  =========================

26-03-2014 08:59:47 Removed Adobe Reader XI (11.0.06) - Deutsch.
26-03-2014 09:17:36 Removed Adobe Reader XI (11.0.06) - Deutsch.
26-03-2014 09:20:20 Windows Update
26-03-2014 09:42:41 Compatibility Pack für 2007 Office System wird entfernt
26-03-2014 09:43:26 Microsoft Office Live Add-in 1.5 wird entfernt
26-03-2014 09:43:42 Microsoft Office Outlook 2003 wird entfernt
26-03-2014 09:45:39 Compatibility Pack für 2007 Office System wird installiert
26-03-2014 09:48:12 Compatibility Pack für 2007 Office System wird installiert
02-04-2014 07:04:27 Windows Update
04-04-2014 07:14:02 Windows Update
04-04-2014 09:25:02 Compatibility Pack für 2007 Office System wird entfernt
04-04-2014 10:24:39 Microsoft Office Live Add-in 1.5 wird entfernt
04-04-2014 11:16:56 Compatibility Pack für 2007 Office System wird installiert
07-04-2014 07:38:39 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2010-10-20 14:36 - 00000849 ____A C:\Windows\system32\Drivers\etc\hosts
192.168.1.109 NPI80BA31

==================== Scheduled Tasks (whitelisted) =============

Task: {2D69710B-37CA-4C68-86FE-1D261FE50807} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {62A03F21-E15B-4165-8596-77374EBCB0E6} - System32\Tasks\{B54CD2E8-9156-4A83-833A-9F72C2420964} => E:\Bilder\Fotos\Eingang\Disk0\setup.exe
Task: {7A8248C1-E886-443C-9381-4EEEC327E1B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {7E2C9B4A-368C-44F1-A399-65DC5F8361B0} - System32\Tasks\FF Watcher {6A9C9C8C-AAAD-452F-860B-235D37A44311} => C:\Program Files\V-bates\PrefHelper.exe
Task: {939952EF-F726-490D-AE01-51172667F933} - System32\Tasks\{961933A9-7B4D-4596-86A0-B975F4F83F29} => C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14] (Hewlett-Packard Co.)
Task: {9E0F155C-4615-441A-A54E-0A7F1CBD7B5F} - System32\Tasks\{652ADFCC-90BE-4FB2-8094-85176C69293E} => E:\EtaxRepo\exe\EtaxRepo.EXE
Task: {DFD20A4B-AEB9-4F86-A2A8-360437873A25} - System32\Tasks\{3FA3F7B0-378E-4EB6-AB25-0AFE5128816C} => C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\FF Watcher {6A9C9C8C-AAAD-452F-860B-235D37A44311}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-09-07 10:10 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2012-10-17 09:44 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2007-12-03 11:26 - 2007-12-03 11:26 - 00498792 _____ () C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2007-12-03 10:58 - 2007-12-03 10:58 - 01336600 _____ () C:\Program Files\Acronis\TrueImageHome\fox.dll
2014-04-04 11:21 - 2014-02-26 17:42 - 00059904 _____ () C:\Program Files\WinRST\WinRST.exe
2009-10-22 09:26 - 2009-10-22 09:26 - 00061440 _____ () C:\Program Files\HP\ToolboxFX\bin\HPTools.dll
2009-10-22 09:26 - 2009-10-22 09:26 - 00069632 _____ () C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll
2009-10-22 09:26 - 2009-10-22 09:26 - 00069632 _____ () C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll
2009-10-22 09:26 - 2009-10-22 09:26 - 00516096 _____ () C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll
2009-10-22 09:26 - 2009-10-22 09:26 - 00130560 _____ () C:\Program Files\HP\ToolboxFX\bin\DMBaseObjects.dll
2009-10-22 09:26 - 2009-10-22 09:26 - 00840192 _____ () C:\Program Files\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
2009-10-22 09:26 - 2009-10-22 09:26 - 00674816 _____ () C:\Program Files\HP\ToolboxFX\bin\LEDMXMLObjects.dll
2009-10-22 09:26 - 2009-10-22 09:26 - 00086016 _____ () C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll
2009-10-22 09:26 - 2009-10-22 09:26 - 00835584 _____ () C:\Program Files\HP\ToolboxFX\bin\Alerts.dll
2009-10-14 16:24 - 2009-10-14 16:24 - 00221184 _____ () C:\Program Files\HP\ToolboxFX\bin\de\HPAppTools.resources.dll
2009-10-14 16:24 - 2009-10-14 16:24 - 00507904 _____ () C:\Program Files\HP\ToolboxFX\bin\de\Alerts.resources.dll
2009-10-15 08:25 - 2009-10-15 08:25 - 00364544 _____ () C:\Program Files\HP\ToolboxFX\bin\nativeutils.dll
2014-04-07 09:46 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Büro\Fahrzeugbrief Henze.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Büro\Fahrzeugbrief Henze.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (04/07/2014 00:57:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/07/2014 00:55:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinRST" wurde nicht richtig gestartet.

Error: (04/07/2014 00:55:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.

Error: (04/07/2014 00:53:38 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "System" den Befehl "chkdsk" aus.

Error: (04/07/2014 00:53:38 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "System" den Befehl "chkdsk" aus.

Error: (04/07/2014 00:53:37 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "System" den Befehl "chkdsk" aus.

Error: (04/07/2014 00:53:34 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "System" den Befehl "chkdsk" aus.

Error: (04/07/2014 00:53:32 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "System" den Befehl "chkdsk" aus.

Error: (04/07/2014 00:53:31 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "System" den Befehl "chkdsk" aus.

Error: (04/07/2014 00:53:30 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "System" den Befehl "chkdsk" aus.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 2871.12 MB
Available physical RAM: 1818.4 MB
Total Pagefile: 5740.52 MB
Available Pagefile: 4368.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.66 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:465.76 GB) (Free:422.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Volume) (Fixed) (Total:76.33 GB) (Free:69.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 73DBFC58)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 76 GB) (Disk ID: D4ADA3ED)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 07.04.2014, 12:55   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Zitat:
Computer Name: BÜRO-PC | User Name: Büro | Logged in as Administrator.
Büro-PC?
Gewerblich genutzter Rechner in einem Firmen-Büro?
Solche Rechner bereinigen wir *eigentlich* nicht, denn dafür ist die EDV-Abteilung der Firma zuständig.

Hast du auch mal daran gedacht, dass sensible Kundendaten in den Logs stehen könnten?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.04.2014, 12:58   #5
steffiglaubi
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Ich habe es in dem Punkt Thema erstellen gelesen. Da stand allerding auch, dass man bei kleinen Firmen ohne EDV Abteilung eine Ausnahme machen würde. Könnten Sie mir bitte helfen?


Alt 07.04.2014, 13:00   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Ja, und warum überliest jeder, dass sensible Kundendaten in den Logs stehen könnten?
Keiner der Hilfesuchenden mit Firmenrechner äußert sich zu diesem Thema, ich finde das irgendwie erschreckend, oder täusche ich mich da, dass es mit dem Datenschutz nicht so eng gesehen wird?
Da steht übrigens auch, dass man im Eröffnungsposting mitteilen sollte, dass es um einen Firmen-PC geht.
__________________
--> default-search.net nicht zulöschen

Alt 07.04.2014, 13:07   #7
steffiglaubi
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Ja stimmt, dass steht da, dass man es mitteilen soll. das haben ich unter den ganzen einfügungen vergessen. Ich bitte um Entschuldigung.

Datenschutz: Ich kenne mich leider nicht genug mit dem LOG-Files aus, daher kann ich nicht beurteilen, was man an Kundendaten preis gibt, aber wir haben die meisten Daten in einem Programm und ich bin davon ausgegangen, dass diese nicht einzusehen sind. Weitere Daten sind nur Anschriften und evtl. Telefonnummern, diese sind jedoch in den meisten Fällen auch zu googlen. Wenn ich dazu naiv bin und ich da vollkommen falsch liege, bitte ich darum das Thema einfach zu löschen und ich muss dann meinen Rechner in professiolle Hände geben.

Alt 07.04.2014, 13:24   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Es könnte sein, dass zB Namen von Kunden in Dateinamen von Officedokumenten enthalten sind und diese dann auch im Log auftauchen.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyServer: http=hxxp://127.0.0.1:9880
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=492&aid=103&itype=n&ver=11471&tm=307&src=hmp
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=103&itype=n&ver=11471&tm=307&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=103&itype=n&ver=11471&tm=307&src=ds&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=103&itype=n&ver=11471&tm=307&src=ds&p={searchTerms}
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.04.2014, 13:31   #9
steffiglaubi
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Vielen Dank für die Hilfe.

nach dem Klicken des Fix-Buttons ist der PC heruntergefahren.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Büro at 2014-04-07 14:27:25 Run:1
Running from C:\Users\Büro\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyServer: http=hxxp://127.0.0.1:9880
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=492&aid=103&itype=n&ver=11471&tm=307&src=hmp
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=11471&tm=307&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=11471&tm=307&src=ds&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=11471&tm=307&src=ds&p={searchTerms}
         
*****************

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found.


The system needed a reboot. 

==== End of Fixlog ====
         

Alt 07.04.2014, 13:32   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Ok, neues FRST Log bitte
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.04.2014, 13:34   #11
steffiglaubi
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Büro (administrator) on BÜRO-PC on 07-04-2014 14:32:56
Running from C:\Users\Büro\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files\WinRST\WinRST.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP UT\bin\hppusg.exe
(HP) C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Exsoft GmbH) E:\Fusion\FotoCopy\FotoCopy.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8505888 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2622104 2007-12-03] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [911184 2007-12-03] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-12-03] (Acronis)
HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] - C:\Program Files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [2453504 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [HPUsageTracking] - C:\Program Files\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM\...\Run: [HPPQVideo] - C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe [106496 2007-05-07] (Hewlett-Packard)
HKLM\...\Run: [ToolBoxFX] - C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2009-10-22] (HP)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Lsa: [Authentication Packages] msv1_0 relog_ap

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9ADEAAC4C371CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Quick Time - {91CE4C4A-4888-410C-842A-F24D0AD57A3E} - C:\Users\Büro\AppData\Roaming\QuickTime\IE\QuickTime.dll (Apple Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Hosts: 192.168.1.109 NPI80BA31
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\zoi7ce94.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=8 - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-12-03] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-06-01] (HP)
R2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498792 2007-12-03] ()
R2 WinRST; C:\Program Files\WinRST\WinRST.exe [59904 2014-02-26] ()
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2010-10-20] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2010-10-20] (Acronis)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 14:32 - 2014-04-07 14:32 - 00009966 _____ () C:\Users\Büro\Desktop\FRST.txt
2014-04-07 13:36 - 2014-04-07 13:36 - 00602112 _____ (OldTimer Tools) C:\Users\Büro\Desktop\OTL.exe
2014-04-07 13:14 - 2014-04-07 14:32 - 00000000 ____D () C:\FRST
2014-04-07 13:14 - 2014-04-07 13:14 - 01145856 _____ (Farbar) C:\Users\Büro\Desktop\FRST.exe
2014-04-07 13:10 - 2014-04-07 13:10 - 00000470 _____ () C:\Users\Büro\Downloads\defogger_disable.log
2014-04-07 13:10 - 2014-04-07 13:10 - 00000000 _____ () C:\Users\Büro\defogger_reenable
2014-04-07 13:08 - 2014-04-07 13:08 - 00050477 _____ () C:\Users\Büro\Downloads\Defogger.exe
2014-04-07 12:34 - 2014-04-07 12:34 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Büro\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-07 12:31 - 2014-04-07 12:31 - 00147392 _____ () C:\Windows\Minidump\040714-17518-01.dmp
2014-04-07 12:29 - 2014-04-07 12:29 - 00147392 _____ () C:\Windows\Minidump\040714-17440-01.dmp
2014-04-07 12:27 - 2014-04-07 12:31 - 248639150 _____ () C:\Windows\MEMORY.DMP
2014-04-07 12:27 - 2014-04-07 12:27 - 00147392 _____ () C:\Windows\Minidump\040714-20342-01.dmp
2014-04-07 12:25 - 2014-04-07 12:26 - 00259584 _____ (OldTimer Tools) C:\Users\Büro\Desktop\OTH.scr
2014-04-07 12:18 - 2014-04-07 12:35 - 00001026 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-07 12:15 - 2014-04-07 12:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Büro\Downloads\revosetup95.exe
2014-04-07 12:15 - 2014-04-07 12:15 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-07 12:14 - 2014-04-07 12:15 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\GlarySoft
2014-04-07 12:13 - 2014-04-07 12:13 - 02194784 _____ (Glarysoft.com ) C:\Users\Büro\Downloads\au29setup.exe
2014-04-07 10:32 - 2014-04-07 10:32 - 02347384 _____ (ESET) C:\Users\Büro\Downloads\esetsmartinstaller_enu.exe
2014-04-07 10:32 - 2014-04-07 10:32 - 02347384 _____ (ESET) C:\Users\Büro\Desktop\esetsmartinstaller_enu.exe
2014-04-07 10:32 - 2014-04-07 10:32 - 00001790 _____ () C:\sc-cleaner.txt
2014-04-07 10:32 - 2014-04-07 10:32 - 00000000 ____D () C:\Program Files\ESET
2014-04-07 10:31 - 2014-04-07 10:31 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Büro\Downloads\sc-cleaner.exe
2014-04-07 10:31 - 2014-04-07 10:31 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Büro\Desktop\sc-cleaner.exe
2014-04-07 10:30 - 2014-04-07 10:30 - 00000987 _____ () C:\Users\Büro\Desktop\JRT.txt
2014-04-07 10:26 - 2014-04-07 10:26 - 01016261 _____ (Thisisu) C:\Users\Büro\Desktop\JRT.exe
2014-04-07 10:26 - 2014-04-07 10:26 - 00000000 ____D () C:\Windows\ERUNT
2014-04-07 10:25 - 2014-04-07 10:25 - 01016261 _____ (Thisisu) C:\Users\Büro\Downloads\JRT.exe
2014-04-07 10:11 - 2014-04-07 10:16 - 00000000 ____D () C:\AdwCleaner
2014-04-07 10:11 - 2014-04-07 10:09 - 01426178 _____ () C:\Users\Büro\Desktop\adwcleaner.exe
2014-04-07 10:09 - 2014-04-07 10:09 - 01426178 _____ () C:\Users\Büro\Downloads\adwcleaner.exe
2014-04-07 10:00 - 2014-04-07 13:26 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 09:59 - 2014-04-07 12:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-07 09:59 - 2014-04-07 09:59 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Büro\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-07 09:59 - 2014-04-07 09:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 09:59 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-07 09:59 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-07 09:59 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-07 09:46 - 2014-04-07 09:46 - 00001071 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-04 13:22 - 2014-04-07 12:31 - 00000000 ____D () C:\Windows\Minidump
2014-04-04 11:34 - 2014-04-04 11:35 - 00013312 ___SH () C:\Users\Büro\Thumbs.db
2014-04-04 11:23 - 2014-04-04 11:23 - 00000042 _____ () C:\Users\Büro\AppData\Roaming\WB.CFG
2014-04-04 11:22 - 2014-04-03 11:08 - 01176896 _____ (AnyProtect.com) C:\Users\Büro\AppData\Local\AnyProtectScannerSetup.exe
2014-04-04 11:21 - 2014-04-07 14:28 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-04 11:21 - 2014-04-04 11:21 - 00000000 ____D () C:\Users\Büro\AppData\Local\WinRST
2014-04-04 11:21 - 2014-04-04 11:21 - 00000000 ____D () C:\Program Files\WinRST
2014-04-04 11:20 - 2014-04-07 14:28 - 00000280 _____ () C:\Windows\Tasks\FF Watcher {6A9C9C8C-AAAD-452F-860B-235D37A44311}.job
2014-03-31 12:37 - 2014-04-07 09:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-26 11:41 - 2014-03-26 11:41 - 29011992 _____ (Microsoft Corporation) C:\Users\Büro\Downloads\FileFormatConverters4.exe
2014-03-26 11:22 - 2013-12-21 10:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-26 11:20 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-26 11:20 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-26 11:20 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-26 11:20 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-26 11:20 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-26 11:20 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-26 11:20 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-26 11:20 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-26 11:20 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-26 11:20 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-26 11:20 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-26 11:20 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-26 11:20 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-26 11:20 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-26 11:20 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-26 11:20 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-26 11:20 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-26 11:20 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-26 11:20 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-26 11:20 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-26 11:20 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-26 11:20 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-26 11:20 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-26 11:20 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-26 11:19 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-26 11:03 - 2014-04-04 12:20 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-26 11:03 - 2014-03-26 11:03 - 00000000 ____D () C:\Program Files\Adobe
2014-03-24 13:46 - 2014-04-03 13:00 - 00199168 _____ () C:\Users\Büro\Documents\Kassenbericht 2014.xls
2014-03-24 13:46 - 2014-01-02 22:40 - 00208896 _____ () C:\Users\Büro\Documents\Kassenbericht 2013.xls
2014-03-24 11:52 - 2014-04-04 13:08 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-10 14:23 - 2014-04-04 09:12 - 00001014 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-03-10 14:23 - 2014-03-10 14:23 - 05852336 _____ (TeamViewer GmbH) C:\Users\Büro\Downloads\TeamViewer_Setup_de.exe

==================== One Month Modified Files and Folders =======

2014-04-07 14:33 - 2014-04-07 14:32 - 00009966 _____ () C:\Users\Büro\Desktop\FRST.txt
2014-04-07 14:32 - 2014-04-07 13:14 - 00000000 ____D () C:\FRST
2014-04-07 14:32 - 2009-09-30 08:19 - 01480666 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 14:28 - 2014-04-04 11:21 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-07 14:28 - 2014-04-04 11:20 - 00000280 _____ () C:\Windows\Tasks\FF Watcher {6A9C9C8C-AAAD-452F-860B-235D37A44311}.job
2014-04-07 14:28 - 2010-12-13 13:49 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 14:28 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 14:28 - 2009-07-14 06:39 - 00126257 _____ () C:\Windows\setupact.log
2014-04-07 14:27 - 2010-07-16 11:22 - 01630009 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 14:27 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-07 13:59 - 2010-12-13 13:49 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 13:36 - 2014-04-07 13:36 - 00602112 _____ (OldTimer Tools) C:\Users\Büro\Desktop\OTL.exe
2014-04-07 13:26 - 2014-04-07 10:00 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 13:14 - 2014-04-07 13:14 - 01145856 _____ (Farbar) C:\Users\Büro\Desktop\FRST.exe
2014-04-07 13:10 - 2014-04-07 13:10 - 00000470 _____ () C:\Users\Büro\Downloads\defogger_disable.log
2014-04-07 13:10 - 2014-04-07 13:10 - 00000000 _____ () C:\Users\Büro\defogger_reenable
2014-04-07 13:10 - 2010-07-16 11:23 - 00000000 ____D () C:\Users\Büro
2014-04-07 13:08 - 2014-04-07 13:08 - 00050477 _____ () C:\Users\Büro\Downloads\Defogger.exe
2014-04-07 13:02 - 2009-07-14 06:34 - 00018352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 13:02 - 2009-07-14 06:34 - 00018352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 12:35 - 2014-04-07 12:18 - 00001026 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-07 12:35 - 2014-04-07 09:59 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-07 12:34 - 2014-04-07 12:34 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Büro\Desktop\mbam-setup-2.0.0.1000.exe
2014-04-07 12:31 - 2014-04-07 12:31 - 00147392 _____ () C:\Windows\Minidump\040714-17518-01.dmp
2014-04-07 12:31 - 2014-04-07 12:27 - 248639150 _____ () C:\Windows\MEMORY.DMP
2014-04-07 12:31 - 2014-04-04 13:22 - 00000000 ____D () C:\Windows\Minidump
2014-04-07 12:29 - 2014-04-07 12:29 - 00147392 _____ () C:\Windows\Minidump\040714-17440-01.dmp
2014-04-07 12:27 - 2014-04-07 12:27 - 00147392 _____ () C:\Windows\Minidump\040714-20342-01.dmp
2014-04-07 12:26 - 2014-04-07 12:25 - 00259584 _____ (OldTimer Tools) C:\Users\Büro\Desktop\OTH.scr
2014-04-07 12:15 - 2014-04-07 12:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Büro\Downloads\revosetup95.exe
2014-04-07 12:15 - 2014-04-07 12:15 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-07 12:15 - 2014-04-07 12:14 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\GlarySoft
2014-04-07 12:13 - 2014-04-07 12:13 - 02194784 _____ (Glarysoft.com ) C:\Users\Büro\Downloads\au29setup.exe
2014-04-07 12:03 - 2010-09-07 12:59 - 00000000 ____D () C:\Users\Büro\Documents\Spesenabrechung
2014-04-07 12:02 - 2010-09-07 13:00 - 00000000 ____D () C:\Users\Büro\Documents\Schriftverkehr allg
2014-04-07 10:32 - 2014-04-07 10:32 - 02347384 _____ (ESET) C:\Users\Büro\Downloads\esetsmartinstaller_enu.exe
2014-04-07 10:32 - 2014-04-07 10:32 - 02347384 _____ (ESET) C:\Users\Büro\Desktop\esetsmartinstaller_enu.exe
2014-04-07 10:32 - 2014-04-07 10:32 - 00001790 _____ () C:\sc-cleaner.txt
2014-04-07 10:32 - 2014-04-07 10:32 - 00000000 ____D () C:\Program Files\ESET
2014-04-07 10:31 - 2014-04-07 10:31 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Büro\Downloads\sc-cleaner.exe
2014-04-07 10:31 - 2014-04-07 10:31 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Büro\Desktop\sc-cleaner.exe
2014-04-07 10:30 - 2014-04-07 10:30 - 00000987 _____ () C:\Users\Büro\Desktop\JRT.txt
2014-04-07 10:26 - 2014-04-07 10:26 - 01016261 _____ (Thisisu) C:\Users\Büro\Desktop\JRT.exe
2014-04-07 10:26 - 2014-04-07 10:26 - 00000000 ____D () C:\Windows\ERUNT
2014-04-07 10:25 - 2014-04-07 10:25 - 01016261 _____ (Thisisu) C:\Users\Büro\Downloads\JRT.exe
2014-04-07 10:17 - 2010-08-27 12:11 - 00199094 _____ () C:\Windows\PFRO.log
2014-04-07 10:16 - 2014-04-07 10:11 - 00000000 ____D () C:\AdwCleaner
2014-04-07 10:10 - 2012-07-06 10:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-07 10:10 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-04-07 10:09 - 2014-04-07 10:11 - 01426178 _____ () C:\Users\Büro\Desktop\adwcleaner.exe
2014-04-07 10:09 - 2014-04-07 10:09 - 01426178 _____ () C:\Users\Büro\Downloads\adwcleaner.exe
2014-04-07 09:59 - 2014-04-07 09:59 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Büro\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-07 09:59 - 2014-04-07 09:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 09:46 - 2014-04-07 09:46 - 00001071 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-07 09:46 - 2014-03-31 12:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-04 13:50 - 2013-12-09 13:28 - 00000000 ____D () C:\Users\Büro\Documents\Schriftverkehr 2014
2014-04-04 13:50 - 2010-09-07 12:58 - 00000000 ____D () C:\Users\Büro\Documents\Deckblätter
2014-04-04 13:08 - 2014-03-24 11:52 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-04 12:20 - 2014-03-26 11:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-04 12:20 - 2010-10-20 11:47 - 00004157 _____ () C:\Windows\ULEAD32.INI
2014-04-04 12:00 - 2011-04-20 12:47 - 00032640 _____ () C:\fpRedmon.log
2014-04-04 12:00 - 2010-09-07 10:10 - 00000000 ____D () C:\ProgramData\FreePDF
2014-04-04 11:35 - 2014-04-04 11:34 - 00013312 ___SH () C:\Users\Büro\Thumbs.db
2014-04-04 11:23 - 2014-04-04 11:23 - 00000042 _____ () C:\Users\Büro\AppData\Roaming\WB.CFG
2014-04-04 11:21 - 2014-04-04 11:21 - 00000000 ____D () C:\Users\Büro\AppData\Local\WinRST
2014-04-04 11:21 - 2014-04-04 11:21 - 00000000 ____D () C:\Program Files\WinRST
2014-04-04 09:35 - 2012-06-01 09:53 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\Fahrzeugsystemdaten GmbH
2014-04-04 09:33 - 2010-08-30 09:53 - 00000057 _____ () C:\Windows\iltwain.ini
2014-04-04 09:12 - 2014-03-10 14:23 - 00001014 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-03 13:00 - 2014-03-24 13:46 - 00199168 _____ () C:\Users\Büro\Documents\Kassenbericht 2014.xls
2014-04-03 13:00 - 2010-09-07 13:00 - 00026112 _____ () C:\Users\Büro\Documents\Geldzähler.xls
2014-04-03 11:08 - 2014-04-04 11:22 - 01176896 _____ (AnyProtect.com) C:\Users\Büro\AppData\Local\AnyProtectScannerSetup.exe
2014-04-03 09:51 - 2014-04-07 09:59 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-07 09:59 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-07 09:59 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 13:07 - 2010-09-07 13:00 - 00000000 ____D () C:\Users\Büro\Documents\Schwacke
2014-03-31 12:37 - 2011-04-20 14:14 - 00000000 ____D () C:\Users\Büro\Documents\Arbeitsvertrag & Betreibseigentum
2014-03-27 14:45 - 2010-09-07 13:00 - 00000000 ____D () C:\Users\Büro\Documents\Tourenpläne Mitarbeiter
2014-03-27 13:16 - 2010-07-16 12:22 - 00154680 _____ () C:\Users\Büro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-27 10:18 - 2009-07-14 06:33 - 00563120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-26 12:32 - 2010-10-20 10:28 - 00000000 ____D () C:\ProgramData\Acronis
2014-03-26 11:44 - 2010-07-12 09:30 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-26 11:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-26 11:41 - 2014-03-26 11:41 - 29011992 _____ (Microsoft Corporation) C:\Users\Büro\Downloads\FileFormatConverters4.exe
2014-03-26 11:36 - 2012-01-17 14:15 - 00000000 ____D () C:\Users\Büro\Documents\Fahrzeugbriefe
2014-03-26 11:22 - 2013-12-09 11:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-26 11:20 - 2010-08-27 12:09 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-26 11:04 - 2013-10-04 09:06 - 00000000 ____D () C:\Users\Büro\AppData\Local\Adobe
2014-03-26 11:03 - 2014-03-26 11:03 - 00000000 ____D () C:\Program Files\Adobe
2014-03-26 11:03 - 2012-11-21 15:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-25 15:35 - 2013-01-04 11:42 - 00000000 ____D () C:\Users\Büro\Documents\Schriftverkehr 2013
2014-03-24 12:01 - 2010-09-07 13:00 - 00000000 ____D () C:\Users\Büro\Documents\Urlaub
2014-03-14 11:44 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-10 14:23 - 2014-03-10 14:23 - 05852336 _____ (TeamViewer GmbH) C:\Users\Büro\Downloads\TeamViewer_Setup_de.exe
2014-03-10 14:23 - 2010-09-06 11:40 - 00000000 ____D () C:\Users\Büro\AppData\Roaming\TeamViewer
2014-03-10 13:39 - 2010-09-13 12:51 - 00000000 ____D () C:\Program Files\TeamViewer

Some content of TEMP:
====================
C:\Users\Büro\AppData\Local\Temp\AMPing.exe
C:\Users\Büro\AppData\Local\Temp\avgnt.exe
C:\Users\Büro\AppData\Local\Temp\InstallManager_BAB_BAB.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 01:05

==================== End Of Log ============================
         
--- --- ---

Alt 07.04.2014, 13:52   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Ok, Kontrollscans mit MBAM und ESET bitte

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.04.2014, 08:27   #13
steffiglaubi
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.04.2014
Suchlauf-Zeit: 15:03:13
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.07.06
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Büro

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 221865
Verstrichene Zeit: 8 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=09526e9c160eac4983a16ec6b5e6c1d6
# engine=17778
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-07 10:09:08
# local_time=2014-04-07 12:09:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 10551 262288638 3325 0
# compatibility_mode=5893 16776573 100 94 269520 148496539 0 0
# scanned=115566
# found=1
# cleaned=0
# scan_time=5707
sh=175A8A0C7650EF29B0E1AE7137F5F48FDFCD6588 ft=1 fh=deea2a09617af006 vn="a variant of Win32/AdWare.SpeedingUpMyPC.G application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3313896547-2878084619-875718404-1000\$RHY9MH3\8342083_stp.EXE"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=09526e9c160eac4983a16ec6b5e6c1d6
# engine=17781
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-07 02:37:02
# local_time=2014-04-07 04:37:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 26625 262304712 19399 0
# compatibility_mode=5893 16776573 100 94 285594 148512613 0 0
# scanned=116496
# found=1
# cleaned=0
# scan_time=5489
sh=175A8A0C7650EF29B0E1AE7137F5F48FDFCD6588 ft=1 fh=deea2a09617af006 vn="a variant of Win32/AdWare.SpeedingUpMyPC.G application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3313896547-2878084619-875718404-1000\$RHY9MH3\8342083_stp.EXE"
         

Alt 08.04.2014, 09:20   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Nur Müll im Papierkorb.

TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.04.2014, 09:35   #15
steffiglaubi
 
default-search.net nicht zulöschen - Standard

default-search.net nicht zulöschen



Nein keine Probleme mehr. Vielen Dank!!!

Antwort

Themen zu default-search.net nicht zulöschen
appdata, appdatalow, befall, browser, c:\windows, c:\windows\system32\roboot.exe, code, desktop.exe, explorer, firefox, free, install.exe, internet, internet explorer, malware, microsoft, mozilla, pup.optional.defaultsearch.a, pup.optional.linkey.a, pup.optional.pirritsuggestor.a, pup.optional.settingsmanager.a, pup.optional.systemk.a, roaming, rootkits, service.exe, services, software, system, system32, uninstall.exe, update, windows, windows 7



Ähnliche Themen: default-search.net nicht zulöschen


  1. C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL ist entweder nicht für die Ausführung unter Windows vorgesehen...
    Plagegeister aller Art und deren Bekämpfung - 16.03.2015 (17)
  2. C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL ist entweder nicht für die Ausführung unter Windows vorgesehe
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (5)
  3. Ungewollte Startseite in den Browsern - http://www.default-search.net - wie entferne ich das?
    Plagegeister aller Art und deren Bekämpfung - 23.09.2014 (17)
  4. Default-Search bleibt auch nach Neustart als Startseite
    Log-Analyse und Auswertung - 14.08.2014 (9)
  5. Verändert Default-Search.net Facebook?
    Log-Analyse und Auswertung - 14.04.2014 (7)
  6. Windows 8: default-search.net als Startsarte in allen Browsern
    Log-Analyse und Auswertung - 02.04.2014 (9)
  7. Default-Search
    Plagegeister aller Art und deren Bekämpfung - 01.04.2014 (9)
  8. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  9. Default-Search.net entfernen
    Anleitungen, FAQs & Links - 16.12.2013 (2)
  10. do-search kann nicht entfernt werden trotz Malware Bites und Avira, Programm nicht mehr sichtbar - do-search trotzdem noch da
    Log-Analyse und Auswertung - 08.12.2013 (21)
  11. "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (11)
  12. default search engine protection was ist das???
    Alles rund um Windows - 28.01.2009 (0)
  13. neuer Uer DEFAULT ?
    Plagegeister aller Art und deren Bekämpfung - 16.03.2005 (1)
  14. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)
  15. .dll/default.hta
    Alles rund um Windows - 04.03.2003 (6)

Zum Thema default-search.net nicht zulöschen - Hallo, ich habe bereits alles befolgt, was in diesem Thema beschrieben ist http://www.trojaner-board.de/146735-...entfernen.html der Befall ist jedoch nicht beseitigt. Können Sie mir bitte helfen? Code: Alles auswählen Aufklappen ATTFilter <?xml - default-search.net nicht zulöschen...
Archiv
Du betrachtest: default-search.net nicht zulöschen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.