Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundespolizei-Virus sicher entfernen (https://www.trojaner-board.de/123634-bundespolizei-virus-sicher-entfernen.html)

tomba 06.09.2012 18:42
Bundespolizei-Virus sicher entfernen
 
Hallo,

ich habe mir vor ein paar Tagen den/einen? Bundespolizeivirus eingefangen. Syptom war, das der bekannte Bildschirm angezeigt wurde und meine Reaktion, dass ich dem Rechner den Stecker gezogen habe, da ich ihn nicht anders ausschalten konnte (Task-Manager... hat nicht funktioniert). Nach dem ersten Neustart (ohne WLAN-Stick) kam die "Bundespolizei-Seite" nicht, erst wenn ich wieder den Stick angeschlossen habe.

Habe dann ein bischen gegoogelt und schließlich mit Malewarebytes einen vollständigen Scan durchgeführt, bei dem Malewarebytes vier Funde gemacht hat. Das Problem mit der Bundespolizei-Seite war danach weg und ein erneuter Scan mit Malewarebytes hat auch keine Funde mehr ergeben.

Beim anschließenden Systemscan mit Avira Antivirus Premium 2012 hat das Programm ebenfalls nichts gefunden.

Mein Problem ist nun, das - wie ich öfter gelesen habe - der Virusbefall damit ja wohl nicht automatisch als erledigt angesehen werden kann.

Daher suche ich nun hier nach Hilfe, um meinen Rechner demnächst wieder einigermaßen beruhigt nutzen zu können.

Die ersten Schritte habe ich (hoffentlich richtig) schon mal mit folgendem Ergebnis ausgeführt. Als nächstes wollte ich Gmer durchlaufen lassen.

hier die OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 06.09.2012 18:28:12 - Run 1
OTL by OldTimer - Version 3.2.61.0    Folder = C:\Users\Thomas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 42,13% Memory free
6,23 Gb Paging File | 4,66 Gb Available in Paging File | 74,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,39 Gb Total Space | 147,33 Gb Free Space | 52,17% Space Free | Partition Type: NTFS
Drive D: | 15,67 Gb Total Space | 7,33 Gb Free Space | 46,79% Space Free | Partition Type: FAT32
 
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.06 18:25:58 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
PRC - [2012.09.05 20:40:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.05 20:39:28 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.09.05 20:39:26 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.05 20:39:18 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.09.05 20:39:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.05 20:39:15 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.08.29 13:01:20 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.29 13:01:20 | 002,242,528 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 03:32:50 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.14 03:30:50 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:30:41 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.12 03:39:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 03:38:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.12 03:38:46 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012.05.12 03:37:20 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3b7181bb19dd5dd74cd063f0312cdf57\System.Xml.ni.dll
MOD - [2012.05.12 03:36:03 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.12 03:35:48 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2010.02.10 19:10:10 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.17 10:06:07 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3321.40317__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.03.17 10:06:07 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3321.40399__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.03.17 10:06:07 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.03.17 10:06:07 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3321.40301__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:07 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3321.40319__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.03.17 10:06:07 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3321.40400__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.03.17 10:06:07 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.03.17 10:06:07 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3321.40378__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:07 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3321.40308__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.03.17 10:06:07 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3321.40357__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:07 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3321.40362__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:07 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.03.17 10:06:07 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:07 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3321.40308__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:06 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3321.40346__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.03.17 10:06:06 | 000,671,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3321.40415__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2009.03.17 10:06:06 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3321.40372__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.03.17 10:06:06 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3321.40345__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:06 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3321.40415__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3321.40398__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:05 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3321.40310__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.03.17 10:06:05 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.03.17 10:06:05 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.03.17 10:06:05 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.03.17 10:06:05 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3321.40324__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:05 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:04 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3321.40340__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.03.17 10:06:04 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.03.17 10:06:04 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.03.17 10:06:04 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:04 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.03.17 10:06:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:04 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.03.17 10:06:04 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3321.40355__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.03.17 10:06:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.03.17 10:06:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.03.17 10:06:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.03.17 10:06:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2009.03.17 10:06:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.03.17 10:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.03.17 10:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.03.17 10:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.03.17 10:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.03.17 10:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.03.17 10:06:04 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.03.17 10:06:03 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3294.18797__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3294.18784__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.03.17 10:06:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.03.17 10:06:03 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.03.17 10:06:02 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3321.40305__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.03.17 10:06:02 | 000,540,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3321.40387__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.03.17 10:06:02 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3321.40431__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009.03.17 10:06:02 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.03.17 10:06:02 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3321.40393__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.03.17 10:06:02 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3321.40298__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.03.17 10:06:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3321.40391__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.03.17 10:06:02 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3321.40300__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009.03.17 10:06:02 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.03.17 10:06:02 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3321.40409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.03.17 10:06:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.03.17 10:06:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.03.17 10:06:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.03.17 10:06:02 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.03.17 10:06:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009.03.17 10:06:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.03.17 10:06:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.03.17 10:06:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.03.17 10:06:02 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009.03.17 10:06:02 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009.03.17 10:06:02 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3321.40297__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.03.17 10:06:01 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3321.40299__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.03.17 10:06:01 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3321.40298__90ba9c70f846762e\APM.Server.dll
MOD - [2009.03.17 10:06:01 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3321.40297__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.03.17 10:06:01 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.03.17 10:06:01 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3321.40392__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.02.04 07:00:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console -- (GameConsoleService)
SRV - [2012.09.05 20:40:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.05 20:39:28 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.09.05 20:39:18 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.09.05 20:39:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.29 13:01:20 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.23 10:13:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.11.06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.08.11 14:51:54 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2012.09.05 20:40:41 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.05 20:40:41 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.09.05 20:40:40 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.05 20:40:39 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.09 12:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.05.12 12:14:58 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010.05.12 12:14:56 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2010.05.12 12:14:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2009.10.28 07:09:29 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.10.26 03:43:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009.10.26 03:43:52 | 000,093,344 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009.07.13 08:46:38 | 000,037,280 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.02.04 09:29:02 | 004,303,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.10.03 18:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.09.05 03:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2008.04.28 15:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.01.16 10:18:02 | 000,489,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007.10.12 03:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005.09.23 11:41:22 | 000,036,096 | ---- | M] (Animation Technologies Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\M9207BDA.sys -- (M9207)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de"
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.1
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.21 16:59:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.29 13:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.30 10:33:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.19 21:19:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.11.21 17:00:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.29 13:01:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.30 10:33:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
[2010.09.04 08:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2010.09.04 08:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.05 20:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\djabxr65.default\extensions
[2012.08.30 17:11:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\djabxr65.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.10.16 14:54:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\djabxr65.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.22 15:03:44 | 000,526,409 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\djabxr65.default\extensions\toolbar@web.de.xpi
[2012.09.05 20:35:15 | 000,527,931 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\djabxr65.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.25 15:07:15 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\djabxr65.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.22 15:03:47 | 000,000,853 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\djabxr65.default\searchplugins\11-suche.xml
[2012.08.22 15:03:47 | 000,002,209 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\djabxr65.default\searchplugins\englische-ergebnisse.xml
[2012.08.22 15:03:47 | 000,010,506 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\djabxr65.default\searchplugins\gmx-suche.xml
[2012.08.22 15:03:47 | 000,002,368 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\djabxr65.default\searchplugins\lastminute.xml
[2012.08.22 15:03:47 | 000,005,489 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\djabxr65.default\searchplugins\webde-suche.xml
[2012.05.02 18:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.29 13:01:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 13:01:19 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A745023-4AB8-409F-9255-29D4B6739F05}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87F3789C-9433-4808-B8B7-20888C325C10}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27 - HKLM IFEO\backitup.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\recode.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\showtime.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\waveedit.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0434a533-865d-11de-9bf0-002421234a35}\Shell - "" = AutoRun
O33 - MountPoints2\{0434a533-865d-11de-9bf0-002421234a35}\Shell\AutoRun\command - "" = K:\pushinst.exe
O33 - MountPoints2\{2736bac5-26a0-11df-a753-002421234a35}\Shell - "" = AutoRun
O33 - MountPoints2\{2736bac5-26a0-11df-a753-002421234a35}\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.06 18:25:57 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.09.05 20:48:23 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Avira
[2012.09.05 20:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.09.05 20:42:26 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.05 20:42:26 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.09.05 20:42:26 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.05 20:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.09.05 20:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.09.05 10:26:39 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2012.09.05 10:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.05 10:26:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.05 10:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.05 10:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.05 09:32:41 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Backup_Jan-Sept 2012
[2012.09.05 08:21:26 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.09.04 11:56:02 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.08.21 17:25:30 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Sommer 2012_Auswahl
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.06 18:30:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 18:30:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 18:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.06 18:25:58 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.09.06 18:23:35 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\defogger_reenable
[2012.09.06 17:46:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.06 12:46:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.06 07:51:30 | 000,632,240 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.06 07:51:30 | 000,598,928 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.06 07:51:30 | 000,127,484 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.06 07:51:30 | 000,104,942 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.05 20:42:43 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.05 20:40:41 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.05 20:40:41 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.09.05 20:40:40 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.05 20:40:39 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.09.05 20:30:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.05 20:30:13 | 3219,447,808 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.05 20:29:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.05 12:38:48 | 000,002,631 | ---- | M] () -- C:\Users\Thomas\Desktop\Microsoft Office Word 2007.lnk
[2012.09.05 10:58:58 | 519,998,097 | ---- | M] () -- C:\Users\Thomas\Desktop\Thunderbird 15.0 (de) - 2012-09-05.pcv
[2012.09.05 10:26:33 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.04 09:02:44 | 210,292,736 | ---- | M] () -- C:\Users\Thomas\Desktop\KWU_1.0.3.upd.iso
[2012.09.04 08:52:34 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.09.03 07:28:02 | 000,158,984 | ---- | M] () -- C:\Users\Thomas\Desktop\Messdienerbild.pdf
[2012.09.02 08:43:08 | 001,338,443 | ---- | M] () -- C:\Users\Thomas\Desktop\IMG134.jpg
[2012.08.31 17:24:54 | 000,088,882 | ---- | M] () -- C:\Users\Thomas\Desktop\Hallenmieter 01.2012-09.2012.pdf
[2012.08.21 18:37:42 | 000,408,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.06 18:23:35 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\defogger_reenable
[2012.09.05 20:42:43 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.05 10:56:32 | 519,998,097 | ---- | C] () -- C:\Users\Thomas\Desktop\Thunderbird 15.0 (de) - 2012-09-05.pcv
[2012.09.05 10:26:33 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.05 08:53:15 | 3219,447,808 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.04 09:16:28 | 210,292,736 | ---- | C] () -- C:\Users\Thomas\Desktop\KWU_1.0.3.upd.iso
[2012.09.03 10:09:43 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.09.03 07:24:08 | 000,158,984 | ---- | C] () -- C:\Users\Thomas\Desktop\Messdienerbild.pdf
[2012.09.02 08:40:12 | 001,338,443 | ---- | C] () -- C:\Users\Thomas\Desktop\IMG134.jpg
[2012.08.31 17:24:54 | 000,088,882 | ---- | C] () -- C:\Users\Thomas\Desktop\Hallenmieter 01.2012-09.2012.pdf
[2012.04.26 16:35:44 | 000,024,206 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\UserTile.png
[2011.10.06 16:54:08 | 000,485,240 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.10.06 16:53:29 | 000,116,600 | ---- | C] () -- C:\Windows\Wiainst.exe
[2011.06.08 20:12:08 | 000,000,680 | ---- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2011.05.22 20:32:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.05.22 20:32:11 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.04.14 02:40:42 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssb3ml3.dll
[2010.12.16 06:57:46 | 000,000,088 | RHS- | C] () -- C:\ProgramData\84DD08B80A.sys
[2010.12.16 06:57:45 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.02.02 13:08:57 | 007,592,064 | ---- | C] () -- C:\Users\Thomas\Red Hot Chili Peppers - Stadium Arcadium.mp3
[2010.02.01 23:16:32 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010.02.01 20:00:00 | 000,000,960 | ---- | C] () -- C:\ProgramData\ss.ini
[2009.10.13 08:47:49 | 000,001,024 | ---- | C] () -- C:\Users\Thomas\.rnd
[2009.08.12 07:28:02 | 000,011,264 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.03.19 19:26:21 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Azureus
[2012.04.25 08:21:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Canon
[2012.09.04 08:35:57 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Desktopicon
[2011.10.16 14:54:50 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DVDVideoSoft
[2011.10.16 14:54:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.29 22:28:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FRITZ!
[2012.02.03 18:39:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\GoPal Assistant
[2010.02.02 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\LG Electronics
[2010.09.24 17:43:45 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2012.04.26 16:35:44 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PeerNetworking
[2009.10.25 19:15:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PersBackup
[2011.05.22 20:31:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Samsung
[2009.08.14 09:03:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ScanSoft
[2010.09.04 08:11:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2010.02.01 18:27:32 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Toolbars
[2012.03.03 14:41:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TuneUp Software
[2009.10.05 10:41:46 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\WEB.DE
[2012.09.05 20:29:15 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========

< End of report >
--- --- ---



und die Extras.txt:OTL Logfile:
Code:
OTL Extras logfile created on: 06.09.2012 18:28:12 - Run 1
OTL by OldTimer - Version 3.2.61.0    Folder = C:\Users\Thomas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 42,13% Memory free
6,23 Gb Paging File | 4,66 Gb Available in Paging File | 74,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,39 Gb Total Space | 147,33 Gb Free Space | 52,17% Space Free | Partition Type: NTFS
Drive D: | 15,67 Gb Total Space | 7,33 Gb Free Space | 46,79% Space Free | Partition Type: FAT32
 
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25ACAE29-F8DA-4C63-BE4F-1AFCA0ED2507}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{29125A7C-1784-4FA1-99AA-CD363E9C1407}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31B928DD-35F5-455F-BE60-9DC0B896380C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{376F35A4-E7EF-4F44-8298-6460C64E32F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5865188C-6092-452F-8887-4F45C250A236}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{592942A4-D417-4DC9-8BD7-18533EE2293F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76853589-24D7-4DA7-8B4B-C368D1EDCA12}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CD1D11E4-7D5D-4FF2-A300-9AE39C9154F8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F195841B-0926-4C2F-A69C-1C55DAF158C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005A4714-DC5B-4E8E-B39A-C705773136BC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{087F2CC5-A5A9-4538-9217-9E191CE4FD9E}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe |
"{0AF73E54-A5CC-4E26-84D6-E821CB0ECE60}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0F0D1958-A65C-4154-8DCE-E958040BE3E4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{114FF304-C12A-4D35-8B90-AA3BFD3E7F08}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{1F62ED75-2C7C-48F8-8FFE-6B491C507AF6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{279AA19A-2B8C-4976-ABBB-B7CA565B9760}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C8967AB-CC0F-4422-91DA-A254FDF4FF31}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2D83D3FF-9F6D-47F3-B25E-B5FD5660C388}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{2E2A6BD3-8DB9-4C41-9654-BA78D11CC326}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{310B8C7F-8D6B-428D-A655-566515A15578}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3BC630E5-232D-48EF-9B0F-79ED1AE1385B}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe |
"{46C138B0-0359-4339-961B-939687BF85AC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4B04743C-BF3D-4B11-81C8-433A2AC93514}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5793332A-4DFD-40A2-AECC-19200BAF6314}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{58C8C8E2-21B4-4F12-899D-3BF168CAEC1C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{624348D1-22B3-4D9A-A7C0-E1DBEF8C7804}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{64079A2B-A315-4AEB-87CB-B568B4163C09}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{73A55903-3F2B-449D-A348-FE139A721EA4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{77F88687-351F-4200-B82F-74AC32365B53}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7A7BF35B-9BA4-4A20-8B84-47B49DD00291}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E7B2EA2-EF12-4DA0-B824-21E5346D6711}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E972B6F-9D82-43C3-A89C-F8D4CBE61731}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe |
"{8A1AF248-2AC9-479F-BFCB-70F681066C91}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8FDA9EFA-3D75-4AD2-8817-A50DCB294C64}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{93D26BB2-5BED-45A7-9383-95B18BBB20FD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{93EE79E7-797C-4291-B22A-7CCA3EB57BE1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{95E18D3D-DBD6-406D-8A64-CE6432A0AF6E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9E2C1388-0CDB-429F-8523-CE15F14DA538}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9EBDB0E4-2272-4EA7-A89A-55B4A8772BC3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9F839C72-C0A9-4008-8B30-C6D45DD0C70E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A3B344F8-7176-46E1-8B84-C9BD70004DF7}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{A425CBC8-F165-4F3C-89BF-D8D838D0115E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{A5F62CA7-E41D-46F1-9B2C-48578B99B0C8}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{AE2B6D90-3484-4D3E-B9BC-C35A2612F7C8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AE58B3D7-32AB-46F3-B8E1-13C6B72C5A5B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B3C0505D-C137-430C-9387-BC423EB9FE25}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C3165182-5038-46DA-9609-2198C3342B72}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C6E07358-2B7F-479F-B0B2-82B11A222F31}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{CA8A3D54-60FA-41E4-A24A-A0483396F782}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CFA0D920-55A3-4ADD-8729-712B88CE1F59}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D4918F69-F5BA-4CD3-ADB5-E875EFFA98A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB3ECCD7-1795-45E9-B3AF-1F6893D1550E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DC83A4E3-D142-4A2C-A66A-0A3F34A131EA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E29A0F6B-67F8-49C7-8BE9-2996935B81A7}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe |
"{F11A6D7C-3299-44BE-BD79-9E044F73BC18}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{16FA8B2B-BFF2-40A1-BFAE-FF4365C20436}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{23CA335A-0C2D-4719-9964-2AAC6F8D43CB}C:\users\thomas\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\akamai\netsession_win.exe |
"TCP Query User{371CA6EE-0798-4505-8527-0CDA08780C10}C:\users\thomas\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\local\akamai\netsession_win.exe |
"TCP Query User{4390B8D4-207A-4F4C-8008-360FC54564CB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B28AE09F-34E0-481E-BE0D-0B86B2745E4D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{C2A52A4D-767C-42DE-9C96-BEBDEFE3E0A7}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F22FAF20-7427-4D4C-BE44-50549002E0F6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F7F4040E-A469-4F6C-B033-529497047BA1}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{0850B530-C910-437C-AC3C-30C1578EB1A2}C:\users\thomas\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\akamai\netsession_win.exe |
"UDP Query User{10C93FE3-CBF9-4400-9940-2E660BB5B20C}C:\users\thomas\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\local\akamai\netsession_win.exe |
"UDP Query User{2A1A67FC-1EA7-47EF-841E-7747C39EB66B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5C364D98-82DA-4089-BF23-019E7A27CE3E}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6803F9B4-E8F6-41E6-A633-B7D2E78169C9}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{71D9FDBF-E200-4D19-B532-88FFD148A540}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A1F96FE2-5F4F-4AFA-9E51-860AB829D9E4}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{BA9F13E2-79C6-454B-870B-89EF9C037B3D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0105F5C0-6216-11D8-A7C6-444553540000}" = USB 2.0 Switch Utility Software
"{01CFF21B-0D9F-919D-06D4-AD1747C6281A}" = Catalyst Control Center Graphics Full Existing
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series" = Canon MG2100 series MP Drivers
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{1BE360D1-E77C-0901-8952-7D469256D2C8}" = Catalyst Control Center Core Implementation
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237F9413-C7DA-5A18-945F-B4887A78AB91}" = ccc-utility
"{2592233A-6160-5E52-FDB6-14285DD19855}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus XtremeG DWL-G122
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{37092A35-DF6F-95A6-F9CE-3CE7FC5B48A7}" = CCC Help German
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA05070-920A-5E39-DABD-CCC10ABF3A4F}" = ccc-core-static
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64085F24-4AB6-037C-080B-FE583EF02238}" = Catalyst Control Center Localization All
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89CB70B4-4110-31CF-0BB1-2260B3ABFDE2}" = Catalyst Control Center Graphics Full New
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91522343-68CD-FBB1-1A1C-F1D17130B65A}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A718C198-01E2-63F6-7D7B-65040A4B0F4B}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF6CF460-40C3-49BA-800A-4B934B6498B1}" = Scan Assistant
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E1BE9315-E699-FBBC-E1D2-0B23CA18AB9F}" = Catalyst Control Center Graphics Light
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6A0B2DA-CA0E-50B6-718A-68A8E1690883}" = Skins
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{ED57CE70-0DC6-49AB-A33E-FAC212A6AF5E}" = Creative MuVo V100
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5799422-CF5A-14BA-6D3A-56C0EAF9CC55}" = Catalyst Control Center Graphics Previews Vista
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE MailCheck für Mozilla Firefox
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"99_is1" = Jawbreaker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-Twin 2010-01-16 16.20.32" = Anti-Twin (Installation 16.01.2010)
"Assistant" = Assistant 5.05.013
"AVI DivX to DVD SVCD VCD Converter_is1" = AVI DivX to DVD SVCD VCD Converter 4.0.0604
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"Canon MG2100 series Benutzerregistrierung" = Canon MG2100 series Benutzerregistrierung
"Canon MG2100 series On-screen Manual" = Canon MG2100 series On-screen Manual
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy Avi/Divx/Xvid to DVD Burner_is1" = Easy Avi/Divx/Xvid to DVD Burner 2.7.38
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Personal Backup_is1" = Personal Backup 4.1
"Picasa 3" = Picasa 3
"Quillionär" = Quillionär 2009
"RealPlayer 12.0" = RealPlayer
"Samsung SCX-3200 Series" = Samsung SCX-3200 Series
"SysInfo" = Creative-Systeminformationen
"TIPP10_is1" = TIPP10 Version 2.0.3
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.0.5
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"WEB.DE Club SmartFax" = WEB.DE Club SmartFax
"WildTangent wildgames Master Uninstall" = WildGames
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.09.2012 02:28:54 | Computer Name = Thomas-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.09.2012 02:30:01 | Computer Name = Thomas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0x5e0, Anwendungsstartzeit
 01cd8b2fe092761b.
 
Error - 05.09.2012 02:45:22 | Computer Name = Thomas-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.09.2012 02:54:48 | Computer Name = Thomas-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.09.2012 02:57:31 | Computer Name = Thomas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0x9a0, Anwendungsstartzeit
 01cd8b33b7c729da.
 
Error - 05.09.2012 04:00:46 | Computer Name = Thomas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LUpdate.exe, Version 1.0.0.8, Zeitstempel 0x4cc94ccd,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xda8, Anwendungsstartzeit 01cd8b3c8dbb2963.
 
Error - 05.09.2012 04:01:43 | Computer Name = Thomas-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.09.2012 06:22:46 | Computer Name = Thomas-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.09.2012 11:23:42 | Computer Name = Thomas-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.09.2012 11:51:23 | Computer Name = Thomas-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 28.10.2010 21:15:54 | Computer Name = Thomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20897
 seconds with 5160 seconds of active time.  This session ended with a crash.
 
Error - 08.05.2012 07:06:34 | Computer Name = Thomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6556
 seconds with 4500 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.09.2012 11:51:23 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 05.09.2012 14:19:56 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 05.09.2012 14:20:15 | Computer Name = Thomas-PC | Source = DCOM | ID = 10005
Description =
 
Error - 05.09.2012 14:20:16 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 05.09.2012 14:21:33 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7024
Description =
 
Error - 05.09.2012 14:31:44 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 05.09.2012 14:31:44 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 05.09.2012 14:32:49 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 05.09.2012 14:33:47 | Computer Name = Thomas-PC | Source = DCOM | ID = 10005
Description =
 
Error - 05.09.2012 14:33:47 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001
Description =
 
[ TuneUp Events ]
Error - 24.01.2012 16:28:11 | Computer Name = Thomas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 24.01.2012 17:02:02 | Computer Name = Thomas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 25.01.2012 02:25:19 | Computer Name = Thomas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 25.01.2012 03:15:02 | Computer Name = Thomas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 25.01.2012 05:44:29 | Computer Name = Thomas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 25.01.2012 10:04:58 | Computer Name = Thomas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 25.01.2012 11:01:58 | Computer Name = Thomas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 26.01.2012 10:56:36 | Computer Name = Thomas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 26.01.2012 15:54:19 | Computer Name = Thomas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 31.01.2012 10:31:14 | Computer Name = Thomas-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
 
< End of report >
--- --- ---


So, nun ist auch Gmer durchgelaufen. Ergebnis:

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-07 08:54:56
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000055 WDC_WD32 rev.01.0
Running: njvth1mg.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\uxdiipoc.sys


---- System - GMER 1.0.15 ----

SSDT            8CDE8686                                  ZwCreateSection
SSDT            8CDE865E                                  ZwCreateSymbolicLinkObject
SSDT            8CDE8663                                  ZwLoadDriver
SSDT            8CDE8659                                  ZwOpenSection
SSDT            8CDE8690                                  ZwRequestWaitReplyPort
SSDT            8CDE868B                                  ZwSetContextThread
SSDT            8CDE8695                                  ZwSetSecurityObject
SSDT            8CDE8668                                  ZwSetSystemInformation
SSDT            8CDE869A                                  ZwSystemDebugControl
SSDT            8CDE8627                                  ZwTerminateProcess
SSDT            8CDE8622                                  ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 215            82AFA8D8 4 Bytes  [86, 86, DE, 8C]
.text          ntkrnlpa.exe!KeSetEvent + 21D            82AFA8E0 4 Bytes  [5E, 86, DE, 8C]
.text          ntkrnlpa.exe!KeSetEvent + 37D            82AFAA40 4 Bytes  [63, 86, DE, 8C]
.text          ntkrnlpa.exe!KeSetEvent + 3FD            82AFAAC0 4 Bytes  [59, 86, DE, 8C]
.text          ntkrnlpa.exe!KeSetEvent + 53A            82AFABFD 3 Bytes  [86, DE, 8C]
.text          ...                                     
.text          C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x90808000, 0x24DCF4, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---


Geendet hat dar Prozess mit einem Fenster mit der Nachricht "Gmer was stoped". Ist das so richtig? Und was kommt jetzt als nächstes? Ohne Eure Hilfe bin ich echt aufgeschmissen.

t'john 07.09.2012 11:43
:hallo:

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console -- (GameConsoleService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;127.0.0.1:9421;
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.spiegel.de"
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.1
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O27 - HKLM IFEO\backitup.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\recode.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\showtime.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\waveedit.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0434a533-865d-11de-9bf0-002421234a35}\Shell - "" = AutoRun
O33 - MountPoints2\{0434a533-865d-11de-9bf0-002421234a35}\Shell\AutoRun\command - "" = K:\pushinst.exe
O33 - MountPoints2\{2736bac5-26a0-11df-a753-002421234a35}\Shell - "" = AutoRun
O33 - MountPoints2\{2736bac5-26a0-11df-a753-002421234a35}\Shell\AutoRun\command - "" = E:\pushinst.exe
[2012.09.04 08:52:34 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad

[2012.09.05 08:21:26 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.09.06 18:30:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 18:30:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
:Files

C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Thomas\AppData\Local\{*}
C:\Users\Thomas\AppData\Local\Temp\*.exe
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

tomba 07.09.2012 18:19
Schon mal danke, dass Du dich meiner so schnell angenommen hast.
Hier zunächst die Ergebnisse von Schritt-1 und Schritt-2

OTL:

All processes killed
========== OTL ==========
Service GameConsoleService stopped successfully!
Service GameConsoleService deleted successfully!
File C:\Program Files\WildGames\Game Console not found.
Service USBModem stopped successfully!
Service USBModem deleted successfully!
File system32\DRIVERS\lgusbmodem.sys not found.
Service UsbDiag stopped successfully!
Service UsbDiag deleted successfully!
File system32\DRIVERS\lgusbdiag.sys not found.
Service usbbus stopped successfully!
Service usbbus deleted successfully!
File system32\DRIVERS\lgusbbus.sys not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service DgiVecp stopped successfully!
Service DgiVecp deleted successfully!
File C:\Windows\system32\Drivers\DgiVecp.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.spiegel.de" removed from browser.startup.homepage
Prefs.js: toolbar@web.de:2.2.1 removed from extensions.enabledAddons
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5 removed from extensions.enabledAddons
Prefs.js: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827 removed from extensions.enabledAddons
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 removed from extensions.enabledItems
Prefs.js: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 removed from extensions.enabledItems
Prefs.js: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backitup.exe\ deleted successfully.
C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\coverdes.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nero.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neromediahome.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neroscoutoptions.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerostartsmart.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerovision.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recode.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupx.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showtime.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\waveedit.exe\ deleted successfully.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0434a533-865d-11de-9bf0-002421234a35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0434a533-865d-11de-9bf0-002421234a35}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0434a533-865d-11de-9bf0-002421234a35}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0434a533-865d-11de-9bf0-002421234a35}\ not found.
File K:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2736bac5-26a0-11df-a753-002421234a35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2736bac5-26a0-11df-a753-002421234a35}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2736bac5-26a0-11df-a753-002421234a35}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2736bac5-26a0-11df-a753-002421234a35}\ not found.
File E:\pushinst.exe not found.
C:\ProgramData\nud0repor.pad moved successfully.
C:\found.000 folder moved successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Thomas\AppData\Local\{*} not found.
File\Folder C:\Users\Thomas\AppData\Local\Temp\*.exe not found.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Thomas\Desktop\cmd.bat deleted successfully.
C:\Users\Thomas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Thomas
->Temp folder emptied: 1465013 bytes
->Temporary Internet Files folder emptied: 467639092 bytes
->FireFox cache emptied: 78599711 bytes
->Flash cache emptied: 39653 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2307253 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 525,00 mb


OTL by OldTimer - Version 3.2.61.0 log created on 09072012_153221

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



und das Malewarebytes-Ergebnis:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.07.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: THOMAS-PC [Administrator]

Schutz: Aktiviert

07.09.2012 15:43:41
mbam-log-2012-09-07 (15-43-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 387561
Laufzeit: 2 Stunde(n), 7 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


zum Schritt 3 komme ich wohl erst morgen.

Hier nun auch die Logfiles vom AdwCleaner.

Aber auch noch ne Frage: nach dem Neustart des Rechners nach Schritt 2 kam die Windows-Nachricht "An Windows wurde ein nicht autorisierte Änderung vorgenommen", woraufhin ich den Produkt-Key neu eingebn musste.

War das normal/i.O?


Schritt-3-Logfile:

# AdwCleaner v2.000 - Datei am 09/08/2012 um 08:09:05 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Thomas - THOMAS-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Thomas\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Users\Thomas\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Thomas\AppData\Roaming\Desktopicon

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Schlüssel Gefunden : HKLM\Software\Conduit

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\djabxr65.default\prefs.js

Gefunden : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2504091.CTID", "CT2504091");
Gefunden : user_pref("CT2504091.CurrentServerDate", "23-6-2010");
Gefunden : user_pref("CT2504091.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2504091.EMailNotifierPollDate", "Wed Jun 23 2010 07:41:56 GMT+0200");
Gefunden : user_pref("CT2504091.FeedLastCount129079840422964131", 12);
Gefunden : user_pref("CT2504091.FeedPollDate128891351169457132", "Tue Jun 08 2010 16:33:51 GMT+0200");
Gefunden : user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Jun 08 2010 06:33:51 GMT+0200");
Gefunden : user_pref("CT2504091.FeedTTL128891351169457132", 40);
Gefunden : user_pref("CT2504091.FirstServerDate", "14-3-2010");
Gefunden : user_pref("CT2504091.FirstTime", true);
Gefunden : user_pref("CT2504091.FirstTimeFF3", true);
Gefunden : user_pref("CT2504091.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2504091.Initialize", true);
Gefunden : user_pref("CT2504091.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2504091.InstalledDate", "Sun Mar 14 2010 17:13:53 GMT+0100");
Gefunden : user_pref("CT2504091.IsGrouping", false);
Gefunden : user_pref("CT2504091.IsMulticommunity", false);
Gefunden : user_pref("CT2504091.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2504091.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Jun 22 2010 10:20:08 GMT+0200");
Gefunden : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2504091.LastLogin_2.5.6.0", "Wed Jun 23 2010 06:11:54 GMT+0200");
Gefunden : user_pref("CT2504091.LatestVersion", "2.1.0.18");
Gefunden : user_pref("CT2504091.Locale", "en-us");
Gefunden : user_pref("CT2504091.LoginCache", 4);
Gefunden : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2504091.MCDetectTooltipShow", false);
Gefunden : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2504091.RadioShrinked", "shrinked");
Gefunden : user_pref("CT2504091.SHRINK_TOOLBAR", 0);
Gefunden : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gefunden : user_pref("CT2504091.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Tue Jun 22 2010 20:13:18 GMT+0200");
Gefunden : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2504091.SettingsLastCheckTime", "Wed Jun 23 2010 06:11:54 GMT+0200");
Gefunden : user_pref("CT2504091.SettingsLastUpdate", "1275605221");
Gefunden : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Mon Jun 14 2010 19:49:57 GMT+0200");
Gefunden : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1275605221");
Gefunden : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2504091.UserID", "UN92430845126139471");
Gefunden : user_pref("CT2504091.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2504091.alertChannelId", "897164");
Gefunden : user_pref("CT2504091.clientLogIsEnabled", false);
Gefunden : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2504091.components.129079840422182852", false);
Gefunden : user_pref("CT2504091.components.129079840422339107", false);
Gefunden : user_pref("CT2504091.components.129079840422651618", false);
Gefunden : user_pref("CT2504091.components.129079840422964131", false);
Gefunden : user_pref("CT2504091.components.129079849636241789", false);
Gefunden : user_pref("CT2504091.myStuffEnabled", true);
Gefunden : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6931 octets] - [08/09/2012 08:09:05]

########## EOF - C:\AdwCleaner[R1].txt - [6991 octets] ##########



und die [S1].txt:

# AdwCleaner v2.000 - Datei am 09/08/2012 um 08:15:23 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Thomas - THOMAS-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Thomas\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Desktopicon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Schlüssel Gelöscht : HKLM\Software\Conduit

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\djabxr65.default\prefs.js

C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\djabxr65.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2504091.CTID", "CT2504091");
Gelöscht : user_pref("CT2504091.CurrentServerDate", "23-6-2010");
Gelöscht : user_pref("CT2504091.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2504091.EMailNotifierPollDate", "Wed Jun 23 2010 07:41:56 GMT+0200");
Gelöscht : user_pref("CT2504091.FeedLastCount129079840422964131", 12);
Gelöscht : user_pref("CT2504091.FeedPollDate128891351169457132", "Tue Jun 08 2010 16:33:51 GMT+0200");
Gelöscht : user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Jun 08 2010 06:33:51 GMT+0200");
Gelöscht : user_pref("CT2504091.FeedTTL128891351169457132", 40);
Gelöscht : user_pref("CT2504091.FirstServerDate", "14-3-2010");
Gelöscht : user_pref("CT2504091.FirstTime", true);
Gelöscht : user_pref("CT2504091.FirstTimeFF3", true);
Gelöscht : user_pref("CT2504091.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2504091.Initialize", true);
Gelöscht : user_pref("CT2504091.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2504091.InstalledDate", "Sun Mar 14 2010 17:13:53 GMT+0100");
Gelöscht : user_pref("CT2504091.IsGrouping", false);
Gelöscht : user_pref("CT2504091.IsMulticommunity", false);
Gelöscht : user_pref("CT2504091.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2504091.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Jun 22 2010 10:20:08 GMT+0200");
Gelöscht : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2504091.LastLogin_2.5.6.0", "Wed Jun 23 2010 06:11:54 GMT+0200");
Gelöscht : user_pref("CT2504091.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2504091.Locale", "en-us");
Gelöscht : user_pref("CT2504091.LoginCache", 4);
Gelöscht : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2504091.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2504091.RadioShrinked", "shrinked");
Gelöscht : user_pref("CT2504091.SHRINK_TOOLBAR", 0);
Gelöscht : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Tue Jun 22 2010 20:13:18 GMT+0200");
Gelöscht : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2504091.SettingsLastCheckTime", "Wed Jun 23 2010 06:11:54 GMT+0200");
Gelöscht : user_pref("CT2504091.SettingsLastUpdate", "1275605221");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Mon Jun 14 2010 19:49:57 GMT+0200");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1275605221");
Gelöscht : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2504091.UserID", "UN92430845126139471");
Gelöscht : user_pref("CT2504091.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2504091.alertChannelId", "897164");
Gelöscht : user_pref("CT2504091.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2504091.components.129079840422182852", false);
Gelöscht : user_pref("CT2504091.components.129079840422339107", false);
Gelöscht : user_pref("CT2504091.components.129079840422651618", false);
Gelöscht : user_pref("CT2504091.components.129079840422964131", false);
Gelöscht : user_pref("CT2504091.components.129079849636241789", false);
Gelöscht : user_pref("CT2504091.myStuffEnabled", true);
Gelöscht : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [7060 octets] - [08/09/2012 08:09:05]
AdwCleaner[S1].txt - [7534 octets] - [08/09/2012 08:15:23]

########## EOF - C:\AdwCleaner[S1].txt - [7594 octets] ##########



weiter vielen Dank!!!

t'john 08.09.2012 14:08
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

tomba 10.09.2012 05:40
Der Rechner läuft wie ich find gut, d.h. wie immer.

Hier das Ergebnis des Emsisoft-Scans:

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 09.09.2012 17:53:13

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 09.09.2012 17:54:17

Value: hkey_current_user\software\mgshareware\freerip3 --> allowmultipleinstances gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> cddevice gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> converterusesfilenames gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> beepafterrip gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ejectafterrip gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> encodedbypreset gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> filenameformat gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_channels gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_level gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> defaulttargetformat gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbautochoose1 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autosearchfreedb gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbserver gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbtimeout gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freeripdbautosearch gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> language gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lastregreminderdate gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dx gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dy gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcx gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcy gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> forceaspi gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_channels gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbemail gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_vbrquality gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autochecknewversion gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writeid3 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dx gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dy gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> outputpath gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyport gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writecrcs gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyserver gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyuser gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> readcdtext gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_mode gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regname gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxypwd gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ripvolume gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runathigherpriority gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runscounter gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showfullfilename gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showsplash gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> slowspeedmode gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> uselocaldb gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> useproxy gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_channels gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_quality gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_bitspersample gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regreminderdays gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_writeinfotags gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_bitrate gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wndcloseafterrip gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writecdplayerini gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writelrcfile gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writeplaylist gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> barsize_32772 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> version gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar0 --> barid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar1 --> barid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#0 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#1 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#2 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> barid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bars gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> barid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> docking gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockbottompos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wmaenc_mode gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockrightpos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudocktoppos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatstyle gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_channels gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatypos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> xpos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> ypos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> bars gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screencx gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screency gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthconv --> n gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 0 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 1 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regcode gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 3 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 4 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> n gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockleftpos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 1 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 2 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 3 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatxpos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> n gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\freedbserverlist --> n gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 4 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 2 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 0 gefunden: Trace.Registry.freerip v3.0!E1

Gescannt 648076
Gefunden 97

Scan Ende: 09.09.2012 20:52:54
Scan Zeit: 2:58:37

Value: hkey_current_user\software\mgshareware\freerip3 --> allowmultipleinstances Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> cddevice Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> converterusesfilenames Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> beepafterrip Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ejectafterrip Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> encodedbypreset Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> filenameformat Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_channels Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_level Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> defaulttargetformat Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbautochoose1 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autosearchfreedb Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbserver Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbtimeout Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freeripdbautosearch Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> language Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lastregreminderdate Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dx Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dy Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcx Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcy Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> forceaspi Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_channels Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbemail Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_vbrquality Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autochecknewversion Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writeid3 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dx Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dy Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> outputpath Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyport Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writecrcs Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyserver Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyuser Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> readcdtext Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_mode Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regname Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxypwd Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ripvolume Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runathigherpriority Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runscounter Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showfullfilename Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showsplash Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> slowspeedmode Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> uselocaldb Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> useproxy Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_channels Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_quality Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_bitspersample Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regreminderdays Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_writeinfotags Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_bitrate Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wndcloseafterrip Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writecdplayerini Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writelrcfile Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writeplaylist Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> barsize_32772 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> version Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar0 --> barid Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar1 --> barid Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#0 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#1 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#2 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> barid Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bars Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> barid Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> docking Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockbottompos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockid Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wmaenc_mode Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockrightpos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudocktoppos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatstyle Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_channels Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatypos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> xpos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> ypos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> bars Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screencx Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screency Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthconv --> n Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 0 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 1 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regcode Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 3 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 4 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> n Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockleftpos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 1 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 2 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 3 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatxpos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> n Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\freedbserverlist --> n Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 4 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 2 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 0 Quarantäne Trace.Registry.freerip v3.0!E1

Quarantäne 97


MfG
tomba

t'john 10.09.2012 20:47
Sehr gut! :daumenhoc


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

tomba 11.09.2012 08:18
Jetz das Eset-Ergebnis:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fce21629add45f4691528282e8ceb703
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-11 07:10:24
# local_time=2012-09-11 09:10:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 473742 473742 0 0
# compatibility_mode=5892 16776574 100 100 484154 184877014 0 0
# compatibility_mode=8192 67108863 100 0 231 231 0 0
# scanned=97955
# found=0
# cleaned=0
# scan_time=3137


Und nu? :-)

MfG
tomba

t'john 12.09.2012 12:14
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

tomba 12.09.2012 13:54
Ergebnis nach der Aktuallisierung:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 15.0.1 ist aktuell

Flash (11,4,402,265) ist aktuell.

Java (1,7,0,7) ist aktuell.

Adobe Reader 10,1,4,38 ist aktuell.



Zurück



Ergebnis nach der anschließenden Deaktivierung:


PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 15.0.1 ist aktuell

Flash (11,4,402,265) ist aktuell.

Java ist Installiert aber nicht aktiviert.

Adobe Reader 10,1,4,38 ist aktuell.



Zurück


MfG tomba

t'john 15.09.2012 10:57
Sehr gut! :daumenhoc

damit bist Du sauber und entlassen! :)

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?

tomba 18.09.2012 06:56
Super, vielen vielen Dank an Dich t'john im Speziellen und an das Trojaner-Board im Allgemeinen! Ich denke, da ist wohl 'ne kleine Spende fällig.

MfG
tomba

P.S. eine letzte Frage: heisst sauber auch wieder sicher? Für Einkaufen im Netz...

t'john 19.09.2012 16:58
Zitat:
P.S. eine letzte Frage: heisst sauber auch wieder sicher? Für Einkaufen im Netz...
ja, sicher auch zum einkaufen / homebanking

wir wuenschen eine virenfreie Zeit :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131